Cybereason Deep Detect & Respond

Cybereason Deep Detect & Respond (EDR) defends against advanced attacks by collecting and analyzing behavioral data to identify suspicious activities.

This adapter fetches the following types of assets:

• Devices

Parameters

1. Cybereason Domain (required) - The hostname of the Cybereason server.

2. User Name and Password (required) - The user name and password for an account that has read access to the API.

3. Verify SSL - Select to verify the SSL certificate offered by the value supplied in Cybereason Domain. For more details, see SSL Trust & CA Settings.

4. HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in Cybereason Domain.

5. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.
   
   

Advanced Settings

1. Custom tags Include list (optional) - Specify a comma-separated list of Cybereason tags.

   • If supplied, all connections for this adapter will only fetch devices tagged with any of the comma-separated list of Cybereason tags you have specified.
   • If not supplied, all connections for this adapter will fetch any device.

2. Avoid hostname duplications - When selected, if two or more devices have the same hostname, only the device with the latest last_seen value is fetched.

3. Ignore stale agents - Select to ignore agents with a 'Stale' status.

4. Use CSV API (default: false) - By default the system uses the Sensor Query API. Select this option to use the CSV API to fetch devices.

   Note:

   Only change the default setting after guidance from Axonius Support.