- 02 Jan 2025
- 1 Minute to read
- Print
- DarkLight
- PDF
Cybereason Deep Detect & Respond
- Updated on 02 Jan 2025
- 1 Minute to read
- Print
- DarkLight
- PDF
Cybereason Deep Detect & Respond (EDR) defends against advanced attacks by collecting and analyzing behavioral data to identify suspicious activities.
Related Enforcement Actions
- Cybereason Deep Detect & Respond - Add Tag to Assets
- Cybereason Deep Detect & Respond - Isolate/Unisolate Assets
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
- Users
Parameters
Cybereason Domain (required) - The hostname of the Cybereason server.
User Name and Password (required) - The user name and password for an account that has read access to the API.
Verify SSL - Select to verify the SSL certificate offered by the value supplied in Cybereason Domain. For more details, see SSL Trust & CA Settings.
HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in Cybereason Domain.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced Settings
Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters.
Custom tags Include list (optional) - Specify a comma-separated list of Cybereason tags.
- If supplied, all connections for this adapter will only fetch devices tagged with any of the comma-separated list of Cybereason tags you have specified.
- If not supplied, all connections for this adapter will fetch any device.
Fetch processes - Select this option to fetch processes.
Avoid hostname duplications - When selected, if two or more devices have the same hostname, only the device with the latest last_seen value is fetched.
Ignore stale agents - Select to ignore agents with a 'Stale' status.
Use CSV API (default: false) - By default the system uses the Sensor Query API. Select this option to use the CSV API to fetch devices.
Fetch devices with location tag (optional) - Enter a list of location tags to make the adapter fetch only devices with the matching tag(s).
Note:Only change the default setting after guidance from Axonius Support.
For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.
Required Permissions
The value supplied in User Name must have the following permissions in order to fetch assets:
- system admin
- sensor admin L1