Cybereason Deep Detect & Respond
  • 20 Sep 2024
  • 1 Minute to read
  • Dark
    Light
  • PDF

Cybereason Deep Detect & Respond

  • Dark
    Light
  • PDF

Article summary

Cybereason Deep Detect & Respond (EDR) defends against advanced attacks by collecting and analyzing behavioral data to identify suspicious activities.

This adapter fetches the following types of assets:

  • Devices

Parameters

  1. Cybereason Domain (required) - The hostname of the Cybereason server.

  2. User Name and Password (required) - The user name and password for an account that has read access to the API.

  3. Verify SSL - Select to verify the SSL certificate offered by the value supplied in Cybereason Domain. For more details, see SSL Trust & CA Settings.

  4. HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in Cybereason Domain.

  5. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

image.png

Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Custom tags Include list (optional) - Specify a comma-separated list of Cybereason tags.

    • If supplied, all connections for this adapter will only fetch devices tagged with any of the comma-separated list of Cybereason tags you have specified.
    • If not supplied, all connections for this adapter will fetch any device.
  2. Avoid hostname duplications - When selected, if two or more devices have the same hostname, only the device with the latest last_seen value is fetched.

  3. Ignore stale agents - Select to ignore agents with a 'Stale' status.

  4. Use CSV API (default: false) - By default the system uses the Sensor Query API. Select this option to use the CSV API to fetch devices.

  5. Fetch devices with location tag (optional) - Enter a list of location tags to make the adapter fetch only devices with the matching tag(s).

    Note:

    Only change the default setting after guidance from Axonius Support.

Note:

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.


Was this article helpful?

What's Next