Cybereason

Details
Content
Dependencies
Version History

Endpoint detection and response to manage and query malops, connections and processes.

Note: Support for this Pack moved to the partner on November, 3, 2022.

Please contact the partner directly via the support link on the right.

Playbooks

Name	Description
Unisolate Endpoint - Cybereason	This playbook unisolates a machine based on the hostname provided.
Cybereason - Download Close File	This playbook aborts a file download operation which is in progress based on the Malop ID and username provided.
Isolate Endpoint - Cybereason	This playbook isolates a machine based on the hostname provided.
Search Endpoints By Hash - Cybereason	Hunt for endpoint activity involving hash, using Cybereason.
Block File - Cybereason	This playbook accepts an MD5 hash and blocks the file using the Cybereason integration.
Cybereason - Download File	This playbook downloads a file from Cybereason platform, based on the Malop ID and username provided.

Integrations

Name	Description
Cybereason (Partner Contribution)	Endpoint detection and response to manage and query malops, connections and processes.

Automations

Name	Description
CybereasonPreProcessingExample	Preprocessing script to run when fetching Cybereason malops. Will check if malop was already fetched, and will then update the existing incident, otherwise will create a new incident.

Playbooks

Name	Description
Unisolate Endpoint - Cybereason	This playbook unisolates a machine based on the hostname provided.
Cybereason - Download Close File	This playbook aborts a file download operation which is in progress based on the Malop ID and username provided.
Isolate Endpoint - Cybereason	This playbook isolates a machine based on the hostname provided.
Search Endpoints By Hash - Cybereason	Hunt for endpoint activity involving hash, using Cybereason.
Block File - Cybereason	This playbook accepts an MD5 hash and blocks the file using the Cybereason integration.
Cybereason - Download File	This playbook downloads a file from Cybereason platform, based on the Malop ID and username provided.

Integrations

Name	Description
Cybereason (Partner Contribution)	Endpoint detection and response to manage and query malops, connections and processes.

Automations

Name	Description
CybereasonPreProcessingExample	Preprocessing script to run when fetching Cybereason malops. Will check if malop was already fetched, and will then update the existing incident, otherwise will create a new incident.

Required Content Packs (2)

Pack Name	Pack By
Common Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (3)

Pack Name	Pack By
MITRE ATT&CK	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

2.1.8 - 5390938 (May 29, 2023)

Integrations

Cybereason

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 27028

Download

2.1.7 - 5265019 (May 14, 2023)

Playbooks

Unisolate Endpoint - Cybereason

Fixed a minor bug in the Unisolate Endpoint - Cybereason where the input.hostname is defined returns true when the actual hostname field is empty.

Related pull requests:
- 26048

Download

2.1.6 - 5185403 (May 4, 2023)

Integrations

Cybereason

Updated the Docker image to: demisto/python3:3.10.11.56857.

Related pull requests:
- 26294

Download

2.1.5 - R5170573 (May 2, 2023)

Integrations

Cybereason

Updated the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 25962

Download

2.1.4 - 4923679 (March 29, 2023)

Integrations

Cybereason

Updated the Docker image to: demisto/python3:3.10.10.50695.

Related pull requests:
- 25583

Download

2.1.3 - 4818573 (March 15, 2023)

Scripts

CybereasonPreProcessingExample

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 25256

Download

2.1.2 - R4718798 (March 1, 2023)

Integrations

Cybereason

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24921

Download

2.1.1 - R4646022 (February 19, 2023)

Integrations

Cybereason

Updated the Docker image to: demisto/python3:3.10.10.47713.

Related pull requests:
- 24569

Download

2.1.0 - 4384217 (January 13, 2023)

Integrations

Cybereason

Added support for polling for Cybereason EPP Malops.
Updated the Docker image to: demisto/python3:3.10.9.42476.

Scripts

CybereasonPreProcessingExample

Updated the Docker image to: demisto/python3:3.10.9.42476.

Related pull requests:
- 23666
- 23476

Download

2.0.0 - 4001473 (November 9, 2022)

Integrations

Cybereason

Updated the Docker image to: demisto/python3:3.10.8.37233.
Added 19 commands:
- cybereason-archive-sensor
- cybereason-unarchive-sensor
- cybereason-delete-sensor
- cybereason-start-fetchfile
- cybereason-fetchfile-progress
- cybereason-download-file
- cybereason-close-file-batch-id
- cybereason-available-remediation-actions
- cybereason-kill-process
- cybereason-quarantine-file
- cybereason-unquarantine-file
- cybereason-block-file
- cybereason-delete-registry-key
- cybereason-kill-prevent-unsuspend
- cybereason-unsuspend-process
- cybereason-malware-query
- cybereason-start-host-scan
- cybereason-fetch-scan-status
- cybereason-get-sensor-id

Playbooks

New: Cybereason - Download Close File

This playbook aborts a file download operation which is in progress based on the Malop ID and username provided. (Available from Cortex XSOAR 6.5.0).

New: Cybereason - Download File

This playbook downloads a file from Cybereason platform, based on the Malop ID and username provided. (Available from Cortex XSOAR 6.5.0).

Isolate Endpoint - Cybereason

This playbook isolates a machine based on the hostname provided. (Available from Cortex XSOAR 5.0.0).

Unisolate Endpoint - Cybereason

This playbook unisolates a machine based on the hostname provided. (Available from Cortex XSOAR 5.0.0).

Block File - Cybereason

This playbook accepts an MD5 hash and blocks the file using the Cybereason integration. (Available from Cortex XSOAR 5.0.0).

Search Endpoints By Hash - Cybereason

Hunt for endpoint activity involving hash, using Cybereason. (Available from Cortex XSOAR 5.0.0).

Scripts

New: CybereasonPreProcessingExample

Preprocessing script to run when fetching Cybereason malops.
Will check if malop was already fetched, and will then update the existing incident, otherwise will create a new incident.

Related pull requests:
- 22100
- 19493

Download

1.0.23 - 3838724 (October 13, 2022)

Integrations

Cybereason

Fixed an issue where fetch-incidents failed to run.
Updated the Docker image to: demisto/python3:3.10.7.35188.

Related pull requests:
- 21677

Download

1.0.22 - 3649843 (September 13, 2022)

Integrations

Cybereason

Updated the Docker image to: demisto/python3:3.10.7.33922.

Scripts

CybereasonPreProcessingExample

Updated the Docker image to: demisto/python3:3.10.6.33415.

Related pull requests:
- 21064

Download

PUBLISHER

Cybereason

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	June 30, 2020
Last Release	May 29, 2023

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.