Cybereason API Guide

Welcome to the Cybereason API guide! This guide aims to help you use the API of the Cybereason platform.

Note

Some links in this documentation require access to the The Nest. Access is available for Cybereason customers and partners.

In this topic:

What is Cybereason?
Why use the Cybereason API?
Version support
- Additional resources

What is Cybereason?

The Cybereason platform provides military-grade cyber security with real-time awareness and detection. Unlike other cyber security solutions, Cybereason takes isolated suspicious activities and links them together to present a story of an attack, providing a truly end-to-end view of malicious activities.

For full details on how to use the Cybereason platform, see the Cybereason documentation.

Why use the Cybereason API?

The Cybereason API enables you to perform many Cybereason tasks without interaction with the UI. Using the Cybereason API, you can do the following:

API	Use
Hunt and Investigate	Run hunting queries that investigate items in your organization’s environment so that you can find and resolve threats.
Respond to Malops	Retrieve, manage, and update Malops in your environment.
Remediate Items	Remediate items or check on the progress of remediation operations.
Respond to Malware	Retrieve details on Malware found in your environment
Manage Reputations	Retrieve and update reputation information for items in your environment.
Get Threat Intel	Retrieve threat intelligence for files, IP addresses, and domains from Cybereason Threat Intelligence.
Manage Sensors	Manage sensors across servers without using the Cybereason user interface.
Set Machine Isolation Rules	Manage rules for isolating machines in your organization.
Add Custom Detection Rules	Create and manage custom detection rules for your organization.
Manage Incident Response and Forensic Data Ingestion Tools	Deploy and monitor third-party incident response tools from your Cybereason environment.
Manage Users	Add, update, and delete users for your Cybereason environment.

For details on how to use the API documentation, see Tips for Using the API Documentation.

Version support

All Cybereason APIs, API endpoints, and parameters are supported for all currently supported Cybereason versions unless otherwise noted on the relevant API reference page.

For a list of major changes to the documentation, see API Documentation Change Log.