Cybereason API Guide

Welcome to the Cybereason API guide! This guide aims to help you use the API of the Cybereason platform.

Note

Some links in this documentation require access to the The Nest. Access is available for Cybereason customers and partners.

What is Cybereason?

The Cybereason platform provides military-grade cyber security with real-time awareness and detection. Unlike other cyber security solutions, Cybereason takes isolated suspicious activities and links them together to present a story of an attack, providing a truly end-to-end view of malicious activities.

For full details on how to use the Cybereason platform, see the Cybereason documentation.

Why use the Cybereason API?

The Cybereason API enables you to perform many Cybereason tasks without interaction with the UI. Using the Cybereason API, you can do the following:

API

Use

Hunt and Investigate

Run hunting queries that investigate items in your organization’s environment so that you can find and resolve threats.

Respond to Malops

Retrieve, manage, and update Malops in your environment.

Remediate Items

Remediate items or check on the progress of remediation operations.

Respond to Malware

Retrieve details on Malware found in your environment

Manage Reputations

Retrieve and update reputation information for items in your environment.

Get Threat Intel

Retrieve threat intelligence for files, IP addresses, and domains from Cybereason Threat Intelligence.

Manage Sensors

Manage sensors across servers without using the Cybereason user interface.

Set Machine Isolation Rules

Manage rules for isolating machines in your organization.

Add Custom Detection Rules

Create and manage custom detection rules for your organization.

Manage Incident Response and Forensic Data Ingestion Tools

Deploy and monitor third-party incident response tools from your Cybereason environment.

Manage Users

Add, update, and delete users for your Cybereason environment.

For details on how to use the API documentation, see Tips for Using the API Documentation.

Version support

All Cybereason APIs, API endpoints, and parameters are supported for all currently supported Cybereason versions unless otherwise noted on the relevant API reference page.

For a list of major changes to the documentation, see API Documentation Change Log.

For details on how to use the API documentation, see Tips for Using the API Documentation.