Manage Incident Response and Forensic Data Ingestion Tools
Note
To use the incident response tool or data ingestion tool features, you can add the DFIR package to your instance of the Cybereason platform for an additional cost or request an Express IR environment (partners only). Contact your Customer Success representative to request access to this package or for details on how to submit the request, see How to Request a Cybereason Express IR Environment.
By using the API you can deploy third party incident response tools or forensic data ingestion tool directly from your Cybereason platform. This can help you quickly deploy the necessary tools to respond to an active breach in your organization.
Note
Incident response tool management or forensic data ingestion tool features in the Cybereason platform are currently available only for Cybereason partners.
Tasks
All APIs assume a URL prefix of https://<your server>/rest.
Note
Click on any URI path to view more detailed information on a specific API request.
Task |
Endpoint |
Method |
Returns |
---|---|---|---|
Upload a tool package to your environment and deploy to machines |
POST |
Message on upload success. |
|
Check the status of a incident response tool deployment |
POST |
Details about tool deployment |
|
Check uploaded packages |
GET |
List of packages uploaded to your environment |
|
Run an incident response tool on a machine |
POST |
Details about tool execution operation |
|
Monitor the execution of an incident response tool on a machine |
GET |
Details about tool execution operation |
|
Retrieve and upload results from an incident response result execution |
POST |
Result details |
|
Delete an incident response tool |
POST |
Message with success or failure result |
|
Get credentials for a GCP bucket with your results |
GET |
Credential details for a GCP bucket. |
|
Get a list of supported forensics tools |
GET |
List of supported tool packages |
|
Deploy a forensic tool package |
POST |
Message on deploy operation |
|
Monitor deployment of forensic tools |
POST |
Details on deployment operation |
|
Run a forensic tool |
POST |
Details on execution operation |
|
Run a forensic tool on specific sensors from a CSV list |
POST |
Details on execution operation |
|
Monitor execution of a forensic tool |
POST |
Details on execution operation |
|
Delete a forensic tool |
POST |
Details on delete operation |