Automating your Workflow

While the Cybereason API has a number of useful purposes, including assisting you in common Cybereason tasks, the API is most powerful when used in an automated way.

Because the API endpoints in most cases are also tasks you can perform from the Cybereason UI, performing repeated manual API requests on an individual basis will consume as much of your time as using the respective area of the UI. Note there may be times where manual use of the API can be justified. such as finding suspicions associated with a specific Element, which requires multiple clicks and searching in the Investigation screen. However, by automating API tasks you can streamline your work and make better use of your time.

For example, you can use the API in a number of ways through automation:

  • When running an investigation query, you automatically pull certain pieces of data from the response and either save these to a file or send them to another platform (such as SIEM or SOAR).

  • When analyzing Malops, you automatically isolate any machines involved in the Malops until you can perform a full investigation.

  • When you upgrade sensors, you automatically update certain settings.

  • When you analyze a Malop, if you close the Malop with a certain status, you update reputation information for all files associated with the Malop.

These scenarios are among the many cases in which you could use automation and the Cybereason API.

You can use the Cybereason API using any automation framework or programming language. While the scripts presented throughout our API documentation use Python, nearly all programming languages contain the ability to send and receive requests with a REST API. As long as you understand what information the request body requires and what information the response returns, you can use the different programming languages to send and receive data with the Cybereason API.

Likewise, nearly all automation frameworks can run a script you prepare using the API. For example, if you create a script to retrieve Malop related information, extract some relevant fields, and print these to a separate file, your automation scripts and/or frameworks can run this script automatically on a scheduled basis.