Common Use Cases
The Cybereason API can help you run your security operations, from threat analysis and investigation, to Server and Sensor maintenance. Use the API to help you with common tasks, including:
Task |
Examples |
Relevant Links |
---|---|---|
Run investigative queries |
Run investigation queries on machines in your environment, including:
|
|
Manage Sensors |
Perform management tasks for Sensors, including:
|
|
Investigate Malops |
Retrieve details on Malops for analysis and use in your SIEM or SOAR, including:
|
|
Remediate items |
Remediate items, including:
|
For more details, see rest/remediate. |
Create custom detection rules |
Create and update custom detection rules, including:
|
|
Update item reputations |
Manage file, IP address, or domain reputations, including:
|
|
Get threat intel |
View threat intelligence details for files, IP addresses, and domains. |
|
Create isolation rules to manage machine isolation |
Create isolation rules that are triggered automatically, including:
|
For more details on the specific API to use to accomplish these tasks, see the links in the table above.
For more detailed examples on some of these use-cases, see Sample API Scenarios.