Cybereason website screenshot

Cybereason

Cybereason is an enterprise cybersecurity company (now part of LevelBlue) that provides a defense platform spanning Extended Detection and Response (XDR), Endpoint Detection and Response (EDR), Next-Generation Antivirus (NGAV), Managed Detection and Response (MDR), mobile threat defense, and digital forensics and incident response. Its signature MalOp (Malicious Operation) engine correlates alerts across endpoints and identities into a single operation-centric attack story. Cybereason exposes a gated regional REST API (api..cybereason.net) for partner and customer integrations with SIEMs, SOARs, and security tooling.

1 APIs 10 Features
CybersecurityXDREDRNGAVMDREndpoint SecurityThreat Detection

APIs

Cybereason REST API

The Cybereason REST API is a gated, region-scoped API hosted at api..cybereason.net that allows customers and integration partners to query MalOps, retrieve sensor inven...

Collections

Pricing Plans

Cybereason Plans Pricing

1 plans

PLANS

Rate Limits

Cybereason Rate Limits

2 limits

RATE LIMITS

FinOps

Features

MalOp Engine

Operation-centric detection that consolidates alerts and telemetry into a single contextualized attack story

XDR

Extended Detection and Response correlating endpoint, identity, network, and cloud signals

EDR

AI-powered Endpoint Detection and Response with deep behavioral analytics

NGAV

Multi-layered Next-Generation Antivirus prevention including anti-ransomware

MDR

24x7 Managed Detection and Response across MDR Essentials, Essentials + XR, and MDR Complete tiers

Mobile Threat Defense

Threat detection and response for iOS and Android endpoints

Vulnerability Management

Proactive risk reduction across the endpoint estate

Threat Hunting

Proactive hunting across historical and live endpoint telemetry

Digital Forensics and Incident Response

DFIR services and 24x7 incident response on-call retainers

Threat Intelligence

Threat intelligence and research from the Cybereason Nocturnus team

Use Cases

SOC Operations

Surface and triage MalOps directly inside the SOC with full attack-story context

SIEM Enrichment

Stream detections and MalOps into Splunk, Sentinel, Chronicle, and other SIEMs via REST API

Managed Detection and Response

Outsource 24x7 detection and response to the Cybereason MDR team

Incident Response

Engage Cybereason DFIR services for breach investigation, containment, and recovery

Compromise Assessment

Run targeted compromise assessments and cyber posture assessments across the environment

Integrations

SIEM

REST API and event forwarding integrations with Splunk, Microsoft Sentinel, Google Chronicle, and others

SOAR

Bidirectional integrations with SOAR platforms for automated containment and response actions

Identity Providers

Identity-based detections across major IdPs as part of the XDR coverage

Mobile Device Management

Mobile Threat Defense integrations with leading UEM/MDM platforms

Resources

🔗
LinkedIn
LinkedIn
🔗
Website
Website
🌐
Cybereason Nest (Customer Portal)
Portal
🔗
Documentation
Documentation
📰
Blog
Blog
💬
Support
Support
🔗
ContactSales
ContactSales
🔗
Careers
Careers
📜
PrivacyPolicy
PrivacyPolicy
📜
TermsOfService
TermsOfService

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: Cybereason API
  version: 23.x
request:
  auth:
    type: apikey
    key: JSESSIONID
    value: '{{JSESSIONID}}'
    placement: query
items:
- info:
    name: Authentication
    type: folder
  items:
  - info:
      name: Log in and obtain a JSESSIONID cookie
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/login.html
      body:
        type: form-urlencoded
        data:
        - name: username
          value: ''
        - name: password
          value: ''
    docs: Log in and obtain a JSESSIONID cookie
  - info:
      name: Log out the current session
      type: http
    http:
      method: GET
      url: https://{tenant}.cybereason.net/logout
    docs: Log out the current session
- info:
    name: Malops
    type: folder
  items:
  - info:
      name: Query the Malop inbox
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/rest/detection/inbox
      body:
        type: json
        data: '{}'
    docs: Query the Malop inbox
  - info:
      name: Query unified Malops
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/rest/crimes/unified
      body:
        type: json
        data: '{}'
    docs: Query unified Malops
- info:
    name: VisualSearch
    type: folder
  items:
  - info:
      name: Hunt with a Visual Search query
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/rest/visualsearch/query/simple
      body:
        type: json
        data: '{}'
    docs: Hunt with a Visual Search query
- info:
    name: Sensors
    type: folder
  items:
  - info:
      name: Query sensors
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/rest/sensors/query
      body:
        type: json
        data: '{}'
    docs: Query sensors
  - info:
      name: Archive sensors
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/rest/sensors/action/archive
      body:
        type: json
        data: '{}'
    docs: Archive sensors
  - info:
      name: Unarchive sensors
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/rest/sensors/action/unarchive
      body:
        type: json
        data: '{}'
    docs: Unarchive sensors
  - info:
      name: Delete sensors
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/rest/sensors/action/delete
      body:
        type: json
        data: '{}'
    docs: Delete sensors
  - info:
      name: Isolate machines from the network
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/rest/monitor/global/commands/isolate
      body:
        type: json
        data: '{}'
    docs: Isolate machines from the network
  - info:
      name: Un-isolate machines
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/rest/monitor/global/commands/un-isolate
      body:
        type: json
        data: '{}'
    docs: Un-isolate machines
- info:
    name: Remediation
    type: folder
  items:
  - info:
      name: Trigger remediation actions on a Malop
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/rest/remediate
      body:
        type: json
        data: '{}'
    docs: Trigger remediation actions on a Malop
  - info:
      name: Get remediation status for a Malop
      type: http
    http:
      method: GET
      url: https://{tenant}.cybereason.net/rest/remediate/status/:malopId
      params:
      - name: malopId
        value: ''
        type: path
    docs: Get remediation status for a Malop
  - info:
      name: Abort remediation
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/rest/remediate/abort
      body:
        type: json
        data: '{}'
    docs: Abort remediation
- info:
    name: Reputation
    type: folder
  items:
  - info:
      name: List reputation entries
      type: http
    http:
      method: GET
      url: https://{tenant}.cybereason.net/rest/classification
    docs: List reputation entries
  - info:
      name: Add or update reputation entries
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/rest/classification
      body:
        type: json
        data: '{}'
    docs: Add or update reputation entries
- info:
    name: ThreatIntel
    type: folder
  items:
  - info:
      name: Lookup file reputation
      type: http
    http:
      method: GET
      url: https://{tenant}.cybereason.net/rest/classification_v1/file
      params:
      - name: hash
        value: ''
        type: query
    docs: Lookup file reputation
  - info:
      name: Lookup domain reputation
      type: http
    http:
      method: GET
      url: https://{tenant}.cybereason.net/rest/classification_v1/domain
      params:
      - name: domain
        value: ''
        type: query
    docs: Lookup domain reputation
  - info:
      name: Lookup IP reputation
      type: http
    http:
      method: GET
      url: https://{tenant}.cybereason.net/rest/classification_v1/ip
      params:
      - name: ip
        value: ''
        type: query
    docs: Lookup IP reputation
- info:
    name: IsolationRules
    type: folder
  items:
  - info:
      name: List isolation rules
      type: http
    http:
      method: GET
      url: https://{tenant}.cybereason.net/rest/settings/isolation-rule
    docs: List isolation rules
  - info:
      name: Create isolation rule
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/rest/settings/isolation-rule
      body:
        type: json
        data: '{}'
    docs: Create isolation rule
  - info:
      name: Update isolation rule
      type: http
    http:
      method: PUT
      url: https://{tenant}.cybereason.net/rest/settings/isolation-rule
      body:
        type: json
        data: '{}'
    docs: Update isolation rule
  - info:
      name: Delete isolation rule
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/rest/settings/isolation-rule/delete
      body:
        type: json
        data: '{}'
    docs: Delete isolation rule
- info:
    name: CustomDetectionRules
    type: folder
  items:
  - info:
      name: List active custom detection rules
      type: http
    http:
      method: GET
      url: https://{tenant}.cybereason.net/rest/customRules/decisionFeature/live
    docs: List active custom detection rules
  - info:
      name: Create a custom detection rule
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/rest/customRules/decisionFeature/create
      body:
        type: json
        data: '{}'
    docs: Create a custom detection rule
  - info:
      name: Update a custom detection rule
      type: http
    http:
      method: POST
      url: https://{tenant}.cybereason.net/rest/customRules/decisionFeature/update
      body:
        type: json
        data: '{}'
    docs: Update a custom detection rule
bundled: true