- Supported Cloud Connectors
- Armis Cloud Connector
- AWS Cloud Connector
- AWS Multi-Tenant Cloud Connector
- Azure Cloud Connector
- Azure Cloud Connector Overview
- Azure Audit Source and Event Support
- Prerequisites to Configure the Azure Cloud Connector
- Configure the Azure Cloud Connector
- Collect EventHub Information for Azure EventHub Endpoints
- Collect all Microsoft Defender ATP Events
- Configure Azure to Monitor Security Center Events in Azure VMs
- Bitglass Cloud Connector
- Box Cloud Connector
- Centrify Cloud Connector
- Cisco AMP for Endpoints Cloud Connector
- Cisco Meraki Cloud Connector
- Cisco Umbrella Cloud Connector
- Citrix ShareFile Cloud Connector
- Cloudflare Cloud Connector
- Code42 Incydr Cloud Connector
- CrowdStrike Falcon Cloud Connector
- Cybereason Cloud Connector
- CylanceProtect Cloud Connector
- Dropbox Business Cloud Connector
- Duo Security Cloud Connector
- Egnyte Cloud Connector
- Fidelis Cloud Connector
- GitHub Cloud Connector
- Google Cloud Platform (GCP) Cloud Connector
- Google Cloud Pub/Sub Cloud Connector
- Google Workspace (Formerly G Suite) Cloud Connector
- LastPass Enterprise Cloud Connector
- Mimecast Email Security Cloud Connector
- Netskope Cloud Connector
- Office 365 Cloud Connector
- Okta Cloud Connector
- OneLogin Cloud Connector
- Palo Alto Networks SaaS Security Cloud Connector
- Ping Identity Cloud Connector
- Proofpoint Cloud Connector
- Rapid7 InsightVM Cloud Connector
- Salesforce Cloud Connector
- SentinelOne Cloud Connector
- ServiceNow Cloud Connector
- Slack App Cloud Connector
- Slack Classic App Cloud Connector (Formerly known as Slack Enterprise Grid Cloud Connector)
- Snowflake Cloud Connector
- Sophos Central Cloud Connector
- Symantec CloudSOC Cloud Connector
- Symantec Endpoint Protection (SEP) Mobile Cloud Connector
- Symantec Email Security.cloud Cloud Connector
- Symantec WSS Cloud Connector
- Tenable.io Cloud Connector
- VMware Carbon Black Cloud Endpoint Standard Cloud Connector
- Workday Cloud Connector
- Zoom Cloud Connector
- Custom Cloud Connector
- Webhook Cloud Connector
Cybereason Cloud Connector
Cybereason is an endpoint protection solution that offers antivirus, managed monitoring and IR services, and an endpoint detection and response platform to identify real-time cyber-attacks. Cybereason detects Malops. A Malop is a malicious operation, including the complete set of events taking place in a hacking operation. Cybereason’s Malop hunting engine analyses data received from Cybereason endpoint sensors in your environment. The Cybereason Incident and Response Console helps analysts to quickly investigate the Malop. For more information about Cybereason, see their website.
Prerequisites to Configure the Cybereason Connector
Before you configure the Cybereason connector you must obtain the following Cybereason account information:
User name – The email address of the Cybereason integration user.
Note
The integration user must have one of these roles: L1 Analyst, L2 Analyst, L3 Analyst, Executive, or API user. These roles have the required permissions to collect data and retrieve Malops, malicious operations. For more information about permissions, see the Cybereason documentation.
Create a user with required permissions, for Exabeam or use the user name and password of the existing Cybereason user. For more information see the Cybereason documentation.
Password – The password of the Cybereason integration user.
Host – The IP address or hostname of the Cybereason deployment server. For example, 10.20.30 or https://ourcybereason.mycompany.com.
Port – The port of the Cybereason deployment server.
Note
Contact the Cybereason support team if you do not know the host and port information.
Configure the Cybereason Connector
Cybereason is an endpoint protection solution that offers antivirus, managed monitoring and IR services, and an endpoint detection and response platform to identify real-time cyber-attacks. Cybereason detects Malops. A Malop is a malicious operation, including the complete set of events taking place in a hacking operation. Cybereason’s Malop hunting engine analyses data received from Cybereason endpoint sensors in your environment. The Cybereason Incident and Response Console helps analysts to quickly investigate the Malop. For more information about Cybereason, see their website.
The following table displays audit source API and security events supported by the connector.
Audit Source: API | Service or Module Covered | Event Types | Event Included |
|---|---|---|---|
Malops | Get all the Malops that are currently active |
To configure the Cybereason connector to import data into the Exabeam Cloud Connector platform:
Complete the Prerequisites to Configure the Cybereason Connector.
Log in to the Exabeam Cloud Connectors platform with your registered credentials.
Navigate to Settings > Accounts > Add Account.
Click Select Service to Add, then select Cybereason from the list.
In the Accounts section, enter the required information.
Tenant – Select a tenant to attach to the connector if you are using a multi-tenant edition of Exabeam. Otherwise, select default.
Account Name – Specify a name for the Cybereason connector. For example, Cybereason_EndPoint_Protection.
(Optional) Description – Describe the Cybereason connector. For example, Cybereason-Endpoint Detection and Response Platform.
Host – Enter the value for host that you obtained while completing the prerequisites. For example, https://ourcybereason.mycompany.com.
Port – Enter the value for port that you obtained while completing the prerequisites. For example, 443.
Is SSL Signed? – Select Yes if a signed SSL certificate is issued and deployed to the Cybereason deployment server ; otherwise select No.
Note
To determine whether the SSL certificate is signed, access the hostname through a browser and check the lock symbol that appears before the URL. The red or open lock symbol indicates that SSL certificate is self-signed. If you see the red lock symbol, select No; if you see the green lock symbol, select Yes.
Username – Enter the user name of Cybereason user that has the required permissions.
Password – Enter the password for the Cybereason user, which you obtained while completing the prerequisites.
To confirm that the Exabeam Cloud Connector platform communicates with the service, click Test Connection.
Click Done to save your changes. The cloud connector is now set up on the Exabeam Cloud Connector platform.
To ensure that the connector is ready to send and collect data, Start the connector and check that the status shows
OK.