With the Cybereason integration, customers have the ability to query both types of malops, isolate suspicious activities, and manage malops. Customers will be able to bring in details about each type of malop to perform further investigation.
The following actions are available:
- Add Indicator Reputation – Add a custom reputation based on a file hash value (MD5 or SHA1), IP Address, or domain name.
- Create Malop Comment – Add a comment to a Malop.
- Get Auto Hunt Malop – Retrieve details for an Auto Hunt Malop.
- Get Endpoint Malop – Retrieve details for an Endpoint Protection Malop.
- List Malops – Retrieve all Malops of every type from a specified time window.
- Isolate Machine – Isolate a machine or machines involved in a specific Malop.
- Remove Indicator Reputation – Remove a custom reputation based on a file hash value (MD5 or SHA1), IP Address, or domain name.
- Unisolate Machine – Remove from isolation a machine or machines associated with a Malop.
- Update Malop Status – Update a Malop’s status.
This app can be found in the ThreatConnect App Catalog under the name: Cybereason