If you're having trouble at any stage please contact us at firstname.lastname@example.org.
For more information about Cybereason, please visit:
The main challenges and needs are to:
- Get all Malops from Cybereason service into your SIEM/Log management system.
What is it
SkyFormation for Cybereason Connector is part of the SkyFormation Collect (c) module. It continuously retrieves events and alerts from the different sources/APIs in the Cybereason service and sends the events in a unified format to any existing SIEM/Log management system.
How it works
SkyFormation for Cybereason Connector retrieves the events from the Cybereason service through its APIs. Before sending the events to the existing SIEM/SOC system the connector will
- Unify the events into the SkyFormation unified application events format
- Embed the origin event into the SkyFormation event as a blob
- Parse the origin event into a set of dedicated key-value fields
- Enrich the event with detection context (e.g. AD identity information)
- Encode the resulted event into the target SIEM/SOC system standard format (e.g. CEF)
- Send the event to the existing SIEM/SOC system over syslog
Connector's API/Audit Sources & Events Supported
|Audit Source (API)||Service/Module Covered||Event Included|
|Malops||Get all Malops currently active|