Add Cybereason Connector to SkyFormation Platform

If you're having trouble at any stage please contact us at support@skyformation.com. 

Preface

The goal of this guide is to add a new SkyFormation for Cybereason connector to your SkyFormation Platform.

Prerequisites

To add the Cybereason connector to your SkyFormation app, you will need to have the following Cybereason account's information at hand:

• Username - An email of the integration user to use. e.g. sk4integration@mycompany.com
• Password - Password for the integration user
• Host - IP or Full hostname of the Cybereason deployment server. e.g. 10.20.30.1 OR https://ourcybereason.mycompany.com
• Port - Port of Cybereason deployment server. default is 443. Could be anything else, e.g. 8443
• Is SSL signed? - YES if a signed SSL certificate was issued and deployed to the server where Cybereason deployment server.; NO otherwise. You can find that out by navigating via aa browser to the Host:Port via the browser. if the Certificate is self signed the URL’s lock sign will be red/broken.

Required permissions

The integration user provided should have either one of the roles: L1 Analyst, L2 Analyst, L3 Analyst, Executive, API User This permission is required as the connector requests to Retrieve Malops , as per Cybereason’s permissions documentation one of these roles is required.

Steps to onboard the connector to SkyFormation app

1. Logon to your SkyFormation Platform:

2. Navigate via left navigation panel to "Settings" section

3. Navigate via New Settings left navigation panel to "Accounts" section

4. Click the "Add Account" button

5. At the "SELECT SERVICE TO ADD" choose "Cybereason".

6. Fill in the information as obtained in the prerequisites: Username, Password, Host, Port, Is SSL Signed?

At this point you can click on "TEST CONNECTION" to make sure the connection is set up successfully, or just click on "DONE".

Start the connector and make sure that the status becomes "OK" after a few seconds.

DONE!