All Collections
Tines How To
How To Article
Authentication Guides
Cybereason Authentication Guide
Cybereason Authentication Guide

How to authenticate Cybereason for use with Tines

Daniel Stoeski avatar
Written by Daniel Stoeski
Updated over a week ago

Cybereason offers an endpoint protection platform. It delivers antivirus software, endpoint detection and response with one agent, and a suite of managed services.

First, create a Cybereason resource in Tines

  1. Login to your Tines tenant

  2. Navigate to the team that will be using the API and click "Resource"

  3. Click "+ New Resource"

  4. Input the values for the Cybereason resource

    1. Name: cybereason_username

    2. Description: Optional

    3. Builder: Your Cybereason username

  5. Optional

    1. Access: What other teams can also use the resource

  6. Click "Save resource"

Lastly, create Cybereason credentials in Tines

You will need to create two credentials:

  • One Text type: "cybereason_password"

  • One HTTP request type: "cybereason_cookie"

Text type

  1. Navigate to the team that will be using the API and click "Credential"

  2. Click "+ New Credential" and select "Text"

  3. Input the values for the Cybereason credential

    1. Name: cybereason_password

    2. Description: Optional

    3. Value: Your Cybereason password

  4. Optional

    1. Domains: Ensure this credential can only be used when making HTTP requests to specific domains

    2. Access: What other teams can also use the API

  5. Click "Save"

HTTP request type

  1. Click "+ New Credential" and select "HTTP Request"

  2. Input the values for the Cybereason credential

    1. Name: cybereason_ccokie

    2. Description: Optional

    3. URL: https://integration.cybereason.net:8443/login.html

    4. Content-Type: "Custom": "application/x-www-form-urlencoded"

    5. Method: post

    6. Payload: Copy the below object and paste into the "Plain code" section:

      {
      "username": "<<RESOURCE.cybereason_username>>",
      "password": "<<CREDENTIAL.cybereason_password>>"
      }

    7. Disable redirect follow: Click the "+ Option" button, select choose "Disable redirect follow" and ensure the box remains ticked:


    8. Click "Run options" and make sure you get a successful response like the following:



    9. Location of token from response: SPLIT(cybereason_cookie.headers["set-cookie"], ";") |> FIRST(%)

  3. Optional

    1. Domains: Ensure this credential can only be used when making HTTP requests to specific domains

    2. Access: What other teams can also use the API

  4. Click "Save"

Your credential should look like the following:

For more on creating credentials in Tines, click here.

You can find a selection of Cybereason stories in the story library.

Using the credential in an action

The Header configuration for your Cybereason credential should be:

"Cookie": "<<CREDENTIAL.cybereason_cookie>>"

Here is an example Cybereason action you can copy and paste onto your storyboard in Tines:

{"standardLibVersion":"35","actionRuntimeVersion":"4","agents":[{"disabled":false,"name":"Retrieve Cybereason Sensor Information","description":"Retrieve sensor infomration","options":"{\"url\":\"https://<<RESOURCE.cybereason_url>>/rest/sensors/query\",\"method\":\"post\",\"content_type\":\"json\",\"payload\":{\"limit\":1000,\"offset\":0,\"filters\":[]},\"headers\":{\"Cookie\":\"<<CREDENTIAL.cybereason_cookie>>\"}}","position":{"x":375,"y":1095},"type":"httpRequest","timeSavedUnit":"minutes","timeSavedValue":0,"monitorAllEvents":false,"monitorFailures":false,"monitorNoEventsEmitted":null,"recordType":null,"recordWriters":[],"form":null,"cardIconName":"httpRequest","createdFromTemplateGuid":"2dca49465829825a3f4f5ddaee6b1321c9667ffa07d713ab8186b60a9be3d607","createdFromTemplateVersion":1,"originStoryIdentifier":"cloud:aa47f8215c6f30a0dcdb2a36a9f4168e:d4c15df0f02ba4789095426607003199"}],"links":[],"diagramNotes":[]}
Related Articles
Cribl Authentication Guide
Censys Authentication Guide
Did this answer your question?