Skip to main content
All CollectionsHow-tosArticlesAuthentication guides
Cybereason Authentication Guide
Cybereason Authentication Guide

How to authenticate Cybereason for use with Tines

Daniel Stoeski avatar
Written by Daniel Stoeski
Updated over a year ago

Cybereason offers an endpoint protection platform. It delivers antivirus software, endpoint detection and response with one agent, and a suite of managed services.

First, create a Cybereason resource in Tines

  1. Login to your Tines tenant

  2. Navigate to the team that will be using the API and click "Resource"

  3. Click "+ New Resource"

  4. Input the values for the Cybereason resource

    1. Name: cybereason_username

    2. Description: Optional

    3. Builder: Your Cybereason username

  5. Optional

    1. Access: What other teams can also use the resource

  6. Click "Save resource"

Lastly, create Cybereason credentials in Tines

You will need to create two credentials:

  • One Text type: "cybereason_password"

  • One HTTP request type: "cybereason_cookie"

Text type

  1. Navigate to the team that will be using the API and click "Credential"

  2. Click "+ New Credential" and select "Text"

  3. Input the values for the Cybereason credential

    1. Name: cybereason_password

    2. Description: Optional

    3. Value: Your Cybereason password

  4. Optional

    1. Domains: Ensure this credential can only be used when making HTTP requests to specific domains

    2. Access: What other teams can also use the API

  5. Click "Save"

HTTP request type

  1. Click "+ New Credential" and select "HTTP Request"

  2. Input the values for the Cybereason credential

    1. Name: cybereason_ccokie

    2. Description: Optional

    3. URL: https://integration.cybereason.net:8443/login.html

    4. Content-Type: "Custom": "application/x-www-form-urlencoded"

    5. Method: post

    6. Payload: Copy the below object and paste into the "Plain code" section:

      {
      "username": "<<RESOURCE.cybereason_username>>",
      "password": "<<CREDENTIAL.cybereason_password>>"
      }

    7. Disable redirect follow: Click the "+ Option" button, select choose "Disable redirect follow" and ensure the box remains ticked:


    8. Click "Run options" and make sure you get a successful response like the following:



    9. Location of token from response: SPLIT(cybereason_cookie.headers["set-cookie"], ";") |> FIRST(%)

  3. Optional

    1. Domains: Ensure this credential can only be used when making HTTP requests to specific domains

    2. Access: What other teams can also use the API

  4. Click "Save"

Your credential should look like the following:

For more on creating credentials in Tines, click here.

You can find a selection of Cybereason stories in the story library.

Using the credential in an action

The Header configuration for your Cybereason credential should be:

"Cookie": "<<CREDENTIAL.cybereason_cookie>>"

Here is an example Cybereason action you can copy and paste onto your storyboard in Tines:

{"standardLibVersion":"35","actionRuntimeVersion":"4","agents":[{"disabled":false,"name":"Retrieve Cybereason Sensor Information","description":"Retrieve sensor infomration","options":"{\"url\":\"https://<<RESOURCE.cybereason_url>>/rest/sensors/query\",\"method\":\"post\",\"content_type\":\"json\",\"payload\":{\"limit\":1000,\"offset\":0,\"filters\":[]},\"headers\":{\"Cookie\":\"<<CREDENTIAL.cybereason_cookie>>\"}}","position":{"x":375,"y":1095},"type":"httpRequest","timeSavedUnit":"minutes","timeSavedValue":0,"monitorAllEvents":false,"monitorFailures":false,"monitorNoEventsEmitted":null,"recordType":null,"recordWriters":[],"form":null,"cardIconName":"httpRequest","createdFromTemplateGuid":"2dca49465829825a3f4f5ddaee6b1321c9667ffa07d713ab8186b60a9be3d607","createdFromTemplateVersion":1,"originStoryIdentifier":"cloud:aa47f8215c6f30a0dcdb2a36a9f4168e:d4c15df0f02ba4789095426607003199"}],"links":[],"diagramNotes":[]}
Related Articles
Cribl Authentication Guide
Censys Authentication Guide
Did this answer your question?