Cybereason REST APIs use an auth token to make authorized calls to the API. Expel uses Cybereason REST APIs to access resources through URI paths. You need to generate an API key and an Application key.

In this article

Step 1: Generate user credentials

  1. In the Cybereason UI, navigate to the User screen.

  2. Click Create New User. The Create New User screen appears.

  3. Type the required details.

    • Username: an email address. Make note of this for later use.

    • Password: a password. Make note of this for later use.

    • Change password on next login: don't select this.

    • Enable Two Factor Authentication (TFA): don't select this.

    • Custom roles: select Analyst and L3.

    • Predefined roles: select API User.

Step 2: Configure the technology in Workbench

  1. In a new browser tab, log into https://workbench.expel.io.

  2. On the console page, navigate to Settings and click Security Devices.

  3. At the top of the page, click Add Security Device.

  4. Search for and select your technology Cybereason.

    mceclip2.png
  5. Complete all fields using the credentials and information you collected in Step 1.

    mceclip4.png
    • For Name, type the host name of the device.

    • For Location, type the geographic location of the appliance.

    • For Username, type the username generated in Step 1.

    • For Password, type the password generated in Step 1.

    • For Server URL type the Cybereason device address.

  6. You can provide console access now or set it up later. Use the instructions below to set it up later.

Cyber reason, cyberreason,