Skip to main content
 

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

Cybereason REST APIs use an auth token to make authorized calls to the API. Expel uses Cybereason REST APIs to access resources through URI paths. You need to generate an API key and an Application key.

Step 1: Generate user credentials

  1. In the Cybereason UI, navigate to the User screen.

  2. Click Create New User. The Create New User screen appears.

  3. Enter the required details.

    mceclip1.png
    • Username: An email address. Make note of this for later use.

    • Password: A password. Make note of this for later use.

    • Change password on next login: Don't select this.

    • Enable Two Factor Authentication (TFA): Don't select this.

    • Custom roles: Select Analyst and L3.

    • Predefined roles: Select API User.

Step 2: Configure the technology in Workbench

  1. In a new browser tab, log into https://workbench.expel.io.

  2. On the console page, navigate to Settings and click Security Devices.

  3. At the top of the page, click Add Security Device.

    image-1
  4. Search for and select your technology Cybereason.

    mceclip2.png
  5. Complete all fields using the credentials and information you collected in Step 1.

    mceclip4.png
    • For Name type the host name of the device.

    • For Location type the geographic location of the appliance.

    • For Username type the username generated in Step 1.

    • For Password type the password generated in Step 1.

    • For Server URL type the Cybereason device address.

Cyber reason, cyberreason,