Actions for Cybereason #
- Send Data to Cybereason. Sends a custom set of Lucidum data to Cybereason.
Use Cases #
Below are the possible use cases for these actions:
-
If you want to run Lucidum “headless”, you can send relevant data to Cybereason on a regular schedule.
- You can send normalized, enriched Lucidum data to Cybereason to be indexed, searched, and analyzed.
Prerequisites #
To execute Cybereason actions, you must
Configure a Cybereason API connection beforehand. The required parameters are described in the instructions for creating a Cybereason connector in Lucidum https://lucidum.io/docs/microsoft-active-directory.
NOTE. The specified account should have read and write permissions.
Workflows #
- Creating a new Configuration and a new Action
- Cloning an Existing Action
- Creating a new Action from the Location Results page
- Editing a Configuration
- Editing an Action
- Viewing Information about an Action
Cybereason Configuration #
To create a configuration for Cybereason actions:
-
Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.
-
URL. The URL of the Cybereason API.
-
Username. User name for a Cybereason account that has read and write access to the APIs.
- Password. Password for a Cybereason account that has read and write access to the APIs.
-
Proxy. If you are using a proxy server with Lucidum, select from the list of already-configured proxy servers. To create a proxy server, see https://lucidum.io/docs/configuring-a-proxy-server/.
-
Max # of Records per Payload. The maximum number of records to send to Cybereason in each action. The default value is “50”.
Create a New Action #
To create an action for Cybereason, contact Lucidum customer care.
