Get Started with Cybereason XDR

Note

To use these features, you can add the XDR package to your instance of the Cybereason platform for an additional cost. Contact your Customer Success Manager for details about this package.

To use Cybereason XDR, you need to perform a number of steps, including the configuration for integration platforms, onboarding of data from your integrations, and analysis of data collected from Cybereason XDR. Follow the steps in this topic to get started.

Add the Cybereason XDR to your Cybereason platform

Work with your Customer Success manager to add the Cybereason XDR package to your Cybereason instance (at an additional cost).

When you add Cybereason XDR in your environment, you have multiple different modules available to suit your needs. For details on these modules, see Cybereason XDR Modules.

Configure log exporting from your integrated platforms

Before you can use data from XDR log sources and integrations, you must enable the data or log export from integrated platforms.

For details on how to configure these exports, select your integrations from the Cybereason Integrations page and select the Configure tab from the integration documentation page.

Connect third-party integrated platforms

Add supported integrations in the Connect screen and enter configuration/connection details to connect Cybereason XDR to your integrated platforms.

Some third-party integrated platforms share data using an API cloud feed, while others require the Cybereason XDR on-site collector agent to securely forward the logs.

For details on how to connect each integration, select your integrations from the Cybereason Integrations page and select the Configure tab from the integration documentation page. For details on how to install an on-site collector agent, see Add an On-Site Integration.

Onboard data from integrated platforms to Cybereason XDR

After you configure log exports in integrated platforms and add the integration details in Connect, the data begins to flow between your integrated platforms and Cybereason XDR. You can view the integration status in Connect and ensure that Suspicious events are displayed in the Suspicious events screen (if there are suspicious events for the integration).

View your XDR summary

In the XDR Dashboard, view a summary and trends in XDR data from integrated data sources, and see overall integration health to identify problems as soon as possible.

For details on the XDR dashboard, see XDR Dashboard.

View detected suspicious events

Cybereason XDR detects and reports specific suspicious events to enable you to see those events from your integrated platforms which require additional addition and help you quickly understand all suspicious activity across your organization and network.

View, filter, and search the alerts in this screen to help you monitor all suspicious events happening across your organization.

For details on suspicious events, see Analyze Suspicious Events.

Analyze XDR Malops

When Cybereason XDR determines that multiple suspicious events are likely connected to the same event, the Cybereason platform creates an XDR Malop. The MalOps present a fuller story of the attack sequence in a logical connected manner that enables you to see the progression of a suspected attack.

View and analyze the MalOps to find instances of likely malicious behavior throughout your organization and your network.

For details on XDR MalOps, see Examine XDR Malops. To view the recommended workflow for XDR MalOps, see Use the XDR MalOps and MalOp Details Workflow.