• Install & Activate
  • Troubleshooting
BEST Antivirus KBS : Largest Anti-Malware Knowlegde Base and Support
  • Install & Activate
  • Troubleshooting

Malwarebytes Visibility and Dashboards app for Splunk and Malwarebytes Endpoint Security

/Download, Install & Active / Malwarebytes / Download, Install & Active / Malwarebytes / Malwarebytes Endpoint / Malwarebytes Visibility and Dashboards app for Splunk and Malwarebytes Endpoint Security
  • September 1, 2021
  • BEST Antivirus Staff 2
  • Malwarebytes / Malwarebytes Endpoint

Contents

  1. Requirements
  2. Download Malwarebytes Visibility and Dashboards app
  3. Install Malwarebytes Visibility and Dashboards app
    1. Splunk Enterprise Single Instance Environments
    2. Splunk Enterprise Distributed Environments
  4. Configure Malwarebytes Management Console
  5. Configure Splunk Enterprise
    1. Splunk Enterprise dashboard examples
      1. Overview dashboard Endpoints dashboard
      2. Detections dashboard
  6. Configure Splunk Cloud
    1. Splunk Cloud dashboard examples
      1. Overview dashboard
      2. Endpoints dashboard
      3. Detections dashboard
      4. Quarantined dashboard
      5. The events received into Splunk Cloud from Malwarebytes products display in CEF format. Go to App: Search & Reporting > Search & Reporting to view.
0
(0)

NOTICE – On August 4 2021, Malwarebytes Endpoint Security reached its End of Life. For more information, see the Malwarebytes Endpoint Security End of Life notice. To upgrade to a supported version of Malwarebytes, see Malwarebytes Endpoint Protection or Malwarebytes for Teams.

The Malwarebytes Visibility and Dashboards app provides custom Splunk searches and dashboards for Malwarebytes endpoint data. This app provides a visual experience for Malwarebytes users. Dashboards have been optimized for fast performance and contain custom drill-downs.

Requirements

To download, install and configure the Malwarebytes Visibility and Dashboards app, you will need:

  • An active Splunk Enterprise or Splunk Cloud instance.
  • User login credentials for Splunk.
  • An active Malwarebytes Endpoint Security subscription.
  • Malwarebytes Management Console administrator credentials.
  • Technical Add-on for Malwarebytes installed. Refer to Install the Technical Add-on for Malwarebytes for Splunk for more information.

Download Malwarebytes Visibility and Dashboards app

To download the Malwarebytes Visibility and Dashboards app:

  1. Go to the Malwarebytes Visibility and Dashboards page in Splunkbase.
  2. Click on LOGIN TO DOWNLOAD. If already logged into Splunkbase, click on DOWNLOAD.
  3. Enter your Splunk user credentials.

Install Malwarebytes Visibility and Dashboards app

Where you install the Malwarebytes app is based on your Splunk environment.

Splunk Enterprise Single Instance Environments

Install the Malwarebytes Visibility and Dashboards app in the same location where the Splunk components, Search Tier, Indexer Tier, and Forwarder Tier are located. For instructions on installing add-on in a single instance environments, refer to Splunk’s support article Install an add-on in a single-instance Splunk Enterprise deployment.

Splunk Enterprise Distributed Environments

Install the Malwarebytes Visibility and Dashboards app where your Search Tier is located. For instructions on installing an add-on in a distributed Splunk Enterprise environment, refer to Splunk’s support article Install an add-on in a distributed Splunk Enterprise deployment.

Configure Malwarebytes Management Console

Configuration instructions for Malwarebytes Endpoint Security environments.

  1. Log into your Malwarebytes Management Console as an administrator.
  2. Go to Admin > Syslog Settings > click Change…
  3. In the Syslog Settings menu make the following updates:
    • In the Address field, enter your Splunk server’s IP address.
    • In the Port field, set to 10514.
    • For Protocol, set the TCP/UDP as the same as your Splunk server configuration.
    • Click OK to save the configuration.
      DOC-3206-1.png

For Malwarebytes Breach Remediation environments, refer to Malwarebytes Agentless Remediation app for Splunk.

Configure Splunk Enterprise

To configure the data inputs for Malwarebytes Breach Remediation or Malwarebytes Endpoint Security, follow the steps below.

  1. Login to Splunk using administrator credentials and go to Settings > Data Inputs.
    DOC-3206-2.png
  2. Under Forwarded Inputs, select either TCP or UDP. Select New.
  3. Enter 10514 in the Port field. Click Next.
    DOC-3206-3.png
  4. In the Input Settings screen:
    • For Source type, click Select and choose Malware > choose mwb:mbmc from the dropdown menu.
    • For App context, select Add-on for Malwarebytes (TA-malwarebytes) from the dropdown menu.
    • For Host > Method, select either IP or DNS.
    • For Index, select malwarebytes from the dropdown menu. Click Review.
      DOC-3206-4.png
  5. In Review, make sure all of your configurations are correct, then select Submit to complete the data input configuration on the Splunk instance.

Splunk Enterprise dashboard examples

Overview dashboard
DOC-3206-5.png

Endpoints dashboard
DOC-3206-6.png

Detections dashboard
DOC-3206-7.png

Configure Splunk Cloud

You must have Universal Forwarder installed to configure Splunk Cloud. Refer to the Splunk support document, Configure forwarding and receiving for Splunk Cloud for instructions.

To get Malwarebytes data into Splunk Cloud, configure your forwarder to send syslog data to your Splunk Cloud instance.

Splunk Cloud dashboard examples

Overview dashboard
DOC-3206-8.png

Endpoints dashboard
DOC-3206-9.png

Detections dashboard
DOC-3206-10.png

Quarantined dashboard
DOC-3206-11.png

The events received into Splunk Cloud from Malwarebytes products display in CEF format. Go to App: Search & Reporting > Search & Reporting to view.

DOC-3206-12.png.

Source : Official Malwarebytes Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 32 times, 1 visits today)
Tagged: malwarebytesmalwarebytes for endpoint

Related Articles

  • All about Malwarebytes

  • Technical Add-on for Malwarebytes for Splunk

  • Malwarebytes Agentless Remediation app for Splunk

  • Relatórios de atividade de terminais na plataforma Nebula da Malwarebytes

  • Malwarebytes Endpoint Protection Product Lifecycle

  • Windows 2019-09 Security Update for Windows devices running Malwarebytes home products

ask or enter a search term

Top Rated Posts

5 (1)

Activate code Avast on Windows PC

5 (1)

[KB5699] Set the PIN in ESET Parental Control for Android

5 (2)

Getting started (app) (ESET)

5 (1)

[KB3239] How do I uninstall or reinstall ESET Cyber Security or ESET Cyber Security Pro?

5 (2)

[KB6842] Upgrade to ESET Cyber Security and ESET Cyber Security Pro version 6.6 fails on previous versions of macOS (10.6 – 10.8)

About

We are BEST Antivirus , Trusted Comparison and Cheap Antivirus Software 2020. KBS is Knowledge Base and Support : This page was created to guide customers through the installation and to resolve all the common errors of anti-virus software.

Partners

› Avast
› AVG
› BitDefender
› ESET
› Trend Micro
› All Partners

Resources

› Store
› Advertise
› Brand Reviews
› Review Platforms
› Contact Page
› Knowledge Base

  • Install & Activate
  • Troubleshooting
© Copyright by BEST Antivirus by SSG Limited