What’s This?
The Malwarebytes Nebula server collects a rich set of information from the endpoints and a common request we get is to turn this data into useful information. Malwarebytes provides a complete set of RESTful APIs for this purpose. The Management Console uses these same APIs to extract the data. However, it does require some scripting and technical work to make the data useful.
To make this easier for our customers, we have introduced the Malwarebytes Excel Addin, which provides easy access to import data directly into Microsoft Excel.
Video
- Watch a 4 minute video tour of the Excel Addin.
Video on YouTube - Scheduled reports walk-through
Video on YouTube (3-min)
Requirements
- An account on the Malwarebytes Nebula server (https://cloud.malwarebytes.com).
- Microsoft Excel 2010, 2013, 2016, 2019, or Office 365 on Windows.
- (The addin does not work on macOS because it uses Windows specific Microsoft Office features)
- .NET Framework v4.5.2.
Installation
Download and install the Add in. Latest version is v3.2.8.
Download the latest Malwarebytes Excel Addin Installer
Support
This is a user community shared utility.
Please post questions and comments on this Forum thread.
Features
- Extract and import most of the Malwarebytes Nebula server objects
- Endpoints / Machines
- Details for Malwarebytes agent information
- Details for endpoint assets such as memory, disk drives
- Details for software installed
- Detections / Threats
- Quarantine
- Suspicious Activities
- Events, Groups, Tasks / Jobs
- Others – Exceptions, Users, Policies, Schedules
- Endpoints / Machines
- Perform bulk actions
- Take action against scan needed endpoints
- Take action against remediation required endpoints
- Delete endpoints that are offline for any number of days
- Delete duplicate endpoints
- Move endpoints to a different group
- Restore or remove quarantine data
- Remediate and close Suspicious Activities
- Load exclusions
- Generate a summary report in HTML and PDF, and email to recipients
- Schedule the summary report for automated email delivery (Watch the 3-min video)
Screenshots
- Detection data imported from the Nebula server.
- Pivot tables and charts are created for some key objects.
- HTML and PDF summary report generated.
Releases
Latest version is v3.2.8
- v3.2.8 (2021-03-16)
- Added better support to filter and paging in the Quarantines restore/delete section
- v3.1.1 (2019-12-19)
- Added support to find and delete endpoints by name
- Added support to move endpoints to a different group by name
- v3.1.0 (2019-12-03)
- Supports Two-Factor Authentication login
- Added trending indicators for summary reports
- Maximum number of rows to create zebra stripes set to 10,000 to ensure performance
- v3.0.11 (2019-11-04)
- Added feature to add groups in bulk to a schedule
- Fixed error HRESULT: 0x80070057 importing any objects, caused by region formatting
- v3.0.9 (2019-10-08)
- Added endpoint export for Updates Installed
- v3.0.8 (2019-09-27)
- Added feature to change policy for groups in bulk
- Added user-agent string to all requests so that the backend can identify requests
- v3.0 (2019-08-01)
- Added Scheduled Reports
- Added Asset Information import
- Added URL links to endpoints
- v2.7 (2019-06-24)
- Added feature to delete duplicate endpoints.
- v2.6 (2019-06-12)
- Supports OneView login.
- Added support to bulk remediate or close Suspicious Activities.
- Fixed bug with failed install when AppData is a remote file share.
- Fixed Scan Results not showing local date time.
- v2.5 (2019-04-07)
- Added new import for endpoint scan statuses. Note the useful column to see scan duration.
- Added the ability to move endpoints to a different group in bulk.
- Fixed Bulk Load Exclusions due to changes in the back-end. Now supports adding exclusions by policies.
- v2.4 (2019-03-13)
- Confirmed support for Excel 2019.
- Added column “No of Schedules” in Groups to help identify groups with no threat scans scheduled.
- Added selection list for Bulk Exclusions for common 3rd Party security software.
- v1.2 (2018-July) – First release.
Troubleshooting
- The installation folder is located in the following user appdata directory.
- C:\Users\[user-name]\AppData\Roaming\Malwarebytes\Malwarebytes Excel Addin [version]
- The installation logs are located in the following directory. They are useful to determine the reasons why the addin might not have been attached to Excel correctly.
- C:\Users\[user-name]\AppData\Local\Temp\Malwarebytes Excel Addin
- C:\Users\[user-name]\Documents\Add-in Express
- If the Addin does not show up in the menu for Excel, the first thing to try is to run the setup.exe as Administrator.
- Error login in “Request failed. Received HTTP Accepted”.
- This is due to the login account having two-factor authentication enabled. Download version 3.1.0 or greater of the Excel Addin that supports 2FA.
(Visited 39 times, 1 visits today)