fbpx
Back Arrow Back to All Integrations

Malwarebytes Nebula

Malwarebytes Nebula

Integrating Malwarebytes Nebula With Blumira

Blumira’s modern cloud SIEM platform integrates with Malwarebytes Nebula to detect cybersecurity threats and provide actionable response to remediate when a threat is detected.

 

When configured, the Blumira integration with Malwarebytes Nebula will stream security event logs to the Blumira service for automated threat detection and actionable response.

 

Get visibility, detect and respond to threats faster:

 

  • Quickly detect known and suspected threats with Blumira’s cloud-based platform
  • Reduce the noise of false-positive alerts with backend automation and fine-tuned alerting
  • Detect lateral movement across your environment with virtual honeypots
  • Get guided and actionable remediation playbooks for teams without security expertise
  • View easy-to-understand dashboards and security threat reports to help organizations meet compliance requirements

 

See how easy it is to set up Blumira with Malwarebytes Nebula:

Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.

 

Free Trial

Required Blumira Module: Logger

Configure Log Forwarding from Malwarebytes Nebula

Forward logs from Malwarebytes Nebula to a Blumira sensor for longterm storage, compliance, audit, reporting, threat detection, or legal reasons.

  1. In the Malwarebytes Nebula console,
  2. Go to Settings > Syslog Logging.
  3. Click Add. Promote one of your Windows endpoints as the Syslog communication endpoint.
  4. In the top-right corner, click Syslog Settings.
  5. Fill in the following information, then click Save.
    • IP Address/Host: IP or hostname of your sensor.
    • Port: 514
    • Protocol: Select either TCP or UDP protocol.
    • Severity: Choose a Severity from the list. This determines the Severity of all Malwarebytes events sent to Syslog.
    • Communication Interval (Minutes): Determines how often the communication endpoint gathers Syslog data from the Malwarebytes server. If the endpoint is unable to contact Malwarebytes, it buffers data from the last 24 hours. Data older than 24 hours is not sent to Syslog.
    • Navigate to Endpoints. Click on the Syslog communication endpoint you assigned in Step 2.
    • In the Agent Information section, the SIEM version number displays. This confirms the SIEM plugin has activated on the endpoint.
  6. The endpoint transfers data to Syslog without further configuration.