Malwarebytes Endpoint Protection
What is Discovered and Monitored
Protocol | Information Discovered | Metrics Collected | Used For |
---|---|---|---|
Syslog | Malware detection log | Security Monitoring |
Event Types
In ADMIN > Device Support > Event Types, search for "malwarebytes-" to see the event types associated with this device.
Rules
In RESOURCES > Rules, search for "Malware found but not remediated" in the main content panel Search... field.
Reports
In RESOURCES > Reports, search for "malware found" in the main content panel Search... field to see the reports associated with this device.
Configuration
Syslog
FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM on port 514.
Sample Syslog
<45>1 2016-09-23T14:40:35.82-06:00 reportDeviceName Malwarebytes-Endpoint-Security 1552 -
- {"security_log":{"client_id":"ef5f8fc8-ad0e-46f8-b6d7-1a85d5f73e64","host_name":"Abc-
cbd","domain":"abc.com","mac_address":"FF-FF-FF-FF-FF","ip_
address":"10.1.1.1","time":"2016-09-23T14:40:14","threat_level":"Moderate","object_
type":"FileSystem","object":"HKLM\\SOFTWARE\\POLICIES\\GOOGLE\\UPDATE","threat_
name":"PUM.Optional.DisableChromeUpdates","action":"Quarantine","operation":"QUARANTINE","
resolved":true,"logon_user":"dsamuels","data":"data","description":"No
description","source":"MBAM","payload":null,"payload_url":null,"payload_
process":null,"application_path":null,"application":null}}