Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Malwarebytes Breach Remediation

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
Syslog   Malware detection log Security Monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "malwarebytesbreach" to see the event types associated with this device. In FortiSIEM 6.2.0, there are 10 event types defined.

Rules

In RESOURCES > Rules, search for "Malware found but not remediated" in the main content panel Search... field.

Reports

In RESOURCES > Reports, search for "malware found" to see the reports associated with this device.

Examples include:

  • Top Computers with Malware Found By Antivirus and Security Gateways

  • Top IPs with Malware Found By Antivirus and Security Gateways

  • Top IPs with Malware Found By Security Gateways

Configuration

Syslog

FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM on port 514.

Sample Syslog

2020-11-25T17:18:46Z 0009NIT-KLUEY CEF:0|Malwarebytes|Malwarebytes Breach Remediation|Version: 4.1.1.84 [eng:Version: 3.0.0.1090 rul:2020.11.25.17 act:Version: 3.2.0.266 sws:Version: 4.3.0.279]|1000|Scan Started|1|cs3=46837c42-2f42-11eb-9c15-025041000001 cs3Label=SessionId cs5=mbbr  scan -full -remove -noreboot cs5Label=CmdLine dvchost=0009NIT-KLUEY deviceMacAddress=DC:FB:48:92:E9:10 suser=TEST outcome=succeeded

Malwarebytes Breach Remediation

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
Syslog   Malware detection log Security Monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "malwarebytesbreach" to see the event types associated with this device. In FortiSIEM 6.2.0, there are 10 event types defined.

Rules

In RESOURCES > Rules, search for "Malware found but not remediated" in the main content panel Search... field.

Reports

In RESOURCES > Reports, search for "malware found" to see the reports associated with this device.

Examples include:

  • Top Computers with Malware Found By Antivirus and Security Gateways

  • Top IPs with Malware Found By Antivirus and Security Gateways

  • Top IPs with Malware Found By Security Gateways

Configuration

Syslog

FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM on port 514.

Sample Syslog

2020-11-25T17:18:46Z 0009NIT-KLUEY CEF:0|Malwarebytes|Malwarebytes Breach Remediation|Version: 4.1.1.84 [eng:Version: 3.0.0.1090 rul:2020.11.25.17 act:Version: 3.2.0.266 sws:Version: 4.3.0.279]|1000|Scan Started|1|cs3=46837c42-2f42-11eb-9c15-025041000001 cs3Label=SessionId cs5=mbbr  scan -full -remove -noreboot cs5Label=CmdLine dvchost=0009NIT-KLUEY deviceMacAddress=DC:FB:48:92:E9:10 suser=TEST outcome=succeeded