Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Malwarebytes Endpoint Protection

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
Syslog   Malware detection log Security Monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "malwarebytes-" to see the event types associated with this device.

Rules

In RESOURCES > Rules, search for "Malware found but not remediated" in the main content panel Search... field.

Reports

In RESOURCES > Reports, search for "malware found" in the main content panel Search... field to see the reports associated with this device.

Configuration

Syslog

FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM on port 514.

Sample Syslog

<45>1 2016-09-23T14:40:35.82-06:00 reportDeviceName Malwarebytes-Endpoint-Security 1552 -

- {"security_log":{"client_id":"ef5f8fc8-ad0e-46f8-b6d7-1a85d5f73e64","host_name":"Abc-

cbd","domain":"abc.com","mac_address":"FF-FF-FF-FF-FF","ip_

address":"10.1.1.1","time":"2016-09-23T14:40:14","threat_level":"Moderate","object_

type":"FileSystem","object":"HKLM\\SOFTWARE\\POLICIES\\GOOGLE\\UPDATE","threat_

name":"PUM.Optional.DisableChromeUpdates","action":"Quarantine","operation":"QUARANTINE","

resolved":true,"logon_user":"dsamuels","data":"data","description":"No

description","source":"MBAM","payload":null,"payload_url":null,"payload_

process":null,"application_path":null,"application":null}}

Malwarebytes Endpoint Protection

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
Syslog   Malware detection log Security Monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "malwarebytes-" to see the event types associated with this device.

Rules

In RESOURCES > Rules, search for "Malware found but not remediated" in the main content panel Search... field.

Reports

In RESOURCES > Reports, search for "malware found" in the main content panel Search... field to see the reports associated with this device.

Configuration

Syslog

FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM on port 514.

Sample Syslog

<45>1 2016-09-23T14:40:35.82-06:00 reportDeviceName Malwarebytes-Endpoint-Security 1552 -

- {"security_log":{"client_id":"ef5f8fc8-ad0e-46f8-b6d7-1a85d5f73e64","host_name":"Abc-

cbd","domain":"abc.com","mac_address":"FF-FF-FF-FF-FF","ip_

address":"10.1.1.1","time":"2016-09-23T14:40:14","threat_level":"Moderate","object_

type":"FileSystem","object":"HKLM\\SOFTWARE\\POLICIES\\GOOGLE\\UPDATE","threat_

name":"PUM.Optional.DisableChromeUpdates","action":"Quarantine","operation":"QUARANTINE","

resolved":true,"logon_user":"dsamuels","data":"data","description":"No

description","source":"MBAM","payload":null,"payload_url":null,"payload_

process":null,"application_path":null,"application":null}}