Malwarebytes is an anti-malware software for Microsoft Windows, MacOS, Android, and iOS that finds and removes malware.
This document provides information about the Malwarebytes connector, which facilitates automated interactions, with a Malwarebytes server using FortiSOAR™ playbooks. Add the Malwarebytes connector as a step in FortiSOAR™ playbooks and perform automated operations, such as scanning specified endpoints or retrieving information for a specified endpoint or a list of endpoints connected to Malwarebytes.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-malwarebytes
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Malwarebytes connector row, and in the Configuration tab enter the required configuration details.
Parameter | Description |
---|---|
API Server URL | API Server URL of the Malwarebytes server to which you will connect and perform automated operations. |
Username | Username used to connect to the Malwarebytes server to which you will connect and perform automated operations. |
Password | Password used to connect to the Malwarebytes server to which you will connect and perform automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True . |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Scan Endpoint | Scans one or more endpoints on the Malwarebytes server, based on the input (filter) parameters you have specified. | scan_endpoints Investigation |
Get Scan Result | Retrieves the scan history for endpoint(s) connected to the Malwarebytes server, based on the endpoint name and ID, and other input parameters you have specified. | get_scan_result Investigation |
Get Endpoints | Retrieves information about the endpoints connected to the Malwarebytes server, based on the input (filter) parameters you have specified. | get_endpoints Investigation |
Get Endpoint Details | Retrieves information about a specific endpoint connected to the Malwarebytes server, based on the endpoint name and ID you have specified. | get_endpoint_info Investigation |
Delete Endpoints | Deletes endpoints connected to the Malwarebytes server, based on the endpoint name or ID you have specified. | delete_endpoints Miscellaneous |
Get Threats | Retrieves a list and details of all threats detected on endpoints connected to the Malwarebytes server, based on the endpoint type, and other input parameters you have specified. | get_threats Investigation |
Get Quarantined Threats | Retrieves a list of all quarantined threats detected on endpoints connected to the Malwarebytes server, based on the endpoint type, and other input parameters you have specified. | get_threats Investigation |
Manage Quarantine Threats | Restores or deletes quarantined threats associated with endpoints connected to the Malwarebytes server, based on the detection ID and other input parameters you have specified. | manage_quarantine_threats Containment |
Get Events | Retrieves a list and details of all events associated with an endpoint connected to the Malwarebytes server, based on endpoint name or endpoint ID and severity you have specified. | get_events Investigation |
Get Tasks | Retrieves a list and details of all tasks associated with an endpoint connected to the Malwarebytes server, based on endpoint name or endpoint ID and status you have specified. | get_tasks Investigation |
Create Group | Adds a policy group on the Malwarebytes server, based on input parameters you have specified. | create_group Investigation |
Get Groups | Retrieves a list of all policy groups associated with endpoints connected to the Malwarebytes server. | get_groups Investigation |
Delete Group | Deletes a group of policies associated with endpoints connected to the Malwarebytes server, based on the group name or ID you have specified. | delete_group Miscellaneous |
Assign Policy Group | Assigns a specific endpoint policy to a specific policy group on the Malwarebytes server. | assign_policy_group Investigation |
Get Policies | Retrieves a list of all policies associated with endpoints connected to the Malwarebytes server. | get_policy Investigation |
Delete Policy | Deletes a policy associated with endpoints connected to the Malwarebytes server, based on the policy name or ID you have specified. | delete_policy Miscellaneous |
Parameter | Description |
---|---|
Action | Scan action that you want this operation to take on the endpoint on the Malwarebytes server. You can choose from one of the following actions: Scan + Report, Scan + Quarantine, Refresh Assets, or Check for Protection Updates. |
Endpoint | Options based on which endpoints will be scanned on the Malwarebytes server. You must choose one of the following: Endpoint Name or Endpoint ID. |
Value | CSV list or a single endpoint name or a CSV list or a single endpoint ID that you want to scan on the Malwarebytes server, based on the endpoint option you have chosen in the Endpoint field. For example, endpoint 1, endpoint 2 |
The JSON output contains the status of the scan that you have created on the Malwarebytes server.
Following image displays a sample output:
Parameter | Description |
---|---|
Endpoint | Options based on which scan results of endpoints will be retrieved from the Malwarebytes server. You must choose one of the following: Endpoint Name or Endpoint ID. |
Value | Single endpoint name or a Single endpoint ID whose scan results you want to retrieve from the Malwarebytes server, based on the endpoint option you have chosen in the Endpoint field. |
Show last | Number of days for which you want to retrieve scan results from the Malwarebytes server. You can choose from one of the following: 1 Day, 7 Days, or 30 Days. |
Threats | Filter based on which you want to retrieve scan results from the Malwarebytes servers. You can choose from one of the following: All Scans, Threats Found, or No Threats. |
Start Index | (Optional) Index of the first item that this operation should return. This is optional query string parameter, and if you do not specify any value, then this defaults to 0 . |
Records Per Page | (Optional) Number of records that you want to retrieve per page. This is optional query string parameter, and if you do not specify any value, then this defaults to 25 . |
The JSON output contains details of the scan result(s) retrieved from the Malwarebytes server, based on the endpoint ID or name and other input parameters you have specified.
Following image displays a sample output:
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
Filter Endpoints | Filter based on which the you want to retrieve endpoint details from the Malwarebytes server. Note: If you do not specify any filter then details of all the endpoints are retrieved from the Malwarebytes server. You can choose one of the following: All Endpoints, Online Endpoints, Offline Endpoints, or Offline 7+Days. |
Group | Group name or ID whose endpoint(s) member details you want to retrieve from the Malwarebytes server. Note: If you specify the group name or ID, then the details for only those endpoints who are members of the specified policy group will be retrieved from the Malwarebytes server. You can choose one of the following: Group Name or Group ID. |
Value | CSV list or a single group name or a CSV list or a single group ID whose endpoint details you want to retrieve from the Malwarebytes server, based on the group option you have chosen in the Group field. |
Search String | Query string based on which you want to retrieve endpoint details from the Malwarebytes server. Note: If you do not specify any query string then details of all the endpoints are retrieved from the Malwarebytes server. |
Start Index | (Optional) Index of the first item that this operation should return. This is optional query string parameter, and if you do not specify any value, then this defaults to 0 . |
Records Per Page | (Optional) Number of records that you want to retrieve per page. This is optional query string parameter, and if you do not specify any value, then this defaults to 25 . |
The JSON output contains a list of all endpoint details retrieved from the Malwarebytes server, based on the input parameters you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Endpoint | Options based on which details of the endpoints will be retrieved from the Malwarebytes server. You must choose one of the following: Endpoint Name or Endpoint ID. |
Value | Single endpoint name or a Single endpoint ID whose details you want to retrieve from the Malwarebytes server, based on the endpoint option you have chosen in the Endpoint field. |
The JSON output contains detailed information for specific endpoints retrieved from the Malwarebytes server, based on the endpoint ID or name have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Endpoint | Options based on which endpoints will be deleted from the Malwarebytes server. You must choose one of the following: Endpoint Name or Endpoint ID. |
Value | CSV list or a single endpoint name or a CSV list or a single endpoint ID that you want to delete from the Malwarebytes server, based on the endpoint option you have chosen in the Endpoint field. |
The JSON output contains the status of the delete endpoints operation that you have run on the Malwarebytes server.
Parameter | Description |
---|---|
Endpoint Types | Type of endpoint whose associated threats information you want to retrieve from the Malwarebytes server. You must choose one of the following: All Endpoints or Single Endpoint. |
Action Taken | Action that was taken on the threat, i.e., the current status of the threat whose information you want to retrieve from the Malwarebytes server. You must choose one of the following: Blocked, Cleaned Offline, Deleted, Found, Quarantined, or Restored. |
Category | Category of the threat whose information you want to retrieve from the Malwarebytes server. You must choose one of the following: Exploit, Malware, PUM, PUP, Ransomware, or Website. |
Start Index | (Optional) Index of the first item that this operation should return. This is optional query string parameter, and if you do not specify any value, then this defaults to 0 . |
Records Per Page | (Optional) Number of records that you want to retrieve per page. This is optional query string parameter, and if you do not specify any value, then this defaults to 25 . |
The JSON output contains a list and details of all threats detected on endpoints, retrieved from the Malwarebytes server, based on the endpoint type, and other input parameters you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Endpoint Types | Type of endpoint whose associated quarantined threats information you want to retrieve from the Malwarebytes server. You must choose one of the following: All Endpoints or Single Endpoint. |
Show last | Number of days for which you want to retrieve quarantined threats information from the Malwarebytes server. You can choose from one of the following: 1 Day, 7 Days, or 30 Days. |
Category | Category of the quarantined threat whose information you want to retrieve from the Malwarebytes server. You must choose one of the following: Exploit, PUM, PUP, or Ransomware. |
Start Index | (Optional) Index of the first item that this operation should return. This is optional query string parameter, and if you do not specify any value, then this defaults to 0 . |
Records Per Page | (Optional) Number of records that you want to retrieve per page. This is optional query string parameter, and if you do not specify any value, then this defaults to 25 . |
The JSON output contains a list and details of all quarantined threats detected on endpoints, retrieved from the Malwarebytes server, based on the endpoint type, and other input parameters you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Action | Action that you want to take for a quarantined threat on the Malwarebytes server. You must choose one of the following: Restore or Delete. |
Detection ID | CSV list of detection IDs based on which you want to manage quarantined threats on the Malwarebytes server. |
Endpoint | Options based on which quarantined threats associated with an endpoint will be managed on the Malwarebytes server. You must choose one of the following: Endpoint Name or Endpoint ID. |
Value | CSV list or a single endpoint name or a CSV list or a single endpoint ID whose quarantined threats you want to manage on the Malwarebytes server, based on the endpoint option you have chosen in the Endpoint field. |
Start Index | (Optional) Index of the first item that this operation should return. This is optional query string parameter, and if you do not specify any value, then this defaults to 0 . |
Records Per Page | (Optional) Number of records that you want to retrieve per page. This is optional query string parameter, and if you do not specify any value, then this defaults to 25 . |
The JSON output contains the status of the managed threats, retrieved from the Malwarebytes server, based on the detection ID, and other input parameters you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Severity | Severity based on which the you want to retrieve events from the Malwarebytes server. Note: If you do not specify any severity then details of all the events are retrieved from the Malwarebytes server. You can choose one of the following: Severe, Warning, Info, or Audit. |
Endpoint | Options based on which events information associated with an endpoint will be retrieved from the Malwarebytes server. You must choose one of the following: Endpoint Name or Endpoint ID. |
Value | Single endpoint name or a single endpoint ID whose events information you want to retrieve from the Malwarebytes server, based on the endpoint option you have chosen in the Endpoint field. |
Start Index | (Optional) Index of the first item that this operation should return. This is optional query string parameter, and if you do not specify any value, then this defaults to 0 . |
Records Per Page | (Optional) Number of records that you want to retrieve per page. This is optional query string parameter, and if you do not specify any value, then this defaults to 25 . |
The JSON output contains the list and details of all events associated with endpoints connected to the Malwarebytes server, based on endpoint name or endpoint ID you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Status | Status based on which the you want to retrieve tasks from the Malwarebytes server. Note: If you do not specify any status then details of all the events are retrieved from the Malwarebytes server. You can choose one of the following: Pending, Success, or Failure. |
Endpoint | Options based on which tasks information associated with an endpoint will be retrieved from the Malwarebytes server. You must choose one of the following: Endpoint Name or Endpoint ID. |
Value | Single endpoint name or a single endpoint ID whose tasks information you want to retrieve from the Malwarebytes server, based on the endpoint option you have chosen in the Endpoint field. |
Start Index | (Optional) Index of the first item that this operation should return. This is optional query string parameter, and if you do not specify any value, then this defaults to 0 . |
Records Per Page | (Optional) Number of records that you want to retrieve per page. This is optional query string parameter, and if you do not specify any value, then this defaults to 25 . |
The JSON output contains the list and details of all tasks associated with endpoints connected to the Malwarebytes server, based on endpoint name or endpoint ID you have specified.
Following image displays a sample output:
New Group Name | Name of the policy group that you want to create on the Malwarebytes server. |
Policy | Options based on which you want to add a policy to the new policy group that you want to create on the Malwarebytes server. You must choose one of the following: Policy Name or Policy ID. |
Value | Single policy name or a single policy ID that will be added to the policy group that you want to create on the Malwarebytes server, based on the policy option you have chosen in the Policy field. |
Create within an existing group | (Optional) If you want to add the new policy group to an existing group, then select the Existing group option from this field. |
Group | If you select Existing from the Create within an existing group field, then you must specify the group name or group ID in which you want to create the new policy group. This field specifies options based on which you want the newly created group to an existing group on the Malwarebytes server. You must choose one of the following: Group Name or Group ID. |
Value | Single group name or a single group ID to which the newly created policy group on the Malwarebytes server will be added, based on the group option you have chosen in the Group field. |
The JSON output contains the details of the policy group created on the Malwarebytes server, based on input parameters you have specified.
Following image displays a sample output:
None.
The JSON output contains a list of all policy groups details associated with endpoints connected to the Malwarebytes server.
Following image displays a sample output:
Parameter | Description |
---|---|
Group | Options based on which the group of policies will be deleted from the Malwarebytes server. You must choose one of the following: Group Name or Group ID. |
Value | Single policy group name or a single policy group ID that you want to delete from the Malwarebytes server, based on the group option you have chosen in the Group field. |
The JSON output contains the status of the delete group operation that you have run on the Malwarebytes server.
Following image displays a sample output:
Parameter | Description |
---|---|
Endpoint | Options based on which you want to assign the specified endpoint policy to a specific policy group on the Malwarebytes server. You must choose one of the following: Endpoint Name or Endpoint ID. |
Value | CSV list or a single policy endpoint name or a CSV list or a single endpoint group ID whose associated policy you want to assign to the specified policy group on the Malwarebytes server, based on the endpoint option you have chosen in the Endpoint field. |
Group | Options based on which you want to assign the specified endpoint policy to a specific policy group on the Malwarebytes server. You must choose one of the following: Group Name or Group ID. |
Value | CSV list or a single policy group name or a CSV list or a single policy group ID to which you want to assign the specified endpoint policy on the Malwarebytes server, based on the group option you have chosen in the Group field. |
The JSON output contains the status of the assign policy group operation, i.e., it displays which endpoint policy has been assigned to which policy group, on the Malwarebytes server.
Following image displays a sample output:
None.
The JSON output contains a list of all policies associated with endpoints connected to the Malwarebytes server.
Following image displays a sample output:
Parameter | Description |
---|---|
Policy | Options based on which the policy will be deleted from the Malwarebytes server. You must choose one of the following: Policy Name or Policy ID. |
Value | Single Policy name or a Single Policy ID that you want to delete from the Malwarebytes server, based on the policy option you have chosen in the Policy field. |
The JSON output contains the status of the delete policy operation that you have run on the Malwarebytes server.
Following image displays a sample output:
The Sample - Malwarebytes - 1.0.0
playbook collection comes bundled with the Malwarebytes connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Malwarebytes connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Malwarebytes is an anti-malware software for Microsoft Windows, MacOS, Android, and iOS that finds and removes malware.
This document provides information about the Malwarebytes connector, which facilitates automated interactions, with a Malwarebytes server using FortiSOAR™ playbooks. Add the Malwarebytes connector as a step in FortiSOAR™ playbooks and perform automated operations, such as scanning specified endpoints or retrieving information for a specified endpoint or a list of endpoints connected to Malwarebytes.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-malwarebytes
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Malwarebytes connector row, and in the Configuration tab enter the required configuration details.
Parameter | Description |
---|---|
API Server URL | API Server URL of the Malwarebytes server to which you will connect and perform automated operations. |
Username | Username used to connect to the Malwarebytes server to which you will connect and perform automated operations. |
Password | Password used to connect to the Malwarebytes server to which you will connect and perform automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True . |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Scan Endpoint | Scans one or more endpoints on the Malwarebytes server, based on the input (filter) parameters you have specified. | scan_endpoints Investigation |
Get Scan Result | Retrieves the scan history for endpoint(s) connected to the Malwarebytes server, based on the endpoint name and ID, and other input parameters you have specified. | get_scan_result Investigation |
Get Endpoints | Retrieves information about the endpoints connected to the Malwarebytes server, based on the input (filter) parameters you have specified. | get_endpoints Investigation |
Get Endpoint Details | Retrieves information about a specific endpoint connected to the Malwarebytes server, based on the endpoint name and ID you have specified. | get_endpoint_info Investigation |
Delete Endpoints | Deletes endpoints connected to the Malwarebytes server, based on the endpoint name or ID you have specified. | delete_endpoints Miscellaneous |
Get Threats | Retrieves a list and details of all threats detected on endpoints connected to the Malwarebytes server, based on the endpoint type, and other input parameters you have specified. | get_threats Investigation |
Get Quarantined Threats | Retrieves a list of all quarantined threats detected on endpoints connected to the Malwarebytes server, based on the endpoint type, and other input parameters you have specified. | get_threats Investigation |
Manage Quarantine Threats | Restores or deletes quarantined threats associated with endpoints connected to the Malwarebytes server, based on the detection ID and other input parameters you have specified. | manage_quarantine_threats Containment |
Get Events | Retrieves a list and details of all events associated with an endpoint connected to the Malwarebytes server, based on endpoint name or endpoint ID and severity you have specified. | get_events Investigation |
Get Tasks | Retrieves a list and details of all tasks associated with an endpoint connected to the Malwarebytes server, based on endpoint name or endpoint ID and status you have specified. | get_tasks Investigation |
Create Group | Adds a policy group on the Malwarebytes server, based on input parameters you have specified. | create_group Investigation |
Get Groups | Retrieves a list of all policy groups associated with endpoints connected to the Malwarebytes server. | get_groups Investigation |
Delete Group | Deletes a group of policies associated with endpoints connected to the Malwarebytes server, based on the group name or ID you have specified. | delete_group Miscellaneous |
Assign Policy Group | Assigns a specific endpoint policy to a specific policy group on the Malwarebytes server. | assign_policy_group Investigation |
Get Policies | Retrieves a list of all policies associated with endpoints connected to the Malwarebytes server. | get_policy Investigation |
Delete Policy | Deletes a policy associated with endpoints connected to the Malwarebytes server, based on the policy name or ID you have specified. | delete_policy Miscellaneous |
Parameter | Description |
---|---|
Action | Scan action that you want this operation to take on the endpoint on the Malwarebytes server. You can choose from one of the following actions: Scan + Report, Scan + Quarantine, Refresh Assets, or Check for Protection Updates. |
Endpoint | Options based on which endpoints will be scanned on the Malwarebytes server. You must choose one of the following: Endpoint Name or Endpoint ID. |
Value | CSV list or a single endpoint name or a CSV list or a single endpoint ID that you want to scan on the Malwarebytes server, based on the endpoint option you have chosen in the Endpoint field. For example, endpoint 1, endpoint 2 |
The JSON output contains the status of the scan that you have created on the Malwarebytes server.
Following image displays a sample output:
Parameter | Description |
---|---|
Endpoint | Options based on which scan results of endpoints will be retrieved from the Malwarebytes server. You must choose one of the following: Endpoint Name or Endpoint ID. |
Value | Single endpoint name or a Single endpoint ID whose scan results you want to retrieve from the Malwarebytes server, based on the endpoint option you have chosen in the Endpoint field. |
Show last | Number of days for which you want to retrieve scan results from the Malwarebytes server. You can choose from one of the following: 1 Day, 7 Days, or 30 Days. |
Threats | Filter based on which you want to retrieve scan results from the Malwarebytes servers. You can choose from one of the following: All Scans, Threats Found, or No Threats. |
Start Index | (Optional) Index of the first item that this operation should return. This is optional query string parameter, and if you do not specify any value, then this defaults to 0 . |
Records Per Page | (Optional) Number of records that you want to retrieve per page. This is optional query string parameter, and if you do not specify any value, then this defaults to 25 . |
The JSON output contains details of the scan result(s) retrieved from the Malwarebytes server, based on the endpoint ID or name and other input parameters you have specified.
Following image displays a sample output:
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
Filter Endpoints | Filter based on which the you want to retrieve endpoint details from the Malwarebytes server. Note: If you do not specify any filter then details of all the endpoints are retrieved from the Malwarebytes server. You can choose one of the following: All Endpoints, Online Endpoints, Offline Endpoints, or Offline 7+Days. |
Group | Group name or ID whose endpoint(s) member details you want to retrieve from the Malwarebytes server. Note: If you specify the group name or ID, then the details for only those endpoints who are members of the specified policy group will be retrieved from the Malwarebytes server. You can choose one of the following: Group Name or Group ID. |
Value | CSV list or a single group name or a CSV list or a single group ID whose endpoint details you want to retrieve from the Malwarebytes server, based on the group option you have chosen in the Group field. |
Search String | Query string based on which you want to retrieve endpoint details from the Malwarebytes server. Note: If you do not specify any query string then details of all the endpoints are retrieved from the Malwarebytes server. |
Start Index | (Optional) Index of the first item that this operation should return. This is optional query string parameter, and if you do not specify any value, then this defaults to 0 . |
Records Per Page | (Optional) Number of records that you want to retrieve per page. This is optional query string parameter, and if you do not specify any value, then this defaults to 25 . |
The JSON output contains a list of all endpoint details retrieved from the Malwarebytes server, based on the input parameters you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Endpoint | Options based on which details of the endpoints will be retrieved from the Malwarebytes server. You must choose one of the following: Endpoint Name or Endpoint ID. |
Value | Single endpoint name or a Single endpoint ID whose details you want to retrieve from the Malwarebytes server, based on the endpoint option you have chosen in the Endpoint field. |
The JSON output contains detailed information for specific endpoints retrieved from the Malwarebytes server, based on the endpoint ID or name have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Endpoint | Options based on which endpoints will be deleted from the Malwarebytes server. You must choose one of the following: Endpoint Name or Endpoint ID. |
Value | CSV list or a single endpoint name or a CSV list or a single endpoint ID that you want to delete from the Malwarebytes server, based on the endpoint option you have chosen in the Endpoint field. |
The JSON output contains the status of the delete endpoints operation that you have run on the Malwarebytes server.
Parameter | Description |
---|---|
Endpoint Types | Type of endpoint whose associated threats information you want to retrieve from the Malwarebytes server. You must choose one of the following: All Endpoints or Single Endpoint. |
Action Taken | Action that was taken on the threat, i.e., the current status of the threat whose information you want to retrieve from the Malwarebytes server. You must choose one of the following: Blocked, Cleaned Offline, Deleted, Found, Quarantined, or Restored. |
Category | Category of the threat whose information you want to retrieve from the Malwarebytes server. You must choose one of the following: Exploit, Malware, PUM, PUP, Ransomware, or Website. |
Start Index | (Optional) Index of the first item that this operation should return. This is optional query string parameter, and if you do not specify any value, then this defaults to 0 . |
Records Per Page | (Optional) Number of records that you want to retrieve per page. This is optional query string parameter, and if you do not specify any value, then this defaults to 25 . |
The JSON output contains a list and details of all threats detected on endpoints, retrieved from the Malwarebytes server, based on the endpoint type, and other input parameters you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Endpoint Types | Type of endpoint whose associated quarantined threats information you want to retrieve from the Malwarebytes server. You must choose one of the following: All Endpoints or Single Endpoint. |
Show last | Number of days for which you want to retrieve quarantined threats information from the Malwarebytes server. You can choose from one of the following: 1 Day, 7 Days, or 30 Days. |
Category | Category of the quarantined threat whose information you want to retrieve from the Malwarebytes server. You must choose one of the following: Exploit, PUM, PUP, or Ransomware. |
Start Index | (Optional) Index of the first item that this operation should return. This is optional query string parameter, and if you do not specify any value, then this defaults to 0 . |
Records Per Page | (Optional) Number of records that you want to retrieve per page. This is optional query string parameter, and if you do not specify any value, then this defaults to 25 . |
The JSON output contains a list and details of all quarantined threats detected on endpoints, retrieved from the Malwarebytes server, based on the endpoint type, and other input parameters you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Action | Action that you want to take for a quarantined threat on the Malwarebytes server. You must choose one of the following: Restore or Delete. |
Detection ID | CSV list of detection IDs based on which you want to manage quarantined threats on the Malwarebytes server. |
Endpoint | Options based on which quarantined threats associated with an endpoint will be managed on the Malwarebytes server. You must choose one of the following: Endpoint Name or Endpoint ID. |
Value | CSV list or a single endpoint name or a CSV list or a single endpoint ID whose quarantined threats you want to manage on the Malwarebytes server, based on the endpoint option you have chosen in the Endpoint field. |
Start Index | (Optional) Index of the first item that this operation should return. This is optional query string parameter, and if you do not specify any value, then this defaults to 0 . |
Records Per Page | (Optional) Number of records that you want to retrieve per page. This is optional query string parameter, and if you do not specify any value, then this defaults to 25 . |
The JSON output contains the status of the managed threats, retrieved from the Malwarebytes server, based on the detection ID, and other input parameters you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Severity | Severity based on which the you want to retrieve events from the Malwarebytes server. Note: If you do not specify any severity then details of all the events are retrieved from the Malwarebytes server. You can choose one of the following: Severe, Warning, Info, or Audit. |
Endpoint | Options based on which events information associated with an endpoint will be retrieved from the Malwarebytes server. You must choose one of the following: Endpoint Name or Endpoint ID. |
Value | Single endpoint name or a single endpoint ID whose events information you want to retrieve from the Malwarebytes server, based on the endpoint option you have chosen in the Endpoint field. |
Start Index | (Optional) Index of the first item that this operation should return. This is optional query string parameter, and if you do not specify any value, then this defaults to 0 . |
Records Per Page | (Optional) Number of records that you want to retrieve per page. This is optional query string parameter, and if you do not specify any value, then this defaults to 25 . |
The JSON output contains the list and details of all events associated with endpoints connected to the Malwarebytes server, based on endpoint name or endpoint ID you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Status | Status based on which the you want to retrieve tasks from the Malwarebytes server. Note: If you do not specify any status then details of all the events are retrieved from the Malwarebytes server. You can choose one of the following: Pending, Success, or Failure. |
Endpoint | Options based on which tasks information associated with an endpoint will be retrieved from the Malwarebytes server. You must choose one of the following: Endpoint Name or Endpoint ID. |
Value | Single endpoint name or a single endpoint ID whose tasks information you want to retrieve from the Malwarebytes server, based on the endpoint option you have chosen in the Endpoint field. |
Start Index | (Optional) Index of the first item that this operation should return. This is optional query string parameter, and if you do not specify any value, then this defaults to 0 . |
Records Per Page | (Optional) Number of records that you want to retrieve per page. This is optional query string parameter, and if you do not specify any value, then this defaults to 25 . |
The JSON output contains the list and details of all tasks associated with endpoints connected to the Malwarebytes server, based on endpoint name or endpoint ID you have specified.
Following image displays a sample output:
New Group Name | Name of the policy group that you want to create on the Malwarebytes server. |
Policy | Options based on which you want to add a policy to the new policy group that you want to create on the Malwarebytes server. You must choose one of the following: Policy Name or Policy ID. |
Value | Single policy name or a single policy ID that will be added to the policy group that you want to create on the Malwarebytes server, based on the policy option you have chosen in the Policy field. |
Create within an existing group | (Optional) If you want to add the new policy group to an existing group, then select the Existing group option from this field. |
Group | If you select Existing from the Create within an existing group field, then you must specify the group name or group ID in which you want to create the new policy group. This field specifies options based on which you want the newly created group to an existing group on the Malwarebytes server. You must choose one of the following: Group Name or Group ID. |
Value | Single group name or a single group ID to which the newly created policy group on the Malwarebytes server will be added, based on the group option you have chosen in the Group field. |
The JSON output contains the details of the policy group created on the Malwarebytes server, based on input parameters you have specified.
Following image displays a sample output:
None.
The JSON output contains a list of all policy groups details associated with endpoints connected to the Malwarebytes server.
Following image displays a sample output:
Parameter | Description |
---|---|
Group | Options based on which the group of policies will be deleted from the Malwarebytes server. You must choose one of the following: Group Name or Group ID. |
Value | Single policy group name or a single policy group ID that you want to delete from the Malwarebytes server, based on the group option you have chosen in the Group field. |
The JSON output contains the status of the delete group operation that you have run on the Malwarebytes server.
Following image displays a sample output:
Parameter | Description |
---|---|
Endpoint | Options based on which you want to assign the specified endpoint policy to a specific policy group on the Malwarebytes server. You must choose one of the following: Endpoint Name or Endpoint ID. |
Value | CSV list or a single policy endpoint name or a CSV list or a single endpoint group ID whose associated policy you want to assign to the specified policy group on the Malwarebytes server, based on the endpoint option you have chosen in the Endpoint field. |
Group | Options based on which you want to assign the specified endpoint policy to a specific policy group on the Malwarebytes server. You must choose one of the following: Group Name or Group ID. |
Value | CSV list or a single policy group name or a CSV list or a single policy group ID to which you want to assign the specified endpoint policy on the Malwarebytes server, based on the group option you have chosen in the Group field. |
The JSON output contains the status of the assign policy group operation, i.e., it displays which endpoint policy has been assigned to which policy group, on the Malwarebytes server.
Following image displays a sample output:
None.
The JSON output contains a list of all policies associated with endpoints connected to the Malwarebytes server.
Following image displays a sample output:
Parameter | Description |
---|---|
Policy | Options based on which the policy will be deleted from the Malwarebytes server. You must choose one of the following: Policy Name or Policy ID. |
Value | Single Policy name or a Single Policy ID that you want to delete from the Malwarebytes server, based on the policy option you have chosen in the Policy field. |
The JSON output contains the status of the delete policy operation that you have run on the Malwarebytes server.
Following image displays a sample output:
The Sample - Malwarebytes - 1.0.0
playbook collection comes bundled with the Malwarebytes connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Malwarebytes connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.