About the connector
Malwarebytes is an anti-malware software for Microsoft Windows, MacOS, Android, and iOS that finds and protects endpoints against malware, ransomware, and other advanced online threats.
This document provides information about the Malwarebytes connector, which facilitates automated interactions, with a Malwarebytes server using FortiSOAR™ playbooks. Add the Malwarebytes connector as a step in FortiSOAR™ playbooks and perform automated operations, such as scanning specified endpoints or retrieving information for a specified endpoint or a list of endpoints connected to Malwarebytes.
Version information
Connector Version: 2.0.0
Authored By: Community
Certified: No
Release Notes for version 2.0.0
Following enhancements have been made to the Malwarebytes Connector in version 2.0.0:
- Updated the authentication from "Basic Auth" to OAuth2-based authentication.
- All the operations and playbooks have been updated or newly added. The output schemas for all the operations have also been updated.
Installing the connector
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-malwarebytes
Prerequisites to configuring the connector
- You must have the URL of the Malwarebytes API server to which you will connect and perform automated operations and credentials such as the account ID, client ID, etc. needed to access that API server.
- The FortiSOAR™ server should have outbound connectivity to port 443 on the Malwarebytes API server.
Minimum Permissions Required
Configuring the connector
For the procedure to configure a connector, click here.
Configuration parameters
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Malwarebytes connector card. On the connector popup, click the Configurations tab to enter the required configuration details.
| Parameter |
Description |
| API Server URL |
Specify the Malwarebytes API server URL to which you will connect and perform the automated operations. |
| Account ID |
Specify the ID of your Malwarebytes account using which you can connect to Malwarebytes and perform automated operations. |
| Client ID |
Specify the client ID using which you can connect to Malwarebytes and perform automated operations. |
| Client Secret |
Specify the client Secret using which you can connect to Malwarebytes and perform automated operations. |
| Scope |
Select the scope of access that you want to allow to FortiSOAR. You can choose one or more of the following options: Read, Write, or Execute. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks and you can also use the annotations to access operations:
| Function |
Description |
Annotation and Category |
| Get Endpoints |
Retrieves all endpoints or specific endpoints connected to Malwarebytes based on the input parameters you have specified. |
get_endpoints
Investigation |
| Get Endpoint Details |
Retrieves information about a specific endpoint connected to Malwarebytes based on the endpoint ID you have specified. |
get_endpoint_details
Investigation |
| Get Endpoint Status |
Retrieves the status of a specific endpoint connected to Malwarebytes based on the endpoint ID you have specified. |
get_endpoint_status
Investigation |
| Get Endpoint Agent Info |
Retrieves agent information of a specified endpoint from Malwarebytes based on the endpoint ID you have specified. |
get_endpoint_agent_info
Investigation |
| Get Endpoint Assets |
Retrieves information about the assets of a specific endpoint connected to Malwarebytes based on the endpoint ID you have specified |
get_endpoint_assets
Investigation |
| Get Endpoint Network Info |
Retrieves the network information of a specific endpoint connected to Malwarebytes based on the endpoint ID you have specified. |
get_endpoint_network_info
Investigation |
| Scan Endpoints |
Scans one or more specific endpoints connected to Malwarebytes based on the action and endpoint ID you have specified |
scan_endpoints
Investigation |
| Get Scan Result |
Retrieves the scan history of a specific endpoint connected to Malwarebytes based on the endpoint ID and other input parameters you have specified. |
get_scan_result
Investigation |
| Quarantine Endpoints |
Quarantines specified endpoints connected to Malwarebytes based on the comma-separated list of endpoint IDs you have specified. |
quarantine_endpoints
Investigation |
| Unquarantine Endpoints |
Unquarantines specified endpoints connected to Malwarebytes based on the comma-separated list of endpoint IDs you have specified. |
unquarantine_endpoints
Investigation |
| Get Endpoint Suspicious Activities |
Retrieves suspicious activities of the specified endpoint from Malwarebytes based on the endpoint ID and other input parameters you have specified. |
get_endpoint_suspicious_activities
Investigation |
| Remediate Endpoint Suspicious Activity |
Remediates the suspicious activity on the specified endpoint connected to Malwarebytes based on the endpoint ID and suspicious activity ID you have specified. |
remediate_endpoint_suspicious_activity
Investigation |
| Update Endpoint Suspicious Activity |
Updates the status of the specified suspicious activity of the specified endpoint to either Open or Close based on the endpoint ID, suspicious activity ID, and status you have specified. |
update_endpoint_suspicious_activity
Investigation |
| Get Endpoint Quarantined Items |
Retrieves quarantined items of the specified endpoint from Malwarebytes based on the endpoint ID you have specified. |
get_endpoint_quarantined_items
Investigation |
| Assign Group to Endpoints |
Assigns specific group to endpoints connected to Malwarebytes based on the group ID and other input parameters you have specified. |
assign_group_to_endpoints
Investigation |
| Delete Endpoints |
Deletes endpoints connected to Malwarebytes based on the comma-separated list of endpoint IDs you have specified. |
delete_endpoints
Investigation |
| Get Events |
Retrieves a list of all events or specific events from Malwarebytes based on the input parameters you have specified. |
get_events
Investigation |
| Get Tasks |
Retrieves a list of all tasks or specific tasks from Malwarebytes based on the input parameters you have specified. |
get_tasks
Investigation |
| Create Group |
Creates a policy group in Malwarebytes based on the name of the policy group, policy ID to be applied to the group, and other input parameters you have specified. |
create_group
Investigation |
| Get Groups |
Retrieves a list of all policy groups or specific policy groups, which are associated with endpoints connected to Malwarebytes, from Malwarebytes based on the input parameters you have specified. |
get_groups
Investigation |
| Delete Group |
Deletes a policy group associated with endpoints connected to Malwarebytes based on the group ID you have specified. |
delete_group
Investigation |
| Create Policy |
Creates a new policy in Malwarebytes based on the policy name and contents you have specified. |
create_policy
Investigation |
| Get Policies |
Retrieves a list of all policies or specific policies, which are associated with endpoints connected to Malwarebytes, from Malwarebytes based on the policy ID you have specified. |
get_policies
Investigation |
| Delete Policy |
Deletes a specific policy from Malwarebytes based on the policy ID you have specified. |
delete_policy
Investigation |
operation: Get Endpoints
Input parameters
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of endpoints) is returned.
| Parameter |
Description |
| Endpoint ID |
Specify the endpoint ID using which you want to filter endpoints retrieved from Malwarebytes. |
| Isolated |
Select this option to filter endpoints retrieved from Malwarebytes to only isolated endpoints. |
| Has Alerts |
Select this option to filter endpoints retrieved from Malwarebytes to only those endpoints that have associated alerts. |
| Policy ID |
Specify the policy ID using which you want to filter endpoints retrieved from Malwarebytes. |
| Policy Name |
Specify the policy name using which you want to filter endpoints retrieved from Malwarebytes. |
| Host Name |
Specify the hostname using which you want to filter endpoints retrieved from Malwarebytes. |
| OS Platform |
Specify the OS platform type using which you want to filter endpoints retrieved from Malwarebytes. |
| Domain Name |
Specify the domain name using which you want to filter endpoints retrieved from Malwarebytes. |
| Group Name |
Specify the group name using which you want to filter endpoints retrieved from Malwarebytes. |
| Endpoint IP Address |
Specify the endpoint IP address using which you want to filter endpoints retrieved from Malwarebytes. |
| Page Size |
Specify the page size, i.e., the number of endpoints, per request, you want to retrieve from Malwarebytes. |
| Next Cursor |
Specify the pagination cursor for the next set of results. |
| Extra Query Params |
Specify any additional query parameters, in the JSON format, using which you want to filter endpoints retrieved from Malwarebytes. For more information, see https://api.malwarebytes.com/nebula/v1/docs#operation/api.v2.nebula.post.endpoints. |
Output
The output contains the following populated JSON schema:
{
"aggregations": {},
"endpoints": [
{
"link": "",
"protection_status": "",
"display_name": "",
"agent": {
"is_software_update_available": "",
"has_alerts": "",
"last_user": "",
"at": "",
"machine_id": "",
"account_id": "",
"group_id": "",
"nics": [
{
"ips": [],
"description": "",
"mac_address": ""
}
],
"os_info": {
"os_type": "",
"os_version": "",
"os_platform": "",
"os_architecture": "",
"os_release_name": ""
},
"domain_name": "",
"host_name": "",
"fully_qualified_host_name": "",
"object_guid": "",
"plugins": {
"incident_response": {
"product_name": "",
"plugin_version": "",
"update_package_version": "",
"component_package_version": "",
"alerts": {
"codes": []
}
},
"endpoint_protection": {
"sdk_version": "",
"product_name": "",
"plugin_version": "",
"update_package_version": "",
"component_package_version": "",
"alerts": {
"codes": []
}
},
"asset_manager": {
"product_name": "",
"plugin_version": "",
"alerts": {
"codes": []
}
},
"endpoint_detection_and_response": {
"product_name": "",
"plugin_version": "",
"alerts": {
"codes": []
}
}
},
"engine_version": "",
"policy_etag": "",
"version": "",
"document_id": "",
"machine_ip": "",
"source_location": {
"city": "",
"country": "",
"country_iso": "",
"continent": "",
"accuracy_radius": "",
"point": {
"lat": "",
"lon": ""
},
"time_zone": "",
"postal_code": "",
"subdivisions": [],
"anonymous_proxy": ""
},
"serial_number": ""
},
"machine": {
"id": "",
"job": {},
"account": {},
"online": "",
"account_id": "",
"group_id": "",
"root_group_id": "",
"group_name": "",
"policy_id": "",
"policy_name": "",
"last_day_seen": "",
"isolated": "",
"scan_age_days": "",
"suspicious_activity_count": "",
"infection_count": "",
"reboot_required": "",
"last_scanned_at": "",
"is_deleted": "",
"version": "",
"document_id": "",
"created_at": ""
},
"machineVersion": ""
}
],
"total_count": "",
"next_cursor": "",
"after": ""
}
operation: Get Endpoint Details
Input parameters
| Parameter |
Description |
| Endpoint ID |
Specify the endpoint ID for which you want to retrieve details from Malwarebytes. |
Output
The output contains the following populated JSON schema:
{
"id": "",
"policy_id": "",
"group_id": "",
"name": "",
"online": "",
"is_deleted": "",
"os_architecture": "",
"os_platform": "",
"os_release_name": "",
"last_seen_at": "",
"tags": {},
"stats": {}
}
operation: Get Endpoint Status
Input parameters
| Parameter |
Description |
| Endpoint ID |
Specify the endpoint ID whose status you want to retrieve from Malwarebytes. |
Output
The output contains the following populated JSON schema:
{
"remediation_required": {
"status": "",
"infection_count": "",
"job_state": ""
},
"reboot_required": {
"status": "",
"reasons": "",
"job_id": "",
"job_state": ""
},
"suspicious_activity": {
"status": "",
"count": ""
},
"isolation": {
"status": "",
"process": "",
"network": "",
"desktop": ""
},
"scan_needed": {
"status": "",
"last_scanned_at": ""
}
}
operation: Get Endpoint Agent Info
Input parameters
| Parameter |
Description |
| Endpoint ID |
Specify the endpoint ID whose agent information you want to retrieve from Malwarebytes. |
Output
The output contains the following populated JSON schema:
{
"agent_info": "",
"last_seen_at": "",
"agent_info_last_updated_at": ""
}
operation: Get Endpoint Assets
Input parameters
| Parameter |
Description |
| Endpoint ID |
Specify the endpoint ID for which you want to retrieve asset information from Malwarebytes. |
Output
The output contains the following populated JSON schema:
{
"startups": [
{
"key": "",
"name": ""
}
],
"os_info": {
"os_platform": "",
"os_architecture": "",
"os_version": "",
"os_release_name": "",
"os_type": ""
},
"computer_info": {
"manufacturer": "",
"model": ""
},
"software_installed": [
{
"vendor": "",
"product": "",
"version": ""
}
],
"nics": [
{
"mac_address": "",
"description": "",
"ips": []
}
],
"updates_installed": [
{
"title": ""
}
],
"culture": "",
"dhcp_scope_name": "",
"time_zone": "",
"host_name": "",
"fully_qualified_host_name": "",
"plugin_version": "",
"updates_available": [
{
"category": "",
"date": "",
"description": "",
"kb_id": "",
"product": "",
"reboot_required": "",
"security_update_id": "",
"severity": "",
"size": "",
"title": "",
"vendor": ""
}
]
}
operation: Get Endpoint Network Info
Input parameters
| Parameter |
Description |
| Endpoint ID |
Specify the endpoint ID for which you want to retrieve network information from Malwarebytes. |
Output
The output contains the following populated JSON schema:
{
"nics": [
{
"ips": [],
"description": "",
"mac_address": ""
}
],
"host_name": "",
"fully_qualified_host_name": "",
"last_seen_at": "",
"agent_info_last_updated_at": ""
}
operation: Scan Endpoints
Input parameters
| Parameter |
Description |
| Action |
Select the action that you want to perform on the specified endpoints. You can choose between Scan + Report, Scan + Quarantine, Refresh Assets, or Check for Protection Updated. |
| Endpoint IDs |
Specify a comma-separated list of endpoint IDs that you want to scan. |
Output
The output contains the following populated JSON schema:
{
"jobs": [
{
"machine_id": "",
"job_id": ""
}
],
"total_count": ""
}
operation: Get Scan Result
Input parameters
| Parameter |
Description |
| Endpoint ID |
Specify the endpoint ID whose scan history you want to retrieve from Malwarebytes |
| From |
Select the DateTime from when you want to retrieve the scan history from Malwarebytes. |
| Next Cursor |
(Optional) Specify the pagination cursor for the next set of results. |
Output
The output contains the following populated JSON schema:
{
"id": "",
"deleted_count": "",
"duration_seconds": "",
"found_count": "",
"from_cloud": "",
"machine_id": "",
"machine_name": "",
"ondemand": "",
"os_platform": "",
"quarantined_count": "",
"reported_at": "",
"scan_type": "",
"started_at": "",
"started_at_local": "",
"total_count": ""
}
operation: Quarantine Endpoints
Input parameters
| Parameter |
Description |
| Endpoint IDs |
Specify a comma-separated list of endpoint IDs that you want to quarantine. |
Output
The output contains the following populated JSON schema:
{
"jobs": [
{
"machine_id": "",
"job_id": ""
}
],
"total_count": ""
}
operation: Unquarantine Endpoints
Input parameters
| Parameter |
Description |
| Endpoint IDs |
Specify a comma-separated list of endpoint IDs that you want to unquarantine. |
Output
The output contains the following populated JSON schema:
{
"jobs": [
{
"machine_id": "",
"job_id": ""
}
],
"total_count": ""
}
operation: Get Endpoint Suspicious Activities
Input parameters
| Parameter |
Description |
| Endpoint ID |
Specify the endpoint ID for which you want to retrieve suspicious activities from Malwarebytes. |
| From |
Select the DateTime from when you want to retrieve suspicious activities from Malwarebytes. |
| Page Size |
(Optional) Specify the page size, i.e., the number of endpoints, per request, you want to retrieve from Malwarebytes. |
| Next Cursor |
(Optional) Specify the pagination cursor for the next set of results. |
Output
The output contains the following populated JSON schema:
{
"sa": [
{
"detection_id_list": [
""
],
"status": "",
"timestamp": "",
"path": "",
"pc_hostname": "",
"machine_id": "",
"account_id": "",
"closed": "",
"level": "",
"detected_by_count": ""
}
],
"total_count": "",
"next_cursor": ""
}
operation: Remediate Endpoint Suspicious Activity
Input parameters
| Parameter |
Description |
| Endpoint ID |
Specify the endpoint ID whose suspicious activity you want to remediate. |
| Suspicious Activity ID |
Specify the ID of the suspicious activity ID you want to remediate. |
Output
The output contains a non-dictionary value.
operation: Update Endpoint Suspicious Activity
Input parameters
| Parameter |
Description |
| Endpoint ID |
Specify the endpoint ID whose suspicious activity status you want to update. |
| Suspicious Activity ID |
Specify the ID of the suspicious activity ID whose status you want to update |
| Status |
Select the status that you want to set for the specified suspicious activity. You can choose between Open or Close. |
Output
The output contains the following populated JSON schema:
{
"result": ""
}
operation: Get Endpoint Quarantined Items
Input parameters
| Parameter |
Description |
| Endpoint ID |
Specify the endpoint ID for which you want to retrieve quarantined items from Malwarebytes. |
Output
The output contains the following populated JSON schema:
{
"quarantined_threats": [
{
"id": "",
"scan_id": "",
"machine_id": "",
"machine_name": "",
"group_id": "",
"detection_id": "",
"scanned_at": "",
"scanned_at_local": "",
"reported_at": "",
"threat_name": "",
"type": [],
"path": "",
"category": "",
"ip_address": "",
"url": "",
"port": ""
}
],
"total_count": "",
"next_cursor": ""
}
operation: Assign Group to Endpoints
Input parameters
| Parameter |
Description |
| Group ID |
Specify the group ID that you want to assign to the endpoints connected to Malwarebytes. |
| Endpoint IDs |
(Optional) Specify a comma-separated list of endpoints that you want to assign to the specified group. |
| Filter Query |
(Optional) Specify a query to filter endpoints connected to Malwarebytes. For more information, see https://api.malwarebytes.com/nebula/v1/docs#operation/api.v2.nebula.post.groups.bulk. |
Output
The output contains the following populated JSON schema:
{
"moved": [],
"errors": [
{
"id": "",
"account_id": "",
"account_ids": []
}
]
}
operation: Delete Endpoints
Input parameters
| Parameter |
Description |
| Endpoint IDs |
Specify a comma-separated list of endpoint IDs that you want to delete from Malwarebytes. |
Output
The output contains the following populated JSON schema:
{
"result": ""
}
operation: Get Events
Input parameters
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of events) is returned.
| Parameter |
Description |
| Search String |
Specify a search string using which you want to filter events retrieved from Malwarebytes. |
| Endpoint ID |
Specify the endpoint ID (machine_id/endpoint_id) using which you want to filter events retrieved from Malwarebytes. |
| From |
Select the DateTime from when you want to filter events retrieved from Malwarebytes. |
| To |
Select the DateTime till when you want to filter events retrieved from Malwarebytes. |
| Severity |
Select the severity using which you want to filter events retrieved from Malwarebytes. You can choose from the following options: All, Audit, Info, Severe, or Warning. |
| Next Cursor |
Specify the pagination cursor for the next set of results. |
Output
The output contains the following populated JSON schema:
{
"events": [
{
"id": "",
"machine_id": "",
"user_id": "",
"source": "",
"source_name": "",
"type": "",
"type_name": "",
"friendly_type": "",
"severity": "",
"severity_name": "",
"details": {
"message": "",
"filename": "",
"name": "",
"user_email": "",
"user_name": "",
"user_role": ""
},
"timestamp": ""
}
],
"total_count": "",
"next_cursor": ""
}
operation: Get Tasks
Input parameters
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of events) is returned.
| Parameter |
Description |
| Task ID |
Specify a single job ID using which you want to filter events retrieved from Malwarebytes. |
| Endpoint Name |
Specify the endpoint name using which you want to filter events retrieved from Malwarebytes. |
| Endpoint ID |
Specify the endpoint ID (machine_id/endpoint_id) using which you want to filter tasks retrieved from Malwarebytes. |
| Status |
Select the status using which you want to filter tasks retrieved from Malwarebytes. You can choose from the following options: All, Created, Sent, Received, Started, Timed Out, Complete, Expired, or Failed. |
| Result Size |
Specify the page size, i.e., the number of endpoints, per request, you want to retrieve from Malwarebytes. |
| Next Cursor |
Specify the pagination cursor for the next set of results. |
Output
The output contains the following populated JSON schema:
{
"jobs": [
{
"id": "",
"account_id": "",
"account_name": "",
"command": "",
"data": "",
"expires_at": "",
"issued_at": "",
"issued_by": "",
"issued_by_email": "",
"issued_by_name": "",
"machine_id": "",
"machine_name": "",
"status": "",
"updated_at": "",
"relay_state": "",
"tags": {
"alias": ""
}
}
],
"total_count": "",
"next_cursor": ""
}
operation: Create Group
Input parameters
| Parameter |
Description |
| Group Name |
Specify the name of the policy group that you want to create in Malwarebytes. |
| Policy ID |
Specify the ID of the policy to be applied to the group that you want to create in Malwarebytes. |
| Parent ID |
Specify the ID of the parent group to be applied to the group that you want to create in Malwarebytes. |
Output
The output contains the following populated JSON schema:
{
"id": "",
"account_id": "",
"name": "",
"machines_count": "",
"policy_id": "",
"policy_name": "",
"updated_at": "",
"is_default": "",
"schedule_ids": [],
"parent_id": "",
"root_id": "",
"child_group_count": ""
}
operation: Get Groups
Input parameters
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of events) is returned.
| Parameter |
Description |
| Group Name |
Specify the name of the policy group using which you want to filter groups retrieved from Malwarebytes. |
| Parent ID |
Specify the ID of the parent group using which you want to filter groups retrieved from Malwarebytes. |
| Next Cursor |
Specify the pagination cursor for the next set of results. |
Output
The output contains the following populated JSON schema:
{
"id": "",
"account_id": "",
"name": "",
"machines_count": "",
"policy_id": "",
"policy_name": "",
"updated_at": "",
"is_default": "",
"schedule_ids": [],
"parent_id": "",
"root_id": "",
"child_group_count": ""
}
operation: Delete Group
Input parameters
| Parameter |
Description |
| Group ID |
Specify the ID of the policy group that you want to delete from Malwarebytes. |
Output
The output contains the following populated JSON schema:
{
"result": ""
}
operation: Create Policy
Input parameters
| Parameter |
Description |
| Policy Name |
Specify the name of the policy that you want to create in Malwarebytes. |
| Contents |
Specify the contents of the policy (in the JSON format) that you want to create in Malwarebytes. |
Output
The output contains the following populated JSON schema:
{
"id": "",
"account_id": "",
"etag": "",
"name": "",
"expire_endpoints": "",
"contents": {},
"created_at": "",
"updated_at": "",
"migrated_at": "",
"is_default": "",
"deny_edit": "",
"groups": [
{
"id": "",
"account_id": "",
"name": "",
"machines_count": "",
"policy_id": "",
"policy_name": "",
"updated_at": "",
"is_default": "",
"schedule_ids": [],
"parent_id": "",
"root_id": "",
"child_group_count": ""
}
],
"exclusions": [
{
"id": "",
"etag": "",
"type": "",
"value": "",
"enabled": "",
"comment": "",
"created_at": "",
"updated_at": "",
"created_by": "",
"updated_by": "",
"exclude_from": {},
"friendly_name": "",
"account_level": "",
"policies": [
{
"id": "",
"name": ""
}
]
}
],
"secret_hash": ""
}
operation: Get Policies
Input parameters
| Parameter |
Description |
| Policy ID |
Specify the ID of the policy associated with endpoints connected to Malwarebytes whose details you want to retrieve from Malwarebytes.
Note: If you do not specify any policy ID then all the policies associated with endpoints connected to Malwarebytes are retrieved. |
Output
The output contains the following populated JSON schema:
{
"id": "",
"account_id": "",
"etag": "",
"name": "",
"expire_endpoints": "",
"contents": {},
"created_at": "",
"updated_at": "",
"migrated_at": "",
"is_default": "",
"deny_edit": "",
"groups": [
{
"id": "",
"account_id": "",
"name": "",
"machines_count": "",
"policy_id": "",
"policy_name": "",
"updated_at": "",
"is_default": "",
"schedule_ids": [],
"parent_id": "",
"root_id": "",
"child_group_count": ""
}
],
"exclusions": [
{
"id": "",
"etag": "",
"type": "",
"value": "",
"enabled": "",
"comment": "",
"created_at": "",
"updated_at": "",
"created_by": "",
"updated_by": "",
"exclude_from": {},
"friendly_name": "",
"account_level": "",
"policies": [
{
"id": "",
"name": ""
}
]
}
],
"secret_hash": ""
}
operation: Delete Policy
Input parameters
| Parameter |
Description |
| Policy ID |
Specify the ID of the policy that you want to delete from Malwarebytes |
Output
The output contains the following populated JSON schema:
{
"result": ""
}
Included playbooks
The Sample - Malwarebytes - 2.0.0 playbook collection comes bundled with the Malwarebytes connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Malwarebytes connector.
- Assign Group to Endpoints
- Create Group
- Create Policy
- Delete Endpoints
- Delete Group
- Delete Policy
- Get Endpoint Agent Info
- Get Endpoint Assets
- Get Endpoint Details
- Get Endpoint Network Info
- Get Endpoint Quarantined Items
- Get Endpoint Status
- Get Endpoint Suspicious Activities
- Get Endpoints
- Get Events
- Get Groups
- Get Policies
- Get Scan Result
- Get Tasks
- Quarantine Endpoints
- Remediate Endpoint Suspicious Activity
- Scan Endpoints
- Unquarantine Endpoints
- Update Endpoint Suspicious Activity
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
