Minimum configuration required for basic pulling
Although this collector supports advanced configuration, the fields required to retrieve data with basic configuration are defined below.
Configuration requierements
This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.
Setting | Details |
---|---|
| Credential client ID. |
| Credential client secret. |
| Credential account ID. |
| Credential API base url. |
See the Accepted authentication methods section to verify what settings are required based on the desired authentication method.
Overview
Malwarebytes Nebula is a cloud-hosted security operations platform that allows you to manage control of any malware or ransomware incident
Devo collector features
Feature | Details |
---|---|
Allow parallel downloading ( |
|
Running environments |
|
Populated Devo events |
|
Flattening preprocessing |
|
Data sources
Data Source | Description | API Endpoint | Collector service name | Devo Table | Available from release |
Notifications | Malwarebytes Nebula can notify you when certain events occur, such as when real-time protection or scheduled scans detect threats, or if a new endpoint registers to your console. |
| notifications |
| v1.0.0 |
Detection | The Detections section in Malwarebytes Nebula displays information on all threats, and potential threats, with the action taken for each item found on endpoints in your environment |
| detections |
| v1.0.0 |
Events | Event is a general term for a threat that has occurred, remediation or other action taken on a threat, and other endpoint-related activity. |
| events |
| v1.0.0 |
Vulnerability Management | shows vulnerabilities for installed software and operating systems on managed endpoints. |
| vulnerability_management |
| v1.0.0 |
Suspicious activity | Suspicious Activity Monitoring is a feature included in Malwarebytes Endpoint Detection and Response |
| suspicious_activity |
| v1.0.0 |
DNS Logs Data | Logs of Dns data |
| dns_log_data |
| v1.0.0 |
Vendor setup
There are some steps you need to follow to run the collector.
Accepted authentication methods
Authentication Method | Username | Password |
| REQUIRED | REQUIRED |
| REQUIRED | REQUIRED |
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).
Collector services detail
This section is intended to explain how to proceed with specific actions for services.
Events service
Vulnerability management service
Collector operations
This section is intended to explain how to proceed with specific operations of this collector.
Change log for v1.x.x
Release | Released on | Release type | Details | Recommendations |
---|---|---|---|---|
| Jan 1, 1990 | NEW FEATURE BUG FIXVULNIMPROVEMENT | New features:
Improvements:
Bug Fixes:
Vulnerabilities Mitigation:
|
|