MalwareBytes Endpoint Protection

MalwareBytes is software installed on your assets that detects malware and viruses. You can connect MalwareBytes to send its data to InsightIDR in order to more quickly detect suspicious files on your Windows assets.

To do so:

Configure MalwareBytes Logging

You must be an Administrator to configure syslog logging for this application.

You can configure MalwareBytes to send its log to syslog following the instructions on page 33 of this guide: https://de.malwarebytes.com/pdf/guides/MBQSG.pdf

To configure syslog logging as an admin:

  1. Log in to the MalwareBytes interface.
  2. On the left menu, select the Settings page.
  3. Select the Syslog Logging page.
  4. Select which Windows Endpoint should send its log to a syslog server.
  5. Provide information for the IP address/host, port, protocol, message severity, and communication interval (where the default is five minutes).
  6. Click the Save button.

Configure MalwareBytes Event Source

After you configure logging in your application, you can configure this event source in InsightIDR.

  1. From your dashboard, select Data Collection on the left navigation menu.
  2. When the Data Collection page appears, click the Setup Event Source dropdown and choose Add Event Source.
  3. From the “Security Data” section, click the Virus Scan icon. The “Add Event Source” panel appears.
  4. Choose your collector and event source. If you want, you can also name your event source.
  5. Choose the timezone that matches the location of your event source logs.
  6. Optionally choose to send unfiltered logs.
  7. Configure your default domain or add a new domain.
  8. Select syslog and specify a port and a protocol.
    • Optionally choose to Encrypt the event source if choosing TCP by downloading the Rapid7 Certificate.
  9. Click the Save button.