Export data with the Malwarebytes Cloud Excel Addin

Document created by lwei Employee on Sep 12, 2018Last modified by lwei Employee on Nov 15, 2018
Version 29Show Document
  • View in full screen mode

 

What's This?

The Malwarebytes Cloud server collects a rich set of information from the endpoints and a common request we get is to turn this data into useful information. Malwarebytes provides a complete set of RESTful APIs for this purpose. The Management Console uses these same APIs to extract the data. However, it does require some scripting and technical work to make the data useful.

 

To make this easier for our customers, we have introduced the Malwarebytes Excel Addin, which provides easy access to import data directly into Microsoft Excel.

 

Note: There is a corresponding addin for Malwarebytes On-Prem MBES deployment.

 

Video

Watch a 4 minute video tour of the Excel Addin.
Video on YouTube

 

Requirements

 

Installation

Download and install the Addin. Latest version is v1.7.6.

 

Support

This is a user community shared utility.

Please post questions and comments on this Forum thread.

You can also send requests to the author directly. 

 

Features

  • Extract and import most of the Malwarebytes Cloud server object such as the following. Please requests others as needed.
    • Agent Info and Health Data
    • Detection / Threats
    • Endpoints / Machines
    • Quarantine
    • Suspicious Activity
    • Events
    • Tasks / Jobs
    • Others - Exceptions, Users, Groups, Policies, Schedules
  • Some pivot tables and charts are automatically created in Excel.
  • A summary report can be generated in HTML and PDF, and emailed for delivery.
  • Bulk removal of endpoints offline for any specified number of days.
  • Bulk import of exclusions of different types.
  • Bulk restore or delete of quarantined items.
  • RESTful APIs used with the corresponding response data can be viewed.

 

Releases

Latest version is v1.7.6.

  • v1.7 (2018-11-09) 
    • Some fields are stored as JSON blobs and hard to read. Added feature (Show JSON) to pop up a formatted page for these fields such as Policies-->Content, and Schedules-->Command Data.
    • Groups with hierarchy are shown with the names of parents for easier identification.
    • Groups are identified as originating from Active Directory.
    • Separated Software Installed for Windows and macOS.
    • Fixed Select All and Unselect All errors in Delete Endpoints and Restore Quarantine data screen.
    • Fixed error when there are duplicate endpoint IDs.
    • Added Group Name to the summary report, and default email subject field.
  • v1.6 (2018-09-30) - Added bulk delete and restore of Quarantine items.
  • v1.5 (2018-09-28) - Added many items and fixed bugs. 
    • Of note is a new Health Check report to show endpoints check-in status, and whether they are protected.
    • The installer is code signed for proper identification.
    • Exclusions can be imported in a batch.
  • v1.4 (2018-07-31) - Fixed errors caused by changing Regions. Now expected to work with different region formatting, especially with DateTime.
  • v1.3 (2018-07-29) - updated to support the latest release of Malwarebytes Cloud server (code name Kermit).
  • v1.2 (2018-July) - First release.

 

Troubleshooting

  • The installation folder is located in the following user appdata directory.
    • C:\Users\[user-name]\AppData\Roaming\Malwarebytes\Malwarebytes Excel Addin [version]
  • The installation logs are located in the following directory. They are useful to determine the reasons why the addin might not have been attached to Excel correctly.
    • C:\Users\[user-name]\Documents\Add-in Express
    • C:\Users\[user-name]\AppData\Local\Temp\Malwarebytes Excel Addin
  • If the Addin does not show up in the menu for Excel, the first thing to try is to run the setup.exe as Administrator.

 

Screenshots

  1. Detection data imported from the Cloud server.
    Detection data imported from the Cloud server

  2. Pivot tables and charts are created for some key objects.
    Pivot tables and charts

  3. HTML and PDF summary report generated.
    HTML and PDF summary report

  4. Agent Info and Health Data
    Agent Info and Health Data
  5. RESTful APIs used for data extraction can be viewed.
    RESTful API

Outcomes