Install and configure Malwarebytes app for ServiceNow

Document created by jgolomb Employee on May 7, 2019Last modified by jgolomb Employee on Aug 14, 2019
Version 15Show Document
  • View in full screen mode

The Malwarebytes app for ServiceNow integrates with Malwarebytes Endpoint Protection and Incident Response to schedule endpoint scans and gather threat event information. This article describes requirements and configurations for the integration.

 

ServiceNow requirements

ServiceNow requires the following to integrate with Malwarebytes:

  • You must have purchased a subscription and installed the Security Incident Response plugin. Refer to Activate Security Incident Response document for more information.
  • You must have an active ServiceNow Support Portal account.
  • You must have access to ServiceNow appliance.

 

Malwarebytes requirements

Malwarebytes requires the following to integrate with ServiceNow:

  • You must have an active Malwarebytes Endpoint Protection or Malwarebytes Incident Response subscription.
  • You must have administrator login credentials to the Malwarebytes Cloud Console.
  • You must contact Malwarebytes to get your Cloud Console Client Id, Cloud Console Account Id, and Cloud Console Client Secret.

 

Install the Malwarebytes app for ServiceNow

Before you begin the installation process, verify the Security Incident Response plugin is installed and active on your ServiceNow instance.

  1. Open the ServiceNow Store and click the Malwarebytes Integration for Security Operations tile.

  2. Click the Get button on the right side of the screen then enter your HI credentials.

  3. After installation completes, confirm Malwarebytes is installed.
    1. Log into ServiceNow.
    2. In the search box, enter "system app".
    3. Click on System Applications - Applications.
    4. Click on Downloads.
    5. Confirm Malwarebytes - Security Incident Response appears in the Downloads page.

 

Configure the Malwarebytes app

  1. In the Filter navigator search box, enter "integration".

  2. Click on Security Operations - Integration Configuration.

  3. On the Malwarebytes tile, click Configure.

  4. In the Malwarebytes configuration window:
    1. Check the Application enabled box.
    2. To get your Cloud Console Account Id:
      1. Log into the Malwarebytes Cloud Console.
      2. Copy the following string of characters found in the url.
        Image of Malwarebytes Cloud Console web url.
      3. In ServiceNow, paste the characters into the Cloud Console Account Id field.
    3. To get your Cloud Console Client Id and Cloud Console Client Secret:
      1. Click this Malwarebytes Cloud Console link.
      2. Enter your Malwarebytes Cloud Console administrator credentials.
      3. Click LOG IN > Generate Credentials > YES, GENERATE.
      4. Copy the generated Client Id > in ServiceNow, paste the Client Id in the Cloud Console Client Id field.
      5. Return to the Malwarebytes Cloud Console, copy the generated Client Secret > in ServiceNow, paste the Client Secret in the Cloud Console Client Secret field.
        Image of Client Credentials page in the Malwarebytes Cloud Console.
    4. In the Security Admin Username field, enter your ServiceNow username.
    5. In the Security Admin Password field, enter your ServiceNow password.
    6. Check the Subscribe Webhook box.
    7. Click on Submit.
      Image of Malwarebytes Security Incident Response Configuration menu in the ServiceNow web console.

 

Configure Malwarebytes Scheduled Jobs

From ServiceNow, you can schedule jobs to initiate Malwarebytes scans on your endpoints. There are two Malwarebytes Scheduled Job components:

  • Initiate Malwarebytes Scan
  • Update Malwarebytes Scan

You set an interval time to run these two components. When the Scan History Table receives a scan job request, the Initiate Malwarebytes Scan component starts a scan on the endpoint and the Update Malwarebytes Scan component periodically checks scan progress and updates the Scan Reports Table with any found threats.

 

To configure the Malwarebytes Scheduled Jobs:

  1. Go to System Definition - Scheduled Jobs.

  2. In the Name search box, enter "malwarebytes".
    Image of Scheduled jobs tab in ServiceNow console.

  3. Click on Initiate Malwarebytes Scan V2.
    1. Set the Active box to True.
    2. Set the Repeat Interval to 10 or more seconds.
    3. Click Update.
      Image of Initiate Malwarebytes Scan V2 Scheduled Script Execution in ServiceNow.

  4. Click on Update Malwarebytes Scan V2.
    1. Set the Active box to True.
    2. Set the Repeat Interval to 10 or more seconds.
    3. Click Update.
      Image of Update Malwarebytes Scan V2 Script Execution in ServiceNow.

 

To learn how to configure the Malwarebytes app for ServiceNow, see Malwarebytes app with ServiceNow user guide.

Attachments

    Outcomes