Technical Add-on for Malwarebytes for Splunk

Document created by jgolomb Employee on May 31, 2019Last modified by jyamada on Jun 20, 2019
Version 10Show Document
  • View in full screen mode

The Technical Add-on for Malwarebytes app is a pre-requisite for all Malwarebytes apps for Splunk.  The app includes Common Information Model (CIM) compliant field extractions and pre-defined source types for multiple Malwarebytes products making it compatible with all CIM based Splunk apps including Splunk Enterprise Security.

 

Requirements

To install the Technical Add-on for Malwarebytes app, you need:

  • An active Splunk Enterprise or Splunk Cloud instance.
  • User login credentials to Splunk.

 

Download Technical Add-on from Splunkbase

  1. Go to the Technical Add-on for Malwarebytes page in Splunkbase.
  2. Click on LOGIN TO DOWNLOAD.
  3. Enter your Splunk user credentials.

 

Install Technical Add-on for Malwarebytes 

Where you install Technical Add-on for Malwarebytes is based on your Splunk environment.  


Splunk Enterprise Single Instance Environments

Install the Technical Add-on for Malwarebytes in the same location where the Splunk components, Search Tier, Indexer Tier, and Forwarder Tier are located. For instructions on installing add-on in a single instance environments, refer to Splunk's support article Install an add-on in a single-instance Splunk Enterprise deployment.

 

Splunk Enterprise Distributed Environments

Install the Malwarebytes Cloud Remediation app where your Search Tier, Indexer Tier, and Forwarder Tier are located. For instructions on installing an add-on in a distributed Splunk Enterprise environment, refer to Splunk's support article Install an add-on in a distributed Splunk Enterprise deployment.

 

Once the Technical Add-on for Malwarebytes is installed, you can now install the Malwarebytes Visibility and Dashboards app, Agentless Remediation app, or Cloud Remediation app for your Splunk environment.

 

Attachments

    Outcomes