Install and configure Malwarebytes Integration for Incident Response

Document created by jgolomb Employee on Jul 24, 2019Last modified by jgolomb Employee on Oct 1, 2019
Version 14Show Document
  • View in full screen mode

Malwarebytes Integration for Incident Response enables Malwarebytes Breach Remediation (MBBR) to integrate with ServiceNow cloud instance to allow administrators to manage scans on endpoints, remove threats, and generate reports. This article describes requirements and configurations for the integration.

 

ServiceNow requirements

ServiceNow requires the following to integrate with Malwarebytes Breach Remediation:

 

Malwarebytes requirements

Malwarebytes Breach Remediation requires the following to integrate with ServiceNow:

  • You must have an active Malwarebytes cloud platform subscription.
  • Have your subscription license key available.
  • If using a Syslog Server, have your Syslog Server IP and Syslog Server Port available.

 

Install Malwarebytes Integration for Incident Response

Before you begin the installation process, verify the Security Incident Response plugin is installed and active on your ServiceNow instance.

  1. Open the ServiceNow Store and click the Get button.

  2. Enter your HI credentials.

  3. After installation completes, confirm Malwarebytes is installed.
    1. Log into ServiceNow.
    2. In the search box, enter "system app".
    3. Click on System Applications - Applications.
    4. Click on Downloads.
    5. Confirm Malwarebytes Integration for Incident Response appears in the Downloads page.

 

ServiceNow - Malwarebytes Breach Remediation installation

  1. Unzip the SN_MBBR_ALL.zip package. This contains two folders: SN_MBBR and SN_MBBR(syslog).
    Image of ServiceNow and Malwarebytes Breach Remediation zip archive.
  2. The SN_MBBR folder is intended for customers using a non-syslog environment, and the SN_MBBR(syslog) folder is intended for customers using a Syslog Server.
    1. If using a non-syslog environment:
      1. Open the SN_MBBR folder.
      2. Open Install_License.ps1 with Windows PowerShell.
      3. Enter your Malwarebytes Cloud license key and press Enter. This propagates the license key to the other batch files.
        Image of Install_License.ps1 file opened in Windows PowerShell.
    2. If using a Syslog Server:
      1. Open the SN_MBBR(syslog) folder.
      2. Open Install_License.ps1 with Windows PowerShell.
      3. Enter your Malwarebytes Cloud license key and press Enter.
      4. Enter your Syslog Server IP and press Enter.
      5. Enter your Syslog Server port and press Enter. This propagates the license key, Syslog Server IP, and Syslog Server port to the other batch files.
        Image of Install_License.ps1 file opened in Windows PowerShell.

  3. Create a new folder named mbbr in the Local Disk C:\ in the Windows server. Depending on your environment, copy either the contents of SN_MBBR or SN_MBBR(syslog) to the new mbbr folder.
    Image of mbbr folder newly created in the Local Disk C.

 

Store MID Server credentials

As part of initial setup, you must store your credentials for your MID Server. To do this:

  1. Log in to ServiceNow.

  2. In the Filter navigator search box, enter "credentials store".

  3. In the left-side menu pane, go to the Malwarebytes Breach Remediation - Credentials Stores table.
    Image of Malwarebytes Breach Remediation Credentials Stores table in ServiceNow.

  4. Click on New.

  5. In the New record, enter the following details:
    1. In the Windows Username field, enter your administrator domain username.
    2. In the Windows Password field, enter your administrator domain password.
    3. In the MID Server Name field, enter the name for your MID Server.
      Image of the Credentials Store screen in ServiceNow to input MID Server credentials.

  6. Click Submit.

 

The table refreshes to show the stored MID Server credentials.

Image of the Malwarebytes Breach Remediation Credentials Stores table in ServiceNow.

 

 

To learn how to initiate and verify scans, check reports, and update Business Rules and Scheduled Jobs, see Malwarebytes Integration for Incident Response user guide.

Attachments

    Outcomes