To configure the integration, you will need to:
- Install the Collector component on a designated Windows™ or Linux™ server.
- Configure a syslog communication endpoint to send Malwarebytes Nebula syslog data to your Collector.
- Add the Malwarebytes Nebula event source in Rapid7 InsightIDR.
Configure Collector and syslog endpoint
- Install the Collector component on a Windows or Linux server. For more information, see Rapid7's Collector Overview support documentation.
- Log in to Malwarebytes Nebula and go to Settings > Syslog Logging.
- Designate one of your Malwarebytes Windows endpoints to forward syslog data to your Collector. Follow the steps in the article Configure Syslog in Malwarebytes Nebula platform. When configuring Syslog Communication Settings, enter your Collector's IP address for the IP Address/Host field.
If you are using Malwarebytes Breach Remediation, see the Event Logging to syslog section of the Malwarebytes Breach Remediation Windows Administrator Guide for configuration instructions.
Configure InsightIDR to receive event source data
- Log in to your InsightIDR console and go to Data Collection > Event Sources > Add Event Source > select Virus Scan.
- On the Add Event Source page, complete the required fields:
- Select a Collector: Select the Collector to receive Malwarebytes syslog data.
- Select Event Source Type: Select Malwarebytes from the drop-down menu.
- Name Event Source: Enter a name for the event source.
- Collection Method: Select Listen on Network Port.
- Enter Port Number: Choose the same port number and protocol as in the Malwarebytes Nebula Syslog Communication Settings.
- Click Save.
Once you've finished configuring the integration, confirm you are receiving incoming Malwarebytes events by going to Log Search and searching for Malwarebytes.