The Malwarebytes Nebula platform offers detailed endpoint management through the Endpoints screen. You can select one or more endpoints and perform a variety of actions. For more on working with endpoints, see Perform actions on endpoints in Malwarebytes Nebula platform and Add endpoints in Malwarebytes Nebula.
In the left navigation pane, click Endpoints to access your endpoints. At a glance, you can see an online/offline status indicator next to each endpoint name.
The Status column uses icons to show endpoints needing attention. The table below lists the different endpoint statuses. On the Endpoint screen you can click an icon to view additional details or to act on the endpoint.
This endpoint hasn’t had a scan in some time. Hover over the icon to see how long it has been since the last scan. Run a scan to keep the endpoint free from threats.
A scan is pending on the endpoint.
A scan is currently running on the endpoint.
The endpoint has threats that were detected during a scan that need remediation.
Remediation of threats is pending on the endpoint.
The endpoint is being remediated.
The endpoint needs a reboot to quarantine detected threats.
A reboot command is still pending.
Suspicious activity was found on the endpoint. Requires an Endpoint Detection and Response subscription.
|The endpoint is isolated. Requires an Endpoint Detection and Response subscription.|
Malwarebytes Nebula uses filters to simplify management tasks across many endpoints. These filters and their options are at the top of the Endpoints list.
When a filter is in use, the filter icon changes color. A list of applied filters appears above the Endpoints list to show which filters are in use. Click a filter in the list to remove it or Clear Filters to remove them all.
The drop-down filter on the top-right of the Endpoints section enables endpoint filtering.
The following items are available in the drop-down filter:
- Domain Name: full or partial domain names
- IP Address/CIDR: full or partial IP addresses, or CIDR notation for a range of IPs
- MAC Address: full or partial MAC addresses
- OS Type: includes Workstation or Server options
The Endpoints filter allows a search by endpoint name. Click the Endpoints filter ( ) icon and enter an endpoint name to narrow the endpoints displayed.
The Status filter allows a search by current endpoint statuses. Click the Status filter ( ) icon and choose a status to narrow the endpoints displayed. You can filter the Status filter column by the following:
- Remediation Required
- Restart Required
- Scan Needed
- Suspicious Activity Detected
- Endpoint Isolated
Endpoints may have more than one status at a time. The status column uses icons to display endpoint information. See above for a description of each icon.
The Operating System filter enables a search by Operating Systems on deployed endpoints. Click the Operating System filter ( ) icon and choose one of the following options:
The Group filter enables a search by endpoint groups. Click an assigned group name to filter on that group. If you have many groups, you may enter a group name in the filter box to narrow your search.
Groups can be nested within other groups. When navigating a nested group, click Home ( ) or Back ( ) to return to the earlier list.
The Policy filter enables searching by policy name. Click the Policy filter ( ) and enter a policy name to narrow your search.
The Last Seen filter ( ) lists endpoints based on when they last checked in. Times shown are based on your browser time zone.
In the Endpoints section, click an endpoint name to view the endpoint's properties. Endpoint Properties provides additional details for each of your endpoints.
The following Endpoint Properties tabs are populated during endpoint software installation. These tabs update when there is a software update on the endpoint:
- Overview: displays the endpoint name, engine version, host and agent information, Operating System, Network Interfaces, Memory information, and Storage device information
- Detections: displays all Malwarebytes detections. Selectable by type and actions taken
- Remediation Required: displays detections that need remediation
- Suspicious Activity: displays Suspicious Activity found. Requires an Endpoint Detection and Response subscription
- Quarantine: displays quarantined files up to 30 days old. Quarantined files are isolated from the endpoint operating system
- Events: displays logged activities on the endpoint and their severity
- Tasks: displays requested or completed operations on the endpoint and their status
- Scan History: displays scan records up to 30 days old, their Total Detections, Type, and Origin
- Software: displays the software installed on the endpoint
- Updates: displays the latest software updates on the endpoint
- Startup Programs: displays startup programs on the endpoints
All dates and times shown are relative to your browser settings. You may select individual items on these tabs to see more details.
You may refresh assets using Actions > Refresh Assets or schedule an Asset Inventory Scan to force a refresh at a specified time. Scheduled asset refreshes can be useful if you need frequent Endpoint Properties updates.
When you refresh assets on your endpoint, the following tabs/sections update:
- Overview tab
- Memory Objects: physical and virtual memory of the endpoints
- Storage Devices: connected storage, USB storage, and other devices
- Software tab: software installed on the endpoint
- Updates tab: software updates that occurred on the endpoint
- Startup Programs tab: registry entries for installed startup programs on the endpoint
Return to the Malwarebytes Nebula platform Administrator Guide.