The Malwarebytes Nebula platform offers detailed endpoint management through the Endpoints screen. You can select one or more endpoints and perform a variety of actions. For more on working with endpoints, see Perform actions on endpoints in Malwarebytes Nebula platform and Add endpoints in Malwarebytes Nebula.
In the left navigation pane, click Endpoints to access your endpoints. At a glance, you can see an online/offline status indicator next to each endpoint name.
The Status column uses icons to show endpoints needing attention. The table below lists the different endpoint statuses. On the Endpoint screen you can click an icon to view additional details or to act on the endpoint.
This endpoint hasn’t had a scan in some time. Hover over the icon to see how long it has been since the last scan. Run a scan to keep the endpoint free from threats.
A scan is pending on the endpoint.
A scan is currently running on the endpoint.
The endpoint has threats that were detected during a scan that need remediation.
Remediation of threats is pending on the endpoint.
The endpoint is being remediated.
The endpoint needs a reboot to quarantine detected threats.
A reboot command is still pending.
Suspicious activity was found on the endpoint. Requires an Endpoint Detection and Response subscription.
|The endpoint is isolated. Requires an Endpoint Detection and Response subscription.|
|Software update is available. Click the icon to view the option to install. A restart of the endpoint may be necessary to complete the installation.|
Above the endpoints results table is the Export button. After selecting one or more endpoints from the table, you can click this button to download a full endpoint report. Choose either .cvs or .xls format.
Malwarebytes Nebula uses filters to simplify management tasks across many endpoints. These filters and their options are at the top of the Endpoints list.
When a filter is in use, the filter ( ) icon changes color. A list of applied filters appears above the Endpoints list to show which filters are in use. Click a filter in the list to remove it or Clear Filters to remove them all.
The Endpoints filter allows a search by endpoint name. Click the Endpoints filter ( ) icon and enter an endpoint host name or alias to narrow the endpoints displayed. Alternatively, you can use the search bar above the top-right corner of the endpoints table to find endpoints by host name or alias.
The Status filter allows a search by current endpoint statuses. Click the Status filter ( ) icon and choose a status to narrow the endpoints displayed. You can filter the Status filter column by the following:
- Needs Attention indicator: displays the number of endpoints that is not configured properly or has a problem. Click View all endpoints that need attention to filter the endpoints page.
- Remediation required: Displays the number of endpoints with threats that need remediation.
- Restart required: Displays the number of endpoints that need a system reboot. Endpoints may need to reboot in order to complete remediation, complete new software installation, or after a software update occurs.
- Scan needed: Displays the number of endpoints that didn't have a scan for at least 7 days. Regular scans are important to keep endpoints free of threats.
- Suspicious Activity Detected: Displays the number of endpoints with suspicious activities found. Investigate suspicious activity to keep your endpoints protected. Your site(s) must have the Malwarebytes Endpoint Detection and Response product to use this feature.
- Endpoints Isolated: Displays the number of endpoints that are isolated. Isolation stops threats from spreading between endpoints by restricting their communication or access. Your site(s) must have the Malwarebytes Endpoint Detection and Response product to use this feature.
- Last seen 7+ days ago: Displays the number of endpoints that have not been seen by the Nebula console for 7 or more days.
- Software update available: Displays the number of endpoints that need a Malwarebytes software update.
Endpoints may have more than one status at a time. The status column uses icons to display endpoint information. See above for a description of each icon.
The OS platform filter enables a search by Operating Systems on deployed endpoints. Click the Operating System filter ( ) icon and choose one of the following options:
The Group filter enables a search by endpoint groups. Click an assigned group name to filter on that group. If you have many groups, you may enter a group name in the filter box to narrow your search.
Groups can be nested within other groups. When navigating a nested group, click Home ( ) or Back ( ) to return to the earlier list.
The Policy filter enables searching by policy name. Click the Policy filter ( ) and enter a policy name to narrow your search.
The Last Seen filter ( ) lists endpoints based on when they last checked in. Times shown are based on your browser time zone.
Add or remove table columns
Click the the Select columns ( ) icon above the results table to choose the column headers displayed on your results table. This will narrow or widen the endpoint information displayed on the results table and allows you to customize your Endpoints page. Click and drag a column header left or right to rearrange the column order. Or, click and drag the edge of a column header to narrow or widen the column. You can add or remove the following column headers:
- Device type
- Domain name
- Engine version
- IP address/CIDR
- Last scan date
- Last seen
- Last user
- MAC address
- OS platform
- OS release name
- OS version
Drag columns to define parameters
In the results table, you can drag the column headers to the results bar to group endpoints by those parameters. You can drag and drop the following column headers:
- OS platform
- Engine version
- OS release name
- Device type
- OS version
Pin and auto-size columns
Hover your cursor over a column header to reveal a hamburger icon ( ) with options to pin and auto-size columns. These options allow you to further customize your Endpoints results table. Click the the hamburger icon to reveal the following options in the drop-down menu:
- Pin left: Pins selected column to the left side of your results table. Column remains static while scrolling left or right on the results table.
- Pin right: Pins selected column to the right side of your results table. Column remains static while scrolling left or right on the results table.
- Unpin: This option is only visible for left or right pinned columns. This un-pins the column and returns it to its original place in the results table.
- Auto-size this column: Automatically adjusts the selected column's width to fit the text in the cells.
- Auto-size all columns: Automatically adjusts the column width for all of your columns to fit the text in the cells.
Copy Endpoint data to spreadsheet
Data in the Endpoints results table can be copied and pasted into another file or downloaded as a spreadsheet. Click and drag your cursor to select data in the Endpoints results table, then right-click the highlighted data to display a context menu with the following options:
- Download .csv: Downloads the selected data as a .cvs file to your local machine.
- Download .xlsx: Downloads the selected data as a .xlsx file to your local machine.
- Copy: Copies the selected data to your clipboard.
- Copy with Headers: Copies the selected data and the column headers of the selected rows to your clipboard.
In the Endpoints section, click an endpoint name to view the endpoint's properties. Endpoint Properties provides additional details for each of your endpoints.
The following Endpoint Properties tabs are populated during endpoint software installation. These tabs update when there is a software update on the endpoint:
- Overview: Displays the endpoint name, Malwarebytes version information, host and agent information, Operating System, Network Interfaces, Memory information, and Storage device information.
- Detections: Displays all Malwarebytes detections. Selectable by type and actions taken.
- Remediation Required: Displays detections found that need remediation. These detections found either by the Scan + Report action or by a scan with the automatic quarantine option disabled.
- Suspicious Activity: Displays Suspicious Activity found. Requires an Endpoint Detection and Response subscription.
- Quarantine: Displays files quarantined either by the Scan + Quarantine action or by scans with the automatic quarantine option enabled. Quarantined files are isolated from the endpoint operating system to prevent potential infection. Displays quarantined files up to 30 days old.
- Events: Displays logged activities on the endpoint and their severity.
- Tasks: Displays requested or completed operations on the endpoint and their status.
- Scan History: Displays scan records up to 30 days old, their Total Detections, Type, and Origin.
- Software: Displays the software installed on the endpoint.
- Updates: Displays the latest software updates on the endpoint.
- Startup Programs: Displays startup programs on the endpoints.
All dates and times shown are relative to your browser settings. You may select individual items on these tabs to see more details.
You may refresh assets using Actions > Refresh Assets or schedule an Asset Inventory Scan to force a refresh at a specified time. Scheduled asset refreshes can be useful if you need frequent Endpoint Properties updates.
When you refresh assets on your endpoint, the following tabs/sections update:
- Overview tab
- Memory Objects: Physical and virtual memory of the endpoints.
- Storage Devices: Connected storage, USB storage, and other devices.
- Software tab: Software installed on the endpoint.
- Updates tab: Software updates that occurred on the endpoint.
- Startup Programs tab: Registry entries for installed startup programs on the endpoint.
Return to the Malwarebytes Nebula platform Administrator Guide.