The Malwarebytes app for ServiceNow integrates with Malwarebytes Nebula to schedule endpoint scans and gather threat event information. This article describes requirements and configurations for the integration.
ServiceNow requires the following to integrate with Malwarebytes:
- You must have purchased a subscription and installed the Security Incident Response plugin. Refer to Activate Security Incident Response document for more information.
- You must have an active ServiceNow Support Portal account.
- You must have access to ServiceNow appliance.
Malwarebytes requires the following to integrate with ServiceNow:
- An active Malwarebytes Nebula subscription.
- Administrator login credentials to the Malwarebytes Nebula.
- Contact Malwarebytes to get your Cloud Console Client Id, Cloud Console Account Id, and Cloud Console Client Secret.
Install the Malwarebytes app for ServiceNow
Before you begin the installation process, verify the Security Incident Response plugin is installed and active on your ServiceNow instance.
- Open the ServiceNow Store and click the Malwarebytes Integration for Security Operations tile.
- Click the Get button on the right side of the screen then enter your HI credentials.
- After installation completes, confirm Malwarebytes is installed.
- Log into ServiceNow.
- In the search box, enter "system app".
- Click on System Applications - Applications.
- Click on Downloads.
- Confirm Malwarebytes - Security Incident Response appears in the Downloads page.
Configure the Malwarebytes app
- In the Filter navigator search box, enter "integration".
- Click on Security Operations - Integration Configuration.
- On the Malwarebytes tile, click Configure.
- In the Malwarebytes configuration window:
- Check the Application enabled box.
- To get your Cloud Console Account Id:
- Log in to Malwarebytes Nebula.
- In the address bar of your browser, copy your Cloud Console Account Id. This is the string of alphanumeric characters and dashes found in your logged-in Nebula console URL between "malwarebytes.com/" and "/dashboard".
- In ServiceNow, paste the copied characters into the Cloud Console Account Id field.
- To get your Cloud Console Client Id and Cloud Console Client Secret:
- Click this Malwarebytes Cloud Console link.
- Click Add, then provide the Application name and select the required access, then Save.
- Copy the generated Client Id.
- In ServiceNow, paste the Client Id in the Cloud Console Client Id field.
- Return to the Malwarebytes Cloud Console, copy the generated Client Secret.
- In ServiceNow, paste the Client Secret in the Cloud Console Client Secret field.
- In the Security Admin Username field, enter your ServiceNow username.
- In the Security Admin Password field, enter your ServiceNow password.
- Check the Subscribe Webhook box.
- Click on Submit.
To learn how to configure the Malwarebytes app for ServiceNow, see Malwarebytes app for ServiceNow user guide.