The Technical Add-on for Malwarebytes app is a prerequisite for all Malwarebytes apps for Splunk. The app includes Common Information Model (CIM) compliant field extractions and predefined source types for multiple Malwarebytes products making it compatible with all CIM based Splunk apps including Splunk Enterprise Security.
Requirements
To install the Technical Add-on for Malwarebytes app, you need:
- An active Splunk Enterprise or Splunk Cloud instance.
- User login credentials to Splunk.
Download Technical Add-on from Splunkbase
- Go to the Technical Add-on for Malwarebytes page in Splunkbase.
- Click on LOGIN TO DOWNLOAD.
- Enter your Splunk user credentials.
Install Technical Add-on for Malwarebytes
Where you install Technical Add-on for Malwarebytes is based on your Splunk environment.
Splunk Enterprise Single Instance Environments
Install the Technical Add-on for Malwarebytes in the same location where the Splunk components, Search Tier, Indexer Tier, and Forwarder Tier are located. For instructions on installing add-on in a single instance environments, refer to Splunk's support article Install an add-on in a single-instance Splunk Enterprise deployment.
Splunk Enterprise Distributed Environments
Install the Malwarebytes Cloud Remediation app where your Search Tier, Indexer Tier, and Forwarder Tier are located. For instructions on installing an add-on in a distributed Splunk Enterprise environment, refer to Splunk's support article Install an add-on in a distributed Splunk Enterprise deployment.
Once the Technical Add-on for Malwarebytes is installed, you can now install the Malwarebytes Visibility and Dashboards app, Agentless Remediation app, or Cloud Remediation app for your Splunk environment.