One of the primary functions of Malwarebytes Nebula platform is to keep you informed of malware-related activities on your endpoints. This article provides an overview of the Dashboard, Detections, and Quarantine sections. These sections provide information to help you understand what is happening in your environment.
The Dashboard provides a high level view of malware-related activities on your network. It presents a summarized view of the information displayed in more detail on sections of your Nebula console through widgets. In the top of the Dashboard section, you can filter the information displayed in widgets by the following: All, Servers, and Workstations.
Widgets show different data points on the Dashboard. These widgets are:
- Endpoints by status: shows endpoint statuses and the count of endpoints currently in each status
- Endpoints by operating system: shows the number endpoints for each operating system
- Endpoints by activity: shows endpoints that are active for the past 7 days, inactive for the past 30 days, and inactive beyond the past 30 days
- Detections by status: shows a chart that displays the total number of blocked, quarantined, and found detections for the past 7 days
- Detections by type: shows the number of detections by category for the past 7 days
- Detections per day: shows a chart that displays daily detection activity trends for the past 30 days
- Detections cleaned: shows the number of detections by category that have been cleaned for the past 72 hours
- Top 10 endpoints with detections: shows the top 10 endpoints with detections for the past 90 days
- Top 10 malware detections: shows the top 10 malware detections for the past 90 days
- Top 10 PUM detections: shows the top 10 Potentially Unwanted Modifications (PUM) detections for the past 90 days
- Top 10 PUP detections: shows the top 10 Potentially Unwanted Programs (PUP) detections for the past 90 days
- Top 10 blocked websites: shows the top 10 blocked websites, domains or IP addresses for the past 24 hours
- Tasks by status: shows the number of tasks in each status for the past 24 hours
- Suspicious Activity per day: shows a chart that displays daily Suspicious Activity trends for the past 30 days
- Top 10 suspicious activity detection rules: shows the top 10 Suspicious Activity detection rules for the past 24 hours
Information shown on the Dashboard is current as of the time you access the Dashboard.
This section provides a detailed list of all threats detected on your endpoints from scans. By default, these are sorted from the most recent to the oldest detections. In the top-right part of the Detections section, you can filter detections by the following: All Endpoint Types, Servers, and Workstations.
Several data columns display information for each detection. Below are the following columns displayed:
- Name: the name of the detection
- Action Taken: the action Malwarebytes took on the detection
- Category: the detection's larger threat family or type
- Type: the specific file, path, or process type of the detection
- Endpoint: the name of the endpoint where the detection was found
- Location: the file path of the detection
- Date: the date when Malwarebytes found the detection
Click on a column filter icon ( ) to narrow the results. Use these column filters to focus on the most important information.
When clicking on a column filter icon, the filter list in the middle of the screen shows which filters are applied. Click on a filtered item to remove it or Clear Filters to remove them all.
Click on the name of a detection to view the Detection Details window. This information is to help inform about threats on your endpoints and where they originate in your environment.
When a file is quarantined, it has been detected and isolated so that it can't harm your endpoints. The Quarantine section allows you to view these items.
While Malwarebytes uses its best judgment whether a file is a threat, false positives are possible. You may also find items in Quarantine which are trusted files. Do not assume that the contents of Quarantine are either malicious or safe.
Click on a column filter icon ( ) to narrow the results. When clicking on the filter icon, the filter list at the top of the screen shows which filters are applied. Click on a filtered item to remove it, or Clear Filters to remove them all.
Click a threat name for details, or click an endpoint to jump to the details screen for that endpoint.
While the Quarantine section shows all quarantined threats across your network, the actual threats remain in an encrypted state on the endpoints where they were found. The quarantine location is a predefined folder on your endpoints:
- Windows endpoints: C:\ProgramData\Malwarebytes\MBAMService\Quarantine
- Mac endpoints: /Library/Application Support/Malwarebytes/NCEP/Quarantine/
- Linux endpoints: /var/lib/mblinux/quarantine
You may perform the following actions on quarantined items from the console:
- Restore (Windows only): Moves the item from Quarantine to its original location on the endpoint. Use this for items known to be safe.
- Delete: Immediately and permanently destroys the file. This action is irreversible.
You may restore quarantined items on Mac endpoints by moving the file on the endpoint from Quarantine to the original location. This action not available from the console for Mac endpoints.
Return to the Malwarebytes Nebula platform Administrator Guide.