AndrewPP

Use a service like this to look up DNS records - https://www.findip-address.com/ you will find it originates from Russia. Or - Google who is 91.241.19.173 https://www.abuseipdb.com/check/91.241.19.173 You may need to use Intrusion Detection network monitoring and firewall port monitoring to investigate at an IP Packet level, how the traffic is entering your network. If all of your endpoints only use VPN to connect, then you will need to track down SourceIP, maybe by the VPN server's logs to find the compromised endpoint. These topics are beyond the scope of Malwarebyt

If the Management Agent is running, this command will display component versions. c:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACMD.EXE --versions Help will show additional useful commands c:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACMD.EXE -h

The Excel tool uses a Nebula API and can instruct the Nebula Console to delete duplicate endpoints, kick off scans, move endpoints etc. A description of features is here: https://support.malwarebytes.com/hc/en-us/articles/360038540994-Export-data-with-the-Malwarebytes-Nebula-Excel-Addin-with-Reporting-and-Utilities Note, the Nebula Public API is now available via Settings and documented here - https://api.malwarebytes.com/nebula/v1/docs should customers wish to perform their own integrations. 1. If you rerun the function from Excel, it will do a new query for freshest endpoint