• Announcements

    • AdvancedSetup

      Support Alert - Hurricane Irma   09/08/2017

      Due to weather in the South East United States response times may be delayed. We appreciate your patience and understanding.  

IRMeetsVR

Members
  • Content count

    2
  • Joined

  • Last visited

About IRMeetsVR

  • Rank
    New Member
  1. You summed it up perfectly. We share all of those same concerns but we had to move ahead to support orchestration and automation requirements of our customers. Originally we tried to do everything with MBES by directly accessing the database because we believed that would be the simplest and most reliable method. However what we discovered is that while reading works fine when it came to making changes or issuing commands that method is actually not very stable in a lot of cases. For example, if you modify specific policy fields directly in the database we've seen lockups and crashes of the server and the MBMC client(s). If you try to control scanning activity by adding entries to the TBL_CommandToClient table that doesn't work and in fact prevents the server from running any other jobs until your changes are backed out again. The database is simply not reliably tolerant to updates and inserts outside of the system in our experience. Fortunately the MBES architecture is already built on an API-like client/server model. The server is 2 parts - the MBES service and the MBMC GUI client that accesses it. In the supported architecture you can already deploy multiple MBMC management console clients and that works well. The MBES service exposes a control protocol (SOAP API) to the MBMC clients and that is how they interact with the server service. Our automation solution is middleware that uses the same SOAP API as the MBMC clients to perform all of its functions and in testing so far has been extremely reliable. As far as the MBES service is aware our connection is just another MBMC client making and putting requests. We are very open and transparent and if you wanted to go deep to a code level into how it works we could definitely walk you through it. You are also right to point out that as new releases come any third party integrations are potentially going to have to play catch-up. Historically there hasn't been a high frequency of significant updates to the MBMC or the client/server architecture and the changes that there have been to date have mostly maintained protocol compatibility save for a few tweaks. As automation initiatives continue to ramp upwards and outwards within most large enterprises there is always a discussion about what can be brought into the scope vs what isn't going to make it. We can help make MBES a part of that taking advantage of all the existing investment and deployment efforts that have gone into it. I've also heard those rumors about something new that may be on the horizon and we are eagerly awaiting that!
  2. For anyone who needs more functionality than read-only access to the MBMC data via the database (to programmatically control scanning, for example) my company has developed a third party API for Malwarebytes. The software runs in the background as a service alongside the Malwarebytes service on your MBES server and it exposes a RESTful API which gives you full and proper access to all MBMC functionality including: Initiate scans of any type with and without the remove option Retrieve scan results and other alerts programmatically Consolidate client information and control from multiple MBES servers Build custom reports based on your queries Full policy control Read/write full client, group, policy, and other details Plus more On top of the API module we have also built a new MBMC client which uses all of this functionality to provide a more interactive and flexible management solution for MBES. It does not prevent you from continuing to use the traditional MBMC - merely it adds the option to view the information and control MBES however you prefer. If you would like more information or to be included in the currently-running beta please PM me * This API and MBMC alternative is a third party solution and is not endorsed or sponsored by Malwarebytes