Jump to content

Lee-Wei

Members
  • Posts

    19
  • Joined

  • Last visited

Everything posted by Lee-Wei

  1. Ricky, I got your message and sorry to hear of the issue. Right now, the code is written to automatically display all the fields returned from the API. I wanted to make sure to capture all the new fields as they are added, as in the case with Sha256 here. I see that is causing more trouble for you than helping. :( If I intentionally remove this column, there are likely to be new ones added going forward.
  2. Ricky and I worked together and turned out that we were using a Read Only user account that does not have rights to the other groups. Once we correct the user permission, we are able to import and view the endpoints correctly.
  3. @rickyf Thanks for the pictures and I can the issue you are facing. I cannot think of a reason - might have to do with login user and the group permission? I logged into a OneView site with more than one group and i do see all the endpoints from 2 different groups.
  4. @rickyf Can you please tell me more what function/button are you clicking. A picture will be useful, as I cannot picture the error.
  5. I pointed Jay to the online API doc where there is a Python code example to get the Token using clientid and clientsecret.
  6. @JeremyIIASorry that I missed your post earlier. If you contact me directly, I would be very interested in debugging the error.
  7. @MCJones Hi Mike, I don't think the add-in supports proxy connection, which I would you assume you are using. I will have to look into adding that.
  8. @noogie, Oh silly me, the reason for the difference is that the Excel Add-in is “Aggregating” the detections. When Malwarebytes detect a threat, the console is showing the “traces”. So one threat, such as a PUP, might have multiple traces consisting of files, registries, etc. The Excel Add-in defaults to aggregating them. Go to Configuration and Options and check the following “Do not aggregate Detections” to show all traces without aggregating them.
  9. Hmm, no there should not be a difference the the number of detections, because it is the same code. After importing the data, the "...Generate Reports" further creates some charts for us. Private message me or contact me via my email above and I can take a look.
  10. In the Excel Add in, if you have imported any Endpoints unto the spreadsheet, then the Detection import will automatically filter against that set of endpoints. If you simply perform a Detection import, then no additional filtering will apply. Since the data set is not too big (35 - 99), would you mind just spot check to see which are the missing ones? Failing that, feel free to contact me and I do a quick check with you. My email is leewei at leewei dot com.
  11. From my recollection, there are 2 possibilities: - Firstly, in the Excel Add-in, the detection data is filtered based on the Endpoints selected. For example, if you download a subset of endpoints from a group, then the detections will be filtered based on that set of assets. - Secondly, I am not sure on this one. At one point, the console only shows 30 days of threat data, whereas the Excel Add-in via the API has access to 90 days of threat data. So check your console to see the oldest dates.
  12. I don't know the plans. One way to provide feedback is that when you sign into the Nebula cloud console, the bottom left corner has a "Send Feedback" feature to send your query and feedback.
  13. Correct that suspicious activities are not currently included as part of the summary report. There is not a plan to do that.
  14. If a threat is detected and actioned upon, it will be tagged as Quarantined. If it is only detected but not remediated, than you see the status as Found. Found is possible if you performance a scan but chose not to remediate for reporting only.
  15. @RickyF, the "All Site" option should have been taken out as it has not been implemented. Sorry about that.
  16. @Olivier75I can help you debug this if you contact me directly leewei at leewei.com. This is usually due to some data that I am not expecting causing some parsing errors.
  17. @Calebxx1hi there - I am not working on this project actively. The team is very interested in getting additional feedback from the community, so I suggest entering the request within the console as a feedback.
  18. @wep When there is a threat detected, Malwarebytes console will show you all the different traces of the threat. For example, one PUP will show up in the console as many entries, sometimes into the hundreds. The Excel Addin defaults to "aggregating Detections". This behavior can be changed by going into the "Configuration and Options" menu then check the option to "Do not aggregate the Detections". Please see if that is what you are encountering.
  19. @ConnorElliott did you resolve this issue? I don't recall this problem off hand.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.