Jump to content

Feeding MBAE event data to SIEM


Recommended Posts

  • Staff

Welcome to the forum hkelley!

You can enable the MBAE clients to submit alert and service events to a syslog server. Details on how to enable this, as well as customizeable syslog options, can be found in the MBAE Admin Guide PDF in the last section.

In the Guide there's also a section on alert reporting that explains the different data to interpret it into actionable intel.

Link to post
Share on other sites

Thanks, Pedro.

 

That guide says "The Malwarebytes Anti-Exploit for Business standalone client can be configured to send alert and service events".   Is the same data automatically collected by the Management Console service for managed clients?   If so, is there a log file or a SQL table we could query from?

 

Would the columns be the same as those in mbae-alert.log, plus the originating client host name?

 

Hugh

Link to post
Share on other sites

  • 10 months later...
  • 1 year later...
  • Staff

Welcome to the forum cmorris.

There's two ways to do this:

1- Forward events from centralized Malwarebytes Management Console to a syslog server. This can be activated from the "Admin" pane.

2- Enable syslog support on each endpoint (by simply creating a registry key and some values) and point each endpoint to submit their MBAE events directly to the syslog server, bypassing the Management Console. Details for this can be found towards the end of the "MBAE Admin Guide".

 

 

Link to post
Share on other sites

  • Staff

We currently don't have direct integration into LogRhythm or other SIEMs. It all needs to go through a syslog first and then feed the events from the syslog to the LogRhythm SIEM. Our Sales Engineers have a library of integration scripts into a bunch of different SIEMs and other network tools (Breach Detection Systems, Endpoint manangement frameworks, etc.). Send me a PM and I'll put you in touch if you are interested in those.

 

Link to post
Share on other sites

  • 7 months later...
  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.