Jump to content

Cloud Excel Addin - data export and report

LeeWei

By LeeWei
in Malwarebytes Nebula

 Share

Recommended Posts

  • Replies 145
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Lee-Wei
Lee-Wei

@Calebxx1hi there - I am not working on this project actively. The team is very interested in getting additional feedback from the community, so I suggest entering the request within the console as a

noogie
noogie

@Lee-Wei  I entered different week ranges and am getting the matching threat counts.   I'm not sure why that particular week showed differences but as long as it looks good now.     Thank you for your

Lee-Wei
Lee-Wei

@SeanM, what is the error that you are getting? A screen shot if possible is useful. You can also contact me via private message, and I can help to debug.

Posted Images

  • 1 month later...
Kalrand

Kalrand

Posted
Posted

Great add-in, really wish these types of reports were available through the cloud. One small issue, the times are a bit off. Currently it is 9:49AM on 11/27, but I'm seeing times in the Last Seen column as 2:44PM on 11/27. Time zone, as displayed, is set to Eastern Standard Time UTC-5:00. Add-in version is 1.7.6.

Add-In_Times.thumb.png.bc091b5c932a40e1fefcb3dc16b95ac4.png

Link to post
Share on other sites
LeeWei

LeeWei

Posted
  • Author
Posted

@Kalrand, thanks for the feedback.

Yes all the datetimes are currently shown in UTC. 

I have already changed the default to show local time in the next version that I have yet to release (v2.0).
It will show the datetimes in local timezone, but you can change to UTC if needed.

Any other comments, bugs, or enhancements are welcome!

Lee Wei

Link to post
Share on other sites
LeeWei

LeeWei

Posted
  • Author
Posted

@Kernel009 the error technically means that the Cloud server cannot service our API request.
The API service returns errors in JSON. The HTTP/HTML error indicates that the API service is not reached.
So it could be network, the API service, etc.

Behind the scene, when we retrieve the "Agent Info", it does invoke as many APIs as you have endpoints identified. It is a looping call.

  • Is it happening for the same computer name?
  • Is this happening consistently, or sporadic?

If this happens a lot, I can manage the error better to provide better experience.

 

Link to post
Share on other sites
  • 2 weeks later...
syarbrough

syarbrough

Posted
Posted

Hi Lee Wei,

Great addin, I have been looking for this type of reporting and it works very well. I am trying to filter down to a group and run a summary report for my end users, however it is pulling data from all devices in all groups from Detections and Threats and including this in the Summary report. It will show endpoints from other groups. Is there a way to import only Detections and Threats for one group?

Thanks

 

Link to post
Share on other sites
LeeWei

LeeWei

Posted
  • Author
Posted
1 hour ago, syarbrough said:

Hi Lee Wei,

Great addin, I have been looking for this type of reporting and it works very well. I am trying to filter down to a group and run a summary report for my end users, however it is pulling data from all devices in all groups from Detections and Threats and including this in the Summary report. It will show endpoints from other groups. Is there a way to import only Detections and Threats for one group?

Thanks

 

@syarbrough I understand and love the idea. I do lament that the detection data does not reconcile with endpoint selection.

On my list of enhancements now, thank you!

Link to post
Share on other sites
  • 2 weeks later...
LeeWei

LeeWei

Posted
  • Author
Posted

If you use the Excel Addin, please consider upgrading to v2.0 that I have just published.

https://support.malwarebytes.com/docs/DOC-2672

Other than bug fixes, I have incorporated a lot of features and requests from you guys.

  • One main enhancement is the management of Endpoint Statuses now available in the Cloud console.
    • You can see summary charts of endpoints with the different statuses like Scan Needed, Remediation Required, Reboot Required, etc.
    • A summary report with these data points are included as the primary KPI.
    • And lastly, there is a "Take Status Action" dialog to take the actions in bulk.
  • Also added is a better way of handling and managing groups. You can filter endpoints by a group hierarchy.

Per usual, I appreciate bug reports and enhancement requests.

 

 

Link to post
Share on other sites
  • 1 month later...
RickyF

RickyF

Posted
Posted

Hi LeeWei,

I love the Addin. Congratulations for the great job you made.

I have a question. My customers are all different people (mostly private, I mean non corporations) who bought just one licence. I take care that theirs computers are nice and clean. I need to send them by email every week an status report about all the detection or events that they might have had on the past week.

Do you know how can I achieve this with your addin? Just one report from just one endpoint to send to just one email. Of course once I had the solution for one device I will have to do the same for all the devices so some kind of macro I guess will also be needed to send the emails on batch process in the long run but I can start to send them manually. Complicated?

Regards

Ricky

Link to post
Share on other sites
LeeWei

LeeWei

Posted
  • Author
Posted
On 12/11/2018 at 2:44 PM, syarbrough said:

Hi Lee Wei,

Great addin, I have been looking for this type of reporting and it works very well. I am trying to filter down to a group and run a summary report for my end users, however it is pulling data from all devices in all groups from Detections and Threats and including this in the Summary report. It will show endpoints from other groups. Is there a way to import only Detections and Threats for one group?

Thanks

 

@syarbrough, I forgot to follow-up with you. The new version 2.2 will now report threats and detections only for the endpoints (e.g. group) that you have selected. Thank you for the suggestion and input.

Link to post
Share on other sites
LeeWei

LeeWei

Posted
  • Author
Posted
7 hours ago, RickyF said:

Hi LeeWei,

I love the Addin. Congratulations for the great job you made.

I have a question. My customers are all different people (mostly private, I mean non corporations) who bought just one licence. I take care that theirs computers are nice and clean. I need to send them by email every week an status report about all the detection or events that they might have had on the past week.

Do you know how can I achieve this with your addin? Just one report from just one endpoint to send to just one email. Of course once I had the solution for one device I will have to do the same for all the devices so some kind of macro I guess will also be needed to send the emails on batch process in the long run but I can start to send them manually. Complicated?

Regards

Ricky

@RickyF, hah, I have not targeted (designed...) the reports to highlight one single endpoint, they are most meant for a group of computers. This is why we see Top 10 categories etc.

I think the report will be very different, and you can provide all the details of the endpoint including OS details, network, software installed, Windows updates. Basically everything that is available when drilling into a single endpoint. 

Past that, many have asked for the ability to schedule the reports for delivery.

Yes both these will require some work, but I appreciate the feedback.

Link to post
Share on other sites
RickyF

RickyF

Posted
Posted
16 hours ago, LeeWei said:

@RickyF, hah, I have not targeted (designed...) the reports to highlight one single endpoint, they are most meant for a group of computers. This is why we see Top 10 categories etc.

I think the report will be very different, and you can provide all the details of the endpoint including OS details, network, software installed, Windows updates. Basically everything that is available when drilling into a single endpoint. 

Past that, many have asked for the ability to schedule the reports for delivery.

Yes both these will require some work, but I appreciate the feedback.

Hi @LeeWei,

Thanks for your reply.

A simple "detection and threats" report for one single endpoint would be sufficient. What do you recommend in order to do that? I mean what would you do if you where on my shoes knowing that is vital for your business? Maybe you know somebody that can do this job for me....

Thanks again.

Ricky

Link to post
Share on other sites
LeeWei

LeeWei

Posted
  • Author
Posted
9 hours ago, RickyF said:

Hi @LeeWei,

Thanks for your reply.

A simple "detection and threats" report for one single endpoint would be sufficient. What do you recommend in order to do that? I mean what would you do if you where on my shoes knowing that is vital for your business? Maybe you know somebody that can do this job for me....

Thanks again.

Ricky

@RickyF if you want just the detection data for one endpoint, you can do the following.

- In the "Endpoint Computers" export button, use the search field to find your endpoint.

- Following that, any data extracted from the "Detections and Threats" button will be filter for this endpoint only. This way, any charts and summary will also be for this endpoint.

 

Link to post
Share on other sites
RickyF

RickyF

Posted
Posted
On 1/31/2019 at 10:36 PM, LeeWei said:

@RickyF if you want just the detection data for one endpoint, you can do the following.

- In the "Endpoint Computers" export button, use the search field to find your endpoint.

- Following that, any data extracted from the "Detections and Threats" button will be filter for this endpoint only. This way, any charts and summary will also be for this endpoint.

 

hI @LeeWei, I just tried to do what you told me and I have no data. Let me explain. For example in the screen shot from the cloud I enclose here there is one mac with 25 detection. When I try to see this detection with the addin there is no data. What I am do in wrong?

Thanks

 

ricky

Captura 01.PNG

Captura 02.PNG

Captura 03.PNG

Link to post
Share on other sites
wpclau

wpclau

Posted
Posted

This is a really super plugin. Thank you so much for making it! 

I was wondering if there was a way to modify it so that I can see the last scan - it is in the api call - but it isn't available alone but as criteria in a separate query. I'm trying to make sure the policies are applying and the machines are scanning as scheduled so having  "last_scanned_at": , returned would be phenomenal. 

Link to post
Share on other sites
LeeWei

LeeWei

Posted
  • Author
Posted
13 minutes ago, wpclau said:

This is a really super plugin. Thank you so much for making it! 

I was wondering if there was a way to modify it so that I can see the last scan - it is in the api call - but it isn't available alone but as criteria in a separate query. I'm trying to make sure the policies are applying and the machines are scanning as scheduled so having  "last_scanned_at": , returned would be phenomenal. 

@wpclau, this should have already been available under importing of Endpoint Data per the screen shot below. Let me know if you are referring to something different.

image.thumb.png.9766c1dc9a332c2927b8cdd170ee4be9.png

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.