Jump to content

Cloud Excel Addin - data export and report


LeeWei

Recommended Posts

13 hours ago, RickyF said:

Now it is ok. I have updated the adin to version 3.1.1 and is working fine

Sorry about my mistake!

Best

Ricky

No Ricky it is not your mistake. I have been tracking this error for a while now, but not successful.

The error has to do with my code not being able to create a Worksheet. First of all, it has nothing to do with Malwarebytes Cloud or API.

I don't know what state does Excel get into where it does not allow me to create the worksheet. Restarting Excel, or possibly restarting the computer fixes this.

Link to post
Share on other sites

  • 2 weeks later...
48 minutes ago, BrianA said:

Is there a list of IP addresses for https://cloud.malwarebytes.com/ that is published that I can use for a whitelist? I am unable to connect with the excel add on since AV policies are set to block W97/Downloader from connecting to external IP addresses? 

We use Amazon CloudFront as the CDN (Content Delivery Network) and the IP might change.
So we don't have static IPs for whitelisting.
Is whitelisting an arduous process? You want to try the first IP is resolves to and see how long it might stay the same?

 

Link to post
Share on other sites

21 minutes ago, LeeWei said:

We use Amazon CloudFront as the CDN (Content Delivery Network) and the IP might change.
So we don't have static IPs for whitelisting.
Is whitelisting an arduous process? You want to try the first IP is resolves to and see how long it might stay the same?

 

It is a bit of a process since the request has to go through a SecOps process to allow exceptions and get the policy implemented and them pushed to a machine. I white-listed 2 ip addresses yesterday and it appears that they are using different ones today so I dont think that is going to be an acceptable solution to open a support request each day nor would it be to allow excel to make internet calls to all IP addresses. Seems like I am in a bit of a bind.

Link to post
Share on other sites

1 hour ago, BrianA said:

It is a bit of a process since the request has to go through a SecOps process to allow exceptions and get the policy implemented and them pushed to a machine. I white-listed 2 ip addresses yesterday and it appears that they are using different ones today so I dont think that is going to be an acceptable solution to open a support request each day nor would it be to allow excel to make internet calls to all IP addresses. Seems like I am in a bit of a bind.

Given their large number of IP addresses, I wonder how useful this page is.

I am not familiar with your whitelisting process and wonder if SecOps will just laugh us out of the room.

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html

Note this URL with the large number of IPs:

https://ip-ranges.amazonaws.com/ip-ranges.json

I wonder if further possible to narrow by service and region.

 

Link to post
Share on other sites

  • 2 months later...
On 4/3/2020 at 12:36 PM, Vegita said:

Hi Lee Wei,

 

I am getting this error when I go to view my scheduled reports. Summary report > View Schedules

image.thumb.png.8cb8b259c5f3ff27156131193946886e.png

I looked through the forums and didn't see anything, I also updated to 3.1.1 and am getting the same error.

 

Thanks!

 

Sorry, there must be a bug somewhere.

The schedule information is stored in the Windows Registry here: HKEY_CURRENT_USER\Software\Malwarebytes\ExcelAddin\Schedules.

- If you want to keep the schedule(s), you can export the hive and send me to debug (lwei @ malwarebytes.com).
- If you don't care to keep the schedules, you can delete the entries and you will be able to "View Schedules" again.

 

 

Former Malwarebytes employee

Follow us: Twitter, Become a fan: Facebook

Link to post
Share on other sites

  • 3 months later...

When I open the "detection and threat" report, it is not showing the total number of detection's in the report. For example, we have one computer with 100 detection's in the last 90 days. The total detection's for all the computers is 250. All of the detection's show in the "detection data" spreadsheet but in the formatted "detection reports" it only shows 50 detection's. The detection's are PUP's and blocked websites. How would I get the "detection report" to show all of the detection's? Thanks 

Link to post
Share on other sites

  • Staff
On 7/29/2020 at 7:57 AM, wep said:

When I open the "detection and threat" report, it is not showing the total number of detection's in the report. For example, we have one computer with 100 detection's in the last 90 days. The total detection's for all the computers is 250. All of the detection's show in the "detection data" spreadsheet but in the formatted "detection reports" it only shows 50 detection's. The detection's are PUP's and blocked websites. How would I get the "detection report" to show all of the detection's? Thanks 

@wep When there is a threat detected, Malwarebytes console will show you all the different traces of the threat. For example, one PUP will show up in the console as many entries, sometimes into the hundreds. The Excel Addin defaults to "aggregating Detections". This behavior can be changed by going into the "Configuration and Options" menu then check the option to "Do not aggregate the Detections". 

Please see if that is what you are encountering.

Link to post
Share on other sites

10 hours ago, Lee-Wei said:

@wep When there is a threat detected, Malwarebytes console will show you all the different traces of the threat. For example, one PUP will show up in the console as many entries, sometimes into the hundreds. The Excel Addin defaults to "aggregating Detections". This behavior can be changed by going into the "Configuration and Options" menu then check the option to "Do not aggregate the Detections". 

Please see if that is what you are encountering.

Problem solved! Thanks for the help.

Link to post
Share on other sites

  • 1 month later...
  • Staff
21 minutes ago, Calebxx1 said:

@LeeWei

Hi,

I was wondering if there is a way to turn Asset Information, Software Installed, and Updates Installed into a generated report that could be emailed to the user similar how the Summary Report can generate a PDF/HTML report of Endpoint Data and Detections and Threats.

@Calebxx1hi there - I am not working on this project actively. The team is very interested in getting additional feedback from the community, so I suggest entering the request within the console as a feedback.

  • Like 1
Link to post
Share on other sites

  • 2 months later...

Hi Lee,

I have multiple sites in my environment. I wonder if I could extract the data from all of them at once using the excel plugin so I can have all data from all sites on the same sheet. Right now it only lets me do it one by one and when I try to download them all at once it gives me this error that I send you in the capture "no permission for site"

Thanks!!

no permission.png

Link to post
Share on other sites

  • Staff
On 12/9/2020 at 1:33 AM, RickyF said:

Hi Lee,

I have multiple sites in my environment. I wonder if I could extract the data from all of them at once using the excel plugin so I can have all data from all sites on the same sheet. Right now it only lets me do it one by one and when I try to download them all at once it gives me this error that I send you in the capture "no permission for site"

Thanks!!

no permission.png

@RickyF, the "All Site" option should have been taken out as it has not been implemented. Sorry about that.

 

Link to post
Share on other sites

  • Staff
12 minutes ago, Flyers2020 said:

What is the difference between 'found' and 'quarantined' in the detection data worksheet? I downloaded filezilla as a test, I was able to install it and later mb quarantined the setup file. That detection has a 'quarantined' status not 'found'. 

If a threat is detected and actioned upon, it will be tagged as Quarantined. If it is only detected but not remediated, than you see the status as Found.

Found is possible if you performance a scan but chose not to remediate for reporting only.

Link to post
Share on other sites

  • Staff
1 minute ago, Flyers2020 said:

ok that makes sense, i chose scan and report after deploying to endpoints in November. So far in December nothing has been marked as 'found'. 

 

can you comment on my previous post about suspicious activity not showing up in the summary report?

Correct that suspicious activities are not currently included as part of the summary report. 

There is not a plan to do that.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.