Flyers2020 0 Posted December 14, 2020 ID:1427092 Share Posted December 14, 2020 are there plans for integrated reporting in Nebula? Similar to how you have made this add-in. Link to post Share on other sites
Lee-Wei 1 Posted December 14, 2020 ID:1427095 Share Posted December 14, 2020 7 minutes ago, Flyers2020 said: are there plans for integrated reporting in Nebula? Similar to how you have made this add-in. I don't know the plans. One way to provide feedback is that when you sign into the Nebula cloud console, the bottom left corner has a "Send Feedback" feature to send your query and feedback. Link to post Share on other sites
noogie 1 Posted December 16, 2020 ID:1427514 Share Posted December 16, 2020 I am seeing discrepancies between the Excel Add-in and the console. The total number of threat detections are off. (For Ex: Looking at Detections, I see 99 from the cloud console and 35 from Excel. I am running this using the same custom date criteria) Am I doing something wrong? I am running Excel Add-In v3.1.1. Link to post Share on other sites
Lee-Wei 1 Posted December 16, 2020 ID:1427518 Share Posted December 16, 2020 14 minutes ago, noogie said: I am seeing discrepancies between the Excel Add-in and the console. The total number of threat detections are off. (For Ex: Looking at Detections, I see 99 from the cloud console and 35 from Excel. I am running this using the same custom date criteria) Am I doing something wrong? I am running Excel Add-In v3.1.1. From my recollection, there are 2 possibilities: - Firstly, in the Excel Add-in, the detection data is filtered based on the Endpoints selected. For example, if you download a subset of endpoints from a group, then the detections will be filtered based on that set of assets. - Secondly, I am not sure on this one. At one point, the console only shows 30 days of threat data, whereas the Excel Add-in via the API has access to 90 days of threat data. So check your console to see the oldest dates. Link to post Share on other sites
noogie 1 Posted December 16, 2020 ID:1427521 Share Posted December 16, 2020 8 minutes ago, Lee-Wei said: From my recollection, there are 2 possibilities: - Firstly, in the Excel Add-in, the detection data is filtered based on the Endpoints selected. For example, if you download a subset of endpoints from a group, then the detections will be filtered based on that set of assets. - Secondly, I am not sure on this one. At one point, the console only shows 30 days of threat data, whereas the Excel Add-in via the API has access to 90 days of threat data. So check your console to see the oldest dates. @Lee-Wei Thank you for your quick response. Not sure if I was not clear. So on the console, Under the Report section, I created a Detections Summary report with a custom (On-Demand) date. I am comparing the total threat count with the Detection report generated by the Add-In and using same custom dates. I don't see where there is an ability to filter endpoints if this is the case. Link to post Share on other sites
Lee-Wei 1 Posted December 17, 2020 ID:1427523 Share Posted December 17, 2020 12 minutes ago, noogie said: @Lee-Wei Thank you for your quick response. Not sure if I was not clear. So on the console, Under the Report section, I created a Detections Summary report with a custom (On-Demand) date. I am comparing the total threat count with the Detection report generated by the Add-In and using same custom dates. I don't see where there is an ability to filter endpoints if this is the case. In the Excel Add in, if you have imported any Endpoints unto the spreadsheet, then the Detection import will automatically filter against that set of endpoints. If you simply perform a Detection import, then no additional filtering will apply. Since the data set is not too big (35 - 99), would you mind just spot check to see which are the missing ones? Failing that, feel free to contact me and I do a quick check with you. My email is leewei at leewei dot com. Link to post Share on other sites
noogie 1 Posted December 17, 2020 ID:1427543 Share Posted December 17, 2020 1 hour ago, Lee-Wei said: In the Excel Add in, if you have imported any Endpoints unto the spreadsheet, then the Detection import will automatically filter against that set of endpoints. If you simply perform a Detection import, then no additional filtering will apply. Since the data set is not too big (35 - 99), would you mind just spot check to see which are the missing ones? Failing that, feel free to contact me and I do a quick check with you. My email is leewei at leewei dot com. On the Excel Add-In and in the "Detections and Threats" button is there a difference between the "Import Data" and Import Data and Generate Reports" button"? Interestingly enough the "Import Data" button shows the correct (same) number as I see on the console. The "Import Data and Generate Reports" button shows the discrepancy. Link to post Share on other sites
Lee-Wei 1 Posted December 17, 2020 ID:1427550 Share Posted December 17, 2020 28 minutes ago, noogie said: On the Excel Add-In and in the "Detections and Threats" button is there a difference between the "Import Data" and Import Data and Generate Reports" button"? Interestingly enough the "Import Data" button shows the correct (same) number as I see on the console. The "Import Data and Generate Reports" button shows the discrepancy. Hmm, no there should not be a difference the the number of detections, because it is the same code. After importing the data, the "...Generate Reports" further creates some charts for us. Private message me or contact me via my email above and I can take a look. Link to post Share on other sites
Lee-Wei 1 Posted December 17, 2020 ID:1427559 Share Posted December 17, 2020 @noogie, Oh silly me, the reason for the difference is that the Excel Add-in is “Aggregating” the detections. When Malwarebytes detect a threat, the console is showing the “traces”. So one threat, such as a PUP, might have multiple traces consisting of files, registries, etc. The Excel Add-in defaults to aggregating them. Go to Configuration and Options and check the following “Do not aggregate Detections” to show all traces without aggregating them. Link to post Share on other sites
noogie 1 Posted December 17, 2020 ID:1427560 Share Posted December 17, 2020 1 hour ago, Lee-Wei said: @noogie, Oh silly me, the reason for the difference is that the Excel Add-in is “Aggregating” the detections. When Malwarebytes detect a threat, the console is showing the “traces”. So one threat, such as a PUP, might have multiple traces consisting of files, registries, etc. The Excel Add-in defaults to aggregating them. Go to Configuration and Options and check the following “Do not aggregate Detections” to show all traces without aggregating them. I made the change but the numbers still do not match. Actually reporting higher now on the AddIn. I think I may be interpreting these reports incorrectly. I’m looking at the Console generated “Detections Summary” numbers and the “Weekly Security” report numbers. Both these reports match but I am not seeing the same numbers on the AddIn. (Btw - i sent you an email with some screenshots. Hope that helps) Link to post Share on other sites
noogie 1 Posted December 18, 2020 ID:1427848 Share Posted December 18, 2020 On 12/17/2020 at 12:54 AM, noogie said: I made the change but the numbers still do not match. Actually reporting higher now on the AddIn. I think I may be interpreting these reports incorrectly. I’m looking at the Console generated “Detections Summary” numbers and the “Weekly Security” report numbers. Both these reports match but I am not seeing the same numbers on the AddIn. (Btw - i sent you an email with some screenshots. Hope that helps) @Lee-Wei I entered different week ranges and am getting the matching threat counts. I'm not sure why that particular week showed differences but as long as it looks good now. Thank you for your help again! This tool is awesome btw! 1 Link to post Share on other sites
JeremyIIA 0 Posted January 13 ID:1432064 Share Posted January 13 Hi guys, fairly new to the excel add-in. I've already rebooted my machine and was able to connect to my nebula console but when I try and import my endpoint data I'm getting two errors. 1. Unable to get the Add property of the Sheets class 2.Unable to set the DisplayGridlines property of the Window class. I have a nebula account using excel 2013 and have .net 4.8 installed. Link to post Share on other sites
Root Admin AdvancedSetup 354 Posted January 13 Root Admin ID:1432132 Share Posted January 13 Not sure of the required details but perhaps @Lee-Wei can assist. Link to post Share on other sites
MCJones 0 Posted January 21 ID:1433604 Share Posted January 21 Hi, I am interested in using this Add-In however I am stumbling at the first hurdle. I have installed the Add In (v3.1.1). When I attempt to sign in the the cloud I get a 407 Proxy error message: I normally sign into the cloud successfully with these credentials (although use 2FA) at the following URL: https://cloud.malwarebytes.com/dashboard Any assistance would be welcome. Kind regards, Mike Link to post Share on other sites
Lee-Wei 1 Posted January 21 ID:1433657 Share Posted January 21 4 hours ago, MCJones said: Hi, I am interested in using this Add-In however I am stumbling at the first hurdle. I have installed the Add In (v3.1.1). When I attempt to sign in the the cloud I get a 407 Proxy error message: I normally sign into the cloud successfully with these credentials (although use 2FA) at the following URL: https://cloud.malwarebytes.com/dashboard Any assistance would be welcome. Kind regards, Mike @MCJones Hi Mike, I don't think the add-in supports proxy connection, which I would you assume you are using. I will have to look into adding that. Link to post Share on other sites
Lee-Wei 1 Posted January 21 ID:1433660 Share Posted January 21 On 1/13/2021 at 7:42 AM, JeremyIIA said: Hi guys, fairly new to the excel add-in. I've already rebooted my machine and was able to connect to my nebula console but when I try and import my endpoint data I'm getting two errors. 1. Unable to get the Add property of the Sheets class 2.Unable to set the DisplayGridlines property of the Window class. I have a nebula account using excel 2013 and have .net 4.8 installed. @JeremyIIASorry that I missed your post earlier. If you contact me directly, I would be very interested in debugging the error. Link to post Share on other sites
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now