Jump to content

Cloud Excel Addin - data export and report

LeeWei

By LeeWei,
in Malwarebytes Endpoint Protection

 Share Followers 9

Recommended Posts

  • Replies 97
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Lee-Wei

@Calebxx1hi there - I am not working on this project actively. The team is very interested in getting additional feedback from the community, so I suggest entering the request within the console as a

noogie

@Lee-Wei  I entered different week ranges and am getting the matching threat counts.   I'm not sure why that particular week showed differences but as long as it looks good now.     Thank you for your

Posted Images

Lee-Wei

Lee-Wei 2

Posted
Posted
7 minutes ago, Flyers2020 said:

are there plans for integrated reporting in Nebula? Similar to how you have made this add-in.

I don't know the plans. One way to provide feedback is that when you sign into the Nebula cloud console, the bottom left corner has a "Send Feedback" feature to send your query and feedback.

Link to post
Share on other sites
noogie

noogie 1

Posted
Posted

I am seeing discrepancies between the Excel Add-in and the console.  The total number of threat detections are off.  (For Ex: Looking at Detections, I see 99 from the cloud console and 35 from Excel.  I am running this using the same custom date criteria)   Am I doing something wrong?  I am running Excel Add-In v3.1.1.  

Link to post
Share on other sites
Lee-Wei

Lee-Wei 2

Posted
Posted
14 minutes ago, noogie said:

I am seeing discrepancies between the Excel Add-in and the console.  The total number of threat detections are off.  (For Ex: Looking at Detections, I see 99 from the cloud console and 35 from Excel.  I am running this using the same custom date criteria)   Am I doing something wrong?  I am running Excel Add-In v3.1.1.  

From my recollection, there are 2 possibilities:

- Firstly, in the Excel Add-in, the detection data is filtered based on the Endpoints selected. For example, if you download a subset of endpoints from a group, then the detections will be filtered based on that set of assets.

- Secondly, I am not sure on this one. At one point, the console only shows 30 days of threat data, whereas the Excel Add-in via the API has access to 90 days of threat data. So check your console to see the oldest dates.

Link to post
Share on other sites
noogie

noogie 1

Posted
Posted
8 minutes ago, Lee-Wei said:

From my recollection, there are 2 possibilities:

- Firstly, in the Excel Add-in, the detection data is filtered based on the Endpoints selected. For example, if you download a subset of endpoints from a group, then the detections will be filtered based on that set of assets.

- Secondly, I am not sure on this one. At one point, the console only shows 30 days of threat data, whereas the Excel Add-in via the API has access to 90 days of threat data. So check your console to see the oldest dates.

@Lee-Wei  Thank you for your quick response.  Not sure if I was not clear.  So on the console, Under the Report section, I created a Detections Summary report with a custom (On-Demand) date.  I am comparing the total threat count with the Detection report generated by the Add-In and using same custom dates.  I don't see where there is an ability to filter endpoints if this is the case.

Link to post
Share on other sites
Lee-Wei

Lee-Wei 2

Posted
Posted
12 minutes ago, noogie said:

@Lee-Wei  Thank you for your quick response.  Not sure if I was not clear.  So on the console, Under the Report section, I created a Detections Summary report with a custom (On-Demand) date.  I am comparing the total threat count with the Detection report generated by the Add-In and using same custom dates.  I don't see where there is an ability to filter endpoints if this is the case.

In the Excel Add in, if you have imported any Endpoints unto the spreadsheet, then the Detection import will automatically filter against that set of endpoints.

If you simply perform a Detection import, then no additional filtering will apply.

Since the data set is not too big (35 - 99), would you mind just spot check to see which are the missing ones?

Failing that, feel free to contact me and I do a quick check with you. My email is leewei at leewei dot com.

Link to post
Share on other sites
noogie

noogie 1

Posted
Posted
1 hour ago, Lee-Wei said:

In the Excel Add in, if you have imported any Endpoints unto the spreadsheet, then the Detection import will automatically filter against that set of endpoints.

If you simply perform a Detection import, then no additional filtering will apply.

Since the data set is not too big (35 - 99), would you mind just spot check to see which are the missing ones?

Failing that, feel free to contact me and I do a quick check with you. My email is leewei at leewei dot com.

On the Excel Add-In and in the "Detections and Threats" button is there a difference between the "Import Data" and Import Data and Generate Reports" button"?   Interestingly enough the "Import Data" button shows the correct (same) number as I see on the console.  The "Import Data and Generate Reports" button shows the discrepancy.  

Link to post
Share on other sites
Lee-Wei

Lee-Wei 2

Posted
Posted
28 minutes ago, noogie said:

On the Excel Add-In and in the "Detections and Threats" button is there a difference between the "Import Data" and Import Data and Generate Reports" button"?   Interestingly enough the "Import Data" button shows the correct (same) number as I see on the console.  The "Import Data and Generate Reports" button shows the discrepancy.  

Hmm, no there should not be a difference the the number of detections, because it is the same code. After importing the data, the "...Generate Reports" further creates some charts for us.

Private message me or contact me via my email above and I can take a look.

 

Link to post
Share on other sites
Lee-Wei

Lee-Wei 2

Posted
Posted

@noogie

Oh silly me, the reason for the difference is that the Excel Add-in is “Aggregating” the detections.

When Malwarebytes detect a threat, the console is showing the “traces”.

So one threat, such as a PUP, might have multiple traces consisting of files, registries, etc.

The Excel Add-in defaults to aggregating them.

Go to Configuration and Options and check the following “Do not aggregate Detections” to show all traces without aggregating them.

image.thumb.png.9554ffd4b18c149cb05fd0ea10bc2a00.png

 

Link to post
Share on other sites
noogie

noogie 1

Posted
Posted
1 hour ago, Lee-Wei said:

@noogie

Oh silly me, the reason for the difference is that the Excel Add-in is “Aggregating” the detections.

When Malwarebytes detect a threat, the console is showing the “traces”.

So one threat, such as a PUP, might have multiple traces consisting of files, registries, etc.

The Excel Add-in defaults to aggregating them.

Go to Configuration and Options and check the following “Do not aggregate Detections” to show all traces without aggregating them.

image.thumb.png.9554ffd4b18c149cb05fd0ea10bc2a00.png

 


I made the change but the numbers still do not match.  Actually reporting higher now on the AddIn.  I think I may be interpreting these reports incorrectly.  I’m looking at the Console generated “Detections Summary” numbers and the “Weekly Security” report numbers.  Both these reports match but I am not seeing the same numbers on the AddIn.  
(Btw - i sent you an email with some screenshots.  Hope that helps)

Link to post
Share on other sites
noogie

noogie 1

Posted
Posted
On 12/17/2020 at 12:54 AM, noogie said:


I made the change but the numbers still do not match.  Actually reporting higher now on the AddIn.  I think I may be interpreting these reports incorrectly.  I’m looking at the Console generated “Detections Summary” numbers and the “Weekly Security” report numbers.  Both these reports match but I am not seeing the same numbers on the AddIn.  
(Btw - i sent you an email with some screenshots.  Hope that helps)

@Lee-Wei  I entered different week ranges and am getting the matching threat counts.   I'm not sure why that particular week showed differences but as long as it looks good now.  :)   Thank you for your help again!  This tool is awesome btw!   

  • Like 1
Link to post
Share on other sites
  • 4 weeks later...
JeremyIIA

JeremyIIA 0

Posted
Posted

Hi guys,

fairly new to the excel add-in. I've already rebooted my machine and was able to connect to my nebula console but when I try and import my endpoint data I'm getting two errors. 

 

1. Unable to get the Add property of the Sheets class

2.Unable to set the DisplayGridlines property of the Window class. 

 

I have a nebula account

using excel 2013

and have .net 4.8 installed. 

Link to post
Share on other sites
MCJones

MCJones 0

Posted
Posted

Hi,

I am interested in using this Add-In however I am stumbling at the first hurdle.   I have installed the Add In (v3.1.1).   When I attempt to sign in the the cloud I get a 407 Proxy error message:

image.png.8ab68c473dcc30a7e17a71bbc65fe6a2.png

I normally sign into the cloud successfully with these credentials (although use 2FA) at the following URL:

https://cloud.malwarebytes.com/dashboard

Any assistance would be welcome.

Kind regards,

Mike

Link to post
Share on other sites
Lee-Wei

Lee-Wei 2

Posted
Posted
4 hours ago, MCJones said:

Hi,

I am interested in using this Add-In however I am stumbling at the first hurdle.   I have installed the Add In (v3.1.1).   When I attempt to sign in the the cloud I get a 407 Proxy error message:

image.png.8ab68c473dcc30a7e17a71bbc65fe6a2.png

I normally sign into the cloud successfully with these credentials (although use 2FA) at the following URL:

https://cloud.malwarebytes.com/dashboard

Any assistance would be welcome.

Kind regards,

Mike

@MCJones Hi Mike, I don't think the add-in supports proxy connection, which I would you assume you are using.

I will have to look into adding that.

Link to post
Share on other sites
Lee-Wei

Lee-Wei 2

Posted
Posted
On 1/13/2021 at 7:42 AM, JeremyIIA said:

Hi guys,

fairly new to the excel add-in. I've already rebooted my machine and was able to connect to my nebula console but when I try and import my endpoint data I'm getting two errors. 

 

1. Unable to get the Add property of the Sheets class

2.Unable to set the DisplayGridlines property of the Window class. 

 

I have a nebula account

using excel 2013

and have .net 4.8 installed. 

@JeremyIIASorry that I missed your post earlier. If you contact me directly, I would be very interested in debugging the error.

Link to post
Share on other sites
  • 3 months later...
Lee-Wei

Lee-Wei 2

Posted
Posted
18 minutes ago, RickyF said:

Hi @LeeWei,

I have a problem. 

When import my site to a new Excel file only the default group devices are imported. Every thing else is ignored

Can you help?

Thanks

Ricky

@rickyf Can you please tell me more what function/button are you clicking. A picture will be useful, as I cannot picture the error.

Link to post
Share on other sites
RickyF

RickyF 0

Posted
Posted

Ok,

1.- I have in my my site two groups. default and BNL (see my 1 capture)

2.- I open excel plug in and connect to the site

3.- I select to import ALL groups (not just the default group)

4.- only the default group is imported and the BNL group is ignored

image.png.4b2aeadfa4e2b41b8d5cb4791c8834c2.png

image.png.11d1e9f507cba0cf5ee188ca95706329.pngimage.png.80bc45cd3ea60d68309c4cf88f75d8b9.png

image.png.5da842da6874b603574a75985d6e5269.png

image.png

Link to post
Share on other sites
Lee-Wei

Lee-Wei 2

Posted
Posted

@rickyf Thanks for the pictures and I can the issue you are facing.

I cannot think of a reason - might have to do with login user and the group permission?

I logged into a OneView site with more than one group and i do see all the endpoints from 2 different groups.

Link to post
Share on other sites
Lee-Wei

Lee-Wei 2

Posted
Posted
On 5/9/2021 at 12:02 PM, RickyF said:

What do you recommend? What can I do to solve the problem. Any tips 

ricky 

Ricky and I worked together and turned out that we were using a Read Only user account that does not have rights to the other groups.

Once we correct the user permission, we are able to import and view the endpoints correctly.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Followers 9
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept