vision311 Posted January 29, 2021 ID:1435257 Share Posted January 29, 2021 Hello I am working for an MSP and new to Malwarebytes (OneView, Nebula, MW Endpoint Protection). There are two questions i didn't find an answer for in the Admin Guides: 1. We would like to get Email Notifications on every detection, not only after scheduled Scans. How do i configure that 2. We use Datto RMM. is there any way to connect to Datto like to ConnectWise? Best Regards and thanks in advance Daniel Link to post Share on other sites More sharing options...
Solution exile360 Posted January 29, 2021 Solution ID:1435274 Share Posted January 29, 2021 Greetings, According to the information in this support article, Nebula provides email notifications for the following event types: Quote Detection Notifications Deleted From Quarantine Restored From Quarantine Detections Cleaned Detections Found Suspicious Activity (High Severity Threats Only) Account Notifications User Deleted User Invited User Verified Endpoint Agent Notifications Command Failed Command Timeout Endpoint Registered Unfortunately, it doesn't appear that notifications for real-time protection detection events are provided, however I will submit a request to the Product team to consider adding it in the future. With regards to Datto, this support article indicates that you can at least integrate deployment using the provided MSI installer. I could not locate any further information on integrating it, however you may contact Malwarebytes Business Support via the form located on this page and they will be able to give you a definitive answer, assuming no one more knowledgeable than myself responds here in the meantime. I hope this helps, and if there is anything else we might assist you with please let us know. Thanks Link to post Share on other sites More sharing options...
vision311 Posted January 29, 2021 Author ID:1435276 Share Posted January 29, 2021 Thank you for the Quick Reply It confirms what i found in the Support Documents (which helped me lot!) For 1. it is all about for the moment and until your request is heard by the product guys and for 2. Packaging and also Controlling of Malwarebytes through command line is clear. It is more about catching real time events, which is combined with 1. Best regards Dani Link to post Share on other sites More sharing options...
exile360 Posted January 29, 2021 ID:1435278 Share Posted January 29, 2021 I'm not familiar enough with Datto and products like it to know personally, however if you can read the logs created by the endpoints, and assuming Datto has some sort of agent running on the endpoints that could do so, you might be able to simply parse the detection info from the .JSON and/or .LOG files created in Malwarebytes' data folder whenever detection events occur. Such a solution obviously wouldn't be ideal though, especially since it would likely require some sort of constant monitoring and/or heartbeat to query for new detection events/logs/log entries. Link to post Share on other sites More sharing options...
vision311 Posted January 29, 2021 Author ID:1435279 Share Posted January 29, 2021 Thanks exile360. It's true: constant reading of log files is a possibility, but not very elegant. Like monitoring always is: a compromise between real time information, ressource consumption, schedules, avoiding repeated messages etc. For now you helped me. Best Regards Link to post Share on other sites More sharing options...
exile360 Posted January 29, 2021 ID:1435280 Share Posted January 29, 2021 I'm glad I could be of service, and I've noted your requirements and requests for my report to the Product team. Please let us know if we can help you in any other way. Thanks Link to post Share on other sites More sharing options...
AlexSmith Posted February 5, 2021 ID:1436773 Share Posted February 5, 2021 @vision311 little late to this one, but figured it was still worth mentioning. We have a OneView and Nebula Public API which you could utilize to set up a web hook to get real-time detection events. Go to the API & Services section under Settings in the Nebula or OneView console. Once you are there, click the View API Documentation link at the top for all the details. 1 Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now