Skip to main content
Skip table of contents

Syslog - Malwarebytes Endpoint Security CEF

Device Details

Vendor

Malwarebytes

Device Type

Malwarebytes Endpoint Security

Supported Model Name/Number

Malwarebytes Management Console (MBMC)

Supported Software Version(s)

1.8.0.3443

Collection Method

Syslog

Configurable Log Output?

No

Log Source Type

Syslog - Malwarebytes Endpoint Security CEF

Log Processing Policy

LogRhythm Default

Exceptions

N/A

Additional Information

https://www.malwarebytes.com/business/endpointsecurity

Prerequisites

Endpoint configuration changes must be implemented to facilitate installation of a Malwarebytes managed client to those endpoints. Similar methods are required for the various operating systems, and they are grouped accordingly.

Windows Server Endpoint Preparation for All Supported Versions

  1. From the Windows Start Menu, launch the Control Panel.
  2. Launch Network and Sharing Center by double-clicking its icon.
  3. On the left side of the screen, select Change advanced sharing settings.
  4. Click the arrow to the right of All Networks or Domain, (dependent on network environment).
  5. Turn on Network discovery, File sharing and Printer sharing.
  6. Click Save changes.
  7. Close the Control Panel.
  8. Launch the Server Manager by clicking its Icon.
  9. Select Administrative ToolsAdd Feature, and then .Net 3.5
  10. Continue through the installation.
  11. WORKGROUP ONLY: Enable the built-in administrator account by opening a command prompt as administrator, and typing the following command: net user administrator /active:yes

Windows 7/8/8.1/10 Endpoint Preparation

  1. From the Windows Start Menu, launch the Control Panel.
  2. Launch Network and Sharing Center by double-clicking its icon.
  3. On the left side of the screen, select Change advanced sharing settings.
  4. Click the arrow to the right of All Networks or Domain, (dependent on network environment).
  5. Turn on Network discovery, File sharing and Printer sharing.
  6. Click Save changes.
  7. Close the Control Panel.
  8. WORKGROUP ONLY: Enable the built-in administrator account by opening a command prompt as administrator, and typing the following command: net user administrator /active:yes

Windows Vista Endpoint Preparation

  1. From the Windows Start Menu, launch the Control Panel.
  2. Launch Network and Sharing Center by double-clicking its icon.
  3. In the section titled Sharing and Discovery, turn on Network discovery, File sharing and Printer sharing.
  4. Close the Control Panel.
  5. WORKGROUP ONLY: Enable the built-in administrator account by opening a command prompt as administrator, and typing the following command: net user administrator /active:yes

Windows XP Endpoint Preparation

  1. From the Windows Start Menu, launch the Control Panel.
  2. Launch Network and Sharing Center by double-clicking its icon.
  3. Click the Exceptions tab.
  4. Check the checkboxes for File and Printer Sharing.
  5. To close the Windows Firewall screen, click OK.
  6. Launch Administrative Tools by double-clicking on its icon.
  7. Launch Local Security Policy by double-clicking on its icon.
    The Local Security Settings screen opens.
  8. In the left panel, click Local Policies.
    The main panel refreshes to show relevant settings.
  9. Scroll down to Network access: Sharing and security model for local accounts.
  10. Double click this setting.
  11. Change the value to Classic – local users authenticate as themselves.
  12. To save the changes, click OK.
  13. Close the Local Security Settings window, the Administrative Tools window, and the Control Panel.


If your company’s Internet access is controlled by a firewall or other access-limiting device, you must grant access for Malwarebytes Management Console to reach Malwarebytes services. These are: 

https://data.service.malwarebytes.org/

Port443

outbound

https://data-cdn.mbamupdates.com/

Port443

outbound

https://hubble.mb-cosmos.com/

Port443

outbound

https://*.mwbsys.com

Port443

outbound

https://telemetry.malwarebytes.com/

Port443

outbound

Currently Supported Log Types

Type

Product Version

Supported Schema Fields

Malware Messages

1.8.0.3443

deviceVersion, port, process, threatName, severity, dvchost, deviceDnsDomain, deviceMacAddress, dvc, act, outcome, suser, fname, filePath, sourceServiceName

Parsed Metadata Fields

Malwarebytes Endpoint Security CEF Field Name

LogRhythm Metadata Field

Value/Data Type

act

<action>

Text/String

deviceDnsDomain

<domain>

Text/String

deviceMacAddress

<smac>

Text/String

deviceVersion

<version>

Text/String

dvc

<sip>

Text/String

dvchost

<sname>

Text/String

filePath

<object>

Text/String

fname

<objectname>

Text/String

N/A

<threatname>

Text/String

outcome

<result>

Text/String

port

<sport>

Number

process

<process>

Text/String

severity

<severity>

Text/String

sourceServiceName

<parentprocessname>

Text/String

suser

<login>

Text/String

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close