When configured, the Blumira integration with Malwarebytes will stream server and workstation endpoint security event logs and alerts to the Blumira service for threat detection and actionable response.
Before you begin
You will need to have version 1.6.0 or higher of the Malwarebytes Management Console. See Upgrade the Malwarebytes Management Console for upgrade instructions.
Also, determine the Blumira sensor you will use as a Syslog server to collect Malwarebytes log data. On the sensor's detail screen, under Host Details, copy the IP address of your Blumira sensor to use in later steps.
Sending Malwarebytes log data to Blumira
Configure Malwarebytes to export log data to a Syslog server—your Blumira sensor—by completing these steps:
- Log in to the Malwarebytes Management Console.
- Click the Admin pane.
- Click the Syslog Server tab.
- Click Change.
- Check Enable Syslog.
- Enter the following information:
- Syslog Server: the IP address or Hostname of your Blumira sensor
- Port: the port you’d like to use for Syslog traffic from your Management Server
- Protocol: select to use either TCP or UDP protocol
- Facility: the Facility you’d like Malwarebytes information to appear in Syslog as
- Severity: the Severity you’d like Malwarebytes information to appear in Syslog as
- Click OK.