When configured, the Blumira integration with Malwarebytes Nebula will stream security event logs to the Blumira service for automated threat detection and actionable response.
Before you begin
Determine the Blumira sensor you will use as a Syslog server to collect log data. On the sensor's detail screen, under Host Details, copy the IP address of your Blumira sensor to use in later steps.
Sending Malwarebytes Nebula log data to Blumira
Configure Malwarebytes Nebula to export log data to a Syslog server—your Blumira sensor—by completing these steps:
- Navigate to Settings > Syslog Logging.
- Click Add. Assign one of your Windows endpoints as the Syslog communication endpoint.
- In the top-right corner, click Syslog Settings.
- Fill in the following information, then click Save.
- IP Address/Host: type the IP address of your Blumira sensor.
- Port: keep the default value 514.
- Protocol: select either TCP or UDP protocol.
- Severity: select a severity from the list. This determines the Severity of all Malwarebytes events sent to Syslog.
- Minutes: type the preferred number of minutes for the communication interval from Malwarebytes Nebula to Syslog.
- Navigate to Endpoints. Click on the Syslog communication endpoint you assigned in Step 2.
- In the Agent Information section, verify that the Blumira app version number displays. This confirms the Blumira plugin is active on the endpoint.
See additional information in Configure Syslog in Malwarebytes Nebula.