To view the Malwarebytes Nebula security event data in Rapid7 InsightIDR, create a dashboard and build cards in the InsightIDR console. This article details some sample configurations for dashboard cards.
Create a new dashboard and name it Malwarebytes. Build one or more of the following sample cards.
Threat Category Count card
- In your Malwarebytes dashboard, select Add a card > Build your own.
- In the Add New Card window, complete the fields:
- Under the Logs section, check the boxes for Virus Alert and Malwarebytes.
- Card Name: Threat Category Count
- Time Range: Last 30 Days
- Query: groupby(source_json.extension.cat)
- Visualization Options: Pie Chart
- Click Add Card.
Threat Count by Hostname
- In your Malwarebytes dashboard, select Add a card > Build your own.
- In the Add New Card window, complete the fields:
- Under the Logs section, check the boxes for Virus Alert and Malwarebytes.
- Card Name: Threat Count by Hostname
- Time Range: Last 30 Days
- Query: groupby(source_json.extension.dvchost)
- Visualization Options: Table Data
- Click Add Card.
Event Count by Product card
- In your Malwarebytes dashboard, select Add a card > Build your own.
- In the Add New Card window, complete the fields:
- Under the Logs section, check the boxes for Virus Alert and Malwarebytes.
- Card Name: Event Count by Product
- Time Range: Last 30 Days
- Query: groupby(source_json.header.device_product)
- Visualization Options: Table Data
- Click Add Card.
Threat Count by Threats card
- In your Malwarebytes dashboard, select Add a card > Build your own.
- In the Add New Card window, complete the fields:
- Under the Logs section, check the boxes for Virus Alert and Malwarebytes.
- Card Name: Threat Count by Threats
- Time Range: Last 30 Days
- Query: groupby("source_json.extension.Detection name")
- Visualization Options: Table Data
- Click Add Card.
Return to the Rapid7 InsightIDR and Malwarebytes Nebula integration guide.