Skip to main content

Build a Malwarebytes card in Rapid7 InsightIDR

Effective August 18, 2023, the integration between Rapid7 and Nebula has reached its End of Maintenance (EOM). While the integration remains available for use, we would like to inform you that it will no longer receive updates. We encourage you to exercise caution when using this integration, as any use will be at your own risk. We are committed to providing ongoing support for common product usage questions and access to our online articles.

To view the Malwarebytes Nebula security event data in Rapid7 InsightIDR, create a dashboard and build cards in the InsightIDR console. This article details some sample configurations for dashboard cards.

Create a new dashboard and name it Malwarebytes. Build one or more of the following sample cards.

Threat Category Count card

  1. In your Malwarebytes dashboard, select Add a card > Build your own.
  2. In the Add New Card window, complete the fields:
    • Under the Logs section, check the boxes for Virus Alert and Malwarebytes.
    • Card Name: Threat Category Count
    • Time Range: Last 30 Days
    • Query: groupby(source_json.extension.cat)
    • Visualization Options: Pie Chart
  3. Click Add Card.

Threat Count by Hostname

  1. In your Malwarebytes dashboard, select Add a card > Build your own.
  2. In the Add New Card window, complete the fields:
    • Under the Logs section, check the boxes for Virus Alert and Malwarebytes.
    • Card Name: Threat Count by Hostname
    • Time Range: Last 30 Days
    • Query: groupby(source_json.extension.dvchost)
    • Visualization Options: Table Data
  3. Click Add Card.

Event Count by Product card

  1. In your Malwarebytes dashboard, select Add a card > Build your own.
  2. In the Add New Card window, complete the fields:
    • Under the Logs section, check the boxes for Virus Alert and Malwarebytes.
    • Card Name: Event Count by Product
    • Time Range: Last 30 Days 
    • Query: groupby(source_json.header.device_product)
    • Visualization Options: Table Data
  3. Click Add Card.

Threat Count by Threats card

  1. In your Malwarebytes dashboard, select Add a card > Build your own.
  2. In the Add New Card window, complete the fields:
    • Under the Logs section, check the boxes for Virus Alert and Malwarebytes.
    • Card Name: Threat Count by Threats
    • Time Range: Last 30 Days
    • Query: groupby("source_json.extension.Detection name")
    • Visualization Options: Table Data
  3. Click Add Card.

 

Return to the Rapid7 InsightIDR and Malwarebytes Nebula integration guide.

Related articles