To receive Malwarebytes event logs in the IBM® QRadar® console, create a log source for events to populate in the Log Activity section. Follow these steps to configure a dedicated log source in IBM QRadar.
- From your QRadar console, click the Admin tab.
- In the Data Sources section, click Log Sources.
- Click Add.
- Complete the required fields:
- Log Source Name: Enter a name for the log source.
- Log Source Description: Enter a description for the log source.
- Log Source Type: Click the dropdown menu and select the Malwarebytes product name that matches the installed package you imported Install and configure Nebula extension in IBM Qradar.
- Malwarebytes Cloud Remediation
- Malwarebytes Breach Remediation
- Log Source Extension: Select same as "Log Source Type" in this drop down.
- Log Source Identifier: The Log Source Identifier must be the public IP address of the syslog forwarding endpoint configured in Nebula.
- Click Save.
Return to IBM QRadar and Nebula integration guide.