The Malwarebytes Nebula server collects a rich set of information from the endpoints and a common request we get is to turn this data into useful information. Malwarebytes provides a complete set of RESTful APIs for this purpose. The Management Console uses these same APIs to extract the data. However, it does require some scripting and technical work to make the data useful.
To make this easier for our customers, we have introduced the Malwarebytes Excel Add-in, which provides easy access to import data directly into Microsoft Excel.
- An account on the Malwarebytes Nebula server (https://cloud.malwarebytes.com).
- Microsoft Excel 2010, 2013, 2016, 2019, or Office 365 on Windows.
- (The add-in does not work on macOS because it uses Windows-specific Microsoft Office features)
- .NET Framework v4.5.2.
Download and install the Add-in. The latest version is v3.5.0.
This is a user community shared utility.
Please post questions and comments on this Forum thread.
- Extract and import most of the Malwarebytes Nebula server objects
- Endpoints / Machines
- Details for Malwarebytes agent information
- Details for endpoint assets such as memory, disk drives
- Details for software installed
- Detections / Threats
- Suspicious Activities
- Events, Groups, Tasks / Jobs
- Others - Exceptions, Users, Policies, Schedules
- Endpoints / Machines
- Perform bulk actions
- Take action against scan needed endpoints
- Take action against remediation required endpoints
- Delete endpoints that are offline for any number of days
- Delete duplicate endpoints
- Move endpoints to a different group
- Restore or remove quarantine data
- Remediate and close Suspicious Activities
- Load exclusions
- Generate a summary report in HTML and PDF, and email to recipients
- Schedule the summary report for automated email delivery (Watch the 3-min video)
- Detection data imported from the Nebula server.
- Pivot tables and charts are created for some key objects.
- HTML and PDF summary report generated.
The latest version is v3.5.0
- v3.5.0 (2022-11-17)
- Added Auto Update feature
- Using new public API to retrieve data for Asset Info, Installed Software, and Updates Installed
- Fixed bug where automation returns an error (0x800A03EC) when Excel sheet is in Edit Mode
- v3.3.8 (2022-10-08)
- Fixed bug in Task Import not mapping the correct command names
- Added a new option to import Endpoint data using the new API that provides Protection Status information.
- v3.3.7 (2022-07-02)
- Recreated logic to calculate Protection Status to align with Nebula console
- Fixed bug in retrieving Agent Info when IP address is missing (reported by Austin P.)
- Fixed bug in importing bulk exclusion (reported by Kenny N.)
- v3.3.6 (2022-06-12)
- Fixed bug in Policy comparison where "Require Uninstall Password" and "Inactive Endpoints" are not correctly calculated
- v3.3.5 (2022-04-10)
- Added exporting Vulnerability and Patch Management data
- v3.3.4 (2022-02-14)
- Fixed bug where Excel does not ask to save modified worksheet after using the Add-in.
- v3.3.3 (2021-over some months)
- Added support to compare and import/export policies
- v3.3.0 (2021-04-27)
- Added Windows OS proxy support
- Fixed bug on the Close or Remediate Suspicious Activity page
- Added double-buffering to speed up datagridviews in different Windows (Delete Endpoints, Duplicate Endpoints)
- v3.2.8 (2021-03-16)
- Added better support to filter and paging in the Quarantines restore/delete section
- v3.1.1 (2019-12-19)
- Added support to find and delete endpoints by name
- Added support to move endpoints to a different group by name
- v3.1.0 (2019-12-03)
- Supports Two-Factor Authentication login
- Added trending indicators for summary reports
- Maximum number of rows to create zebra stripes set to 10,000 to ensure performance
- v3.0.11 (2019-11-04)
- Added feature to add groups in bulk to a schedule
- Fixed error HRESULT: 0x80070057 importing any objects, caused by region formatting
- v3.0.9 (2019-10-08)
- Added endpoint export for Updates Installed
- v3.0.8 (2019-09-27)
- Added feature to change policy for groups in bulk
- Added user-agent string to all requests so that the backend can identify requests
- v3.0 (2019-08-01)
- Added Scheduled Reports
- Added Asset Information import
- Added URL links to endpoints
- v2.7 (2019-06-24)
- Added feature to delete duplicate endpoints.
- v2.6 (2019-06-12)
- Supports OneView login.
- Added support to bulk remediate or close Suspicious Activities.
- Fixed bug with failed install when AppData is a remote file share.
- Fixed Scan Results not showing local date time.
- v2.5 (2019-04-07)
- Added new import for endpoint scan statuses. Note the useful column to see scan duration.
- Added the ability to move endpoints to a different group in bulk.
- Fixed Bulk Load Exclusions due to changes in the back-end. Now supports adding exclusions by policies.
- v2.4 (2019-03-13)
- Confirmed support for Excel 2019.
- Added column "No of Schedules" in Groups to help identify groups with no threat scans scheduled.
- Added selection list for Bulk Exclusions for common 3rd Party security software.
- v1.2 (2018-July) - First release.
- The installation folder is located in the following user appdata directory.
- C:\Users\[user-name]\AppData\Roaming\Malwarebytes\Malwarebytes Excel Add-in [version]
- The installation logs are located in the following directory. They are useful to determine the reasons why the add-in might not have been attached to Excel correctly.
- C:\Users\[user-name]\AppData\Local\Temp\Malwarebytes Excel Add-in
- C:\Users\[user-name]\Documents\Add-in Express
- If the Add-in does not show up in the menu for Excel, the first thing to try is to run the setup.exe as Administrator.
- Error login in "Request failed. Received HTTP Accepted".
- This is due to the login account having two-factor authentication enabled. Download version 3.1.0 or greater of the Excel Add-in that supports 2FA.