Managed Detection and Response (MDR) must be configured by a Super Admin before the MDR team can monitor your Nebula console activity. A pop-up appears every time a Super Admin logs in without MDR configured. In the pop-up, click Configure MDR settings to get started. If you close the pop-up or need to change your MDR settings, in the top-right, click your display name > Account, and click Settings next to Managed Detection and Response.
MDR Contacts
The MDR team needs Nebula Super Admins to contact when remediation steps are required for a detection or suspicious activity. During emergencies, you may be contacted by phone at any time of the day. Select Super Admins and provide phone numbers for primary, backup, and alternate contacts that the MDR team can communicate with.
Nebula notifications are created for all contacts selected on this page. For more information, see Set up Managed Detection and Response notifications in Nebula.
When deleting a Super Admin who is a MDR contact from the Settings > Users page, you are prompted to select a new MDR contact.
Global Data Protection Regulation requirement
CAUTION - This setting cannot be changed later. Confirm the correct selection is made before clicking Save.
Global Data Protection Regulation (GDPR) is a regulation on data protection and privacy in the European Union (EU) and European Economic Area (EEA). If you have any endpoints protected by Nebula located in the EU or EEA, select Yes. This selection controls where data for MDR is stored.
Remediation authorization
You can choose the level of remediation service provided by the MDR team.
- Malwarebytes managed: The MDR team will remove threats to protect your environment. This does not include rebooting, re-imaging, or other onsite tasks.
- Notification only: The MDR team notifies you of detected threats and provides detailed instructions to perform remediation.
Isolation authorization
Select Yes, authorize to allow MDR analysts to perform isolation on endpoints protected by Endpoint Detection and Response on your behalf. Once the devices are investigated and cleaned, isolation can be removed. Endpoints are automatically rebooted when isolation is removed.
Connect to MDR portal
Once MDR configuration is complete, on the top click the MDR Portal. This generates and connects your MDR account with Nebula. By connecting your accounts, analysts can begin monitoring and send notifications on alerts.
