Configure Endpoint Security - Malwarebytes EDR

This article describes the steps required to configure Malwarebytes to send Syslog messages
to the RocketCyber CEF Syslog Collector.

The following steps enable Malwarebytes threat data to be sent to the RocketCyber SOC platform per tenant.

1. Open Malwarebytes (Nebula) console
* If you are using Malwarebytes (OneView) multi-tenant console, navigate to sites and click on 'launch site'. This will grant you access to Nebula where configuration is needed.



2. Navigate to Settings / Syslog Logging
3. Click Add, then Select a 'Windows' endpoint, then click Assign.
4. Click Syslog Settings in top right corner.
5. Fill in required details:

IP Address: x.x.x.x (a Static IP is recommended)
Port: 514 is usually the default, however if you are using the RocketCyber Firewall Analyzer for this organization on the same computing device for SYSLOG collection, we recommend a different port such as 541 or 551
Protocol: UDP is recommended
Severity: 1 was used for testing this integration. This setting determines the Severity of all Malwarebytes events sent to RocketCyber CEF syslog collector.


Communication interval: 5 (minutes) is recommended. * note if this endpoint is offline and/or unable to communicate to the Malwarebytes cloud, data is preserved for 24 hours and then submitted to RocketCyber syslog collector when communication is established. Any data older than 24 hours will not be submitted to the RocketCyber syslog collector.


Next, see Configuring the RocketCyber CEF Syslog Collector if this step has not been performed.

Congratulations, your RocketCyber SOC is now prepared to receive Malwarebytes threat data.


Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section