Overview
When configured, the Blumira integration with Malwarebytes will stream server and workstation endpoint security event logs and alerts to the Blumira service for threat detection and actionable response.
Required: You must have version 1.6.0 or higher of the Malwarebytes Management Console. See Upgrade the Malwarebytes Management Console for upgrade instructions.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Obtain the IP address of your Blumira sensor to use when configuring the external service.
To gather the IP address of the sensor:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- Under Overview, in the Host Details box, copy the IP value.
Sending Malwarebytes log data to Blumira
Configure Malwarebytes to export log data to a Syslog server—your Blumira sensor—by completing these steps:
- Log in to the Malwarebytes Management Console.
- Click the Admin pane.
- Click the Syslog Server tab.
- Click Change.
- Check Enable Syslog.
-
Enter the following information:
- Syslog Server: the IP address or Hostname of your Blumira sensor
- Port: the port you’d like to use for Syslog traffic from your Management Server
- Protocol: select to use either TCP or UDP protocol
- Facility: the Facility you’d like Malwarebytes information to appear in Syslog as
- Severity: the Severity you’d like Malwarebytes information to appear in Syslog as
- Click OK.
Reference: Configure the Management Console to connect to a Syslog server