Overview
When configured, the Blumira integration with Malwarebytes will stream server and workstation endpoint security event logs and alerts to the Blumira service for threat detection and actionable response.
Required: You must have version 1.6.0 or higher of the Malwarebytes Management Console. See Upgrade the Malwarebytes Management Console for upgrade instructions.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Gather the IP address of your Blumira sensor to use when configuring the external service.
To find and copy the IP address of the sensor, do the following:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- In the Overview section, next to Host Details, copy the IP address.
Sending Malwarebytes log data to Blumira
Configure Malwarebytes to export log data to a Syslog server—your Blumira sensor—by completing these steps:
- Log in to the Malwarebytes Management Console.
- Click the Admin pane.
- Click the Syslog Server tab.
- Click Change.
- Check Enable Syslog.
-
Enter the following information:
- Syslog Server: the IP address or Hostname of your Blumira sensor
- Port: the port you’d like to use for Syslog traffic from your Management Server
- Protocol: select to use either TCP or UDP protocol
- Facility: the Facility you’d like Malwarebytes information to appear in Syslog as
- Severity: the Severity you’d like Malwarebytes information to appear in Syslog as
- Click OK.
Reference: Configure the Management Console to connect to a Syslog server