Overview
When configured, the Blumira integration with Malwarebytes Nebula will stream security event logs to the Blumira service for automated threat detection and actionable response.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Gather the IP address of your Blumira sensor to use when configuring the external service.
To find and copy the IP address of the sensor, do the following:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- In the Overview section, next to Host Details, copy the IP address.
Sending Malwarebytes Nebula log data to Blumira
Configure Malwarebytes Nebula to export log data to a Syslog server—your Blumira sensor—by completing these steps:
- Navigate to Settings > Syslog Logging.
- Click Add. Assign one of your Windows endpoints as the Syslog communication endpoint.
- In the top-right corner, click Syslog Settings.
-
Fill in the following information, then click Save.
- IP Address/Host: type the IP address of your Blumira sensor.
- Port: keep the default value 514.
- Protocol: select either TCP or UDP protocol.
- Severity: select a severity from the list. This determines the Severity of all Malwarebytes events sent to Syslog.
- Minutes: type the preferred number of minutes for the communication interval from Malwarebytes Nebula to Syslog.
- Navigate to Endpoints. Click on the Syslog communication endpoint you assigned in Step 2.
- In the Agent Information section, verify that the Blumira app version number displays. This confirms the Blumira plugin is active on the endpoint.
See additional information in Configure Syslog in Malwarebytes Nebula.