MalwareBytes ThreatDown (previously Malwarebytes Endpoint Protection) is a cloud-based security platform that combines detection and remediation technologies into a single cloud-managed agent.
Configuring the Connector for Malwarebytes Endpoint Protection #
To configure Lucidum to ingest data from Malwarebytes Endpoint Protection:
-
Log in to Lucidum.
-
In the left pane, click Connector.
-
In the Connector page, click Add Connector.
-
Scroll until you find the Connector you want to configure. Click Connect. The Settings page appears.
-
In the Settings page, enter the following:
-
Host (required). The hostname of API server for Malwarebytes. For example, api.malwarebytes.com.
-
Client ID (required). Client ID for a Malwarebytes Endpoint Protection account that has read access to API data. To generate the client ID and client secret:
-
Log in to the Nebula console
-
Go to Settings > APIs & Integrations.
-
Click Add
-
Enter the application name. For example, lucidum.
-
Select the scope read.
-
Click Save.
-
Copy the client ID and client secret from the OAuth page.
-
-
Client Secret (required). Client secret for an application in Malwarebytes Endpoint Protection account that has read access to API data.
-
Account ID (required). Account ID for your Malwarebytes Endpoint Protection account. To find the account ID, log in to Nebula. The URL includes your account ID: https://cloud.malwarebytes.com/<account ID>/dashboard
-
API Version (optional). Version of the API for Malwarebytes Endpoint Protection. Default version is “v1”.
-
-
To test the configuration, click Test.
-
If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.
-
If the connector is not configured correctly, Lucidum displays an error message.
-
