Malwarebytes Nebula

  • Updated on Mar 4, 2025
  • Published on Jul 20, 2023
Prev Next
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Malwarebytes Nebula Events

✅

malwarebytes_nebula_events

NDJSON

API

Malwarebytes Nebula Detections

✅

✅

malwarebytes_nebula_detections

NDJSON

API

Overview

imageMalwarebytes is an anti-malware software for Microsoft Windows, macOS, ChromeOS, Android, and iOS that finds and removes malware.

Integrating Malwarebytes Nebula into Hunters allows the collection and ingestion of key data types into the data lake. Furthermore, alerts will be created over the logs, auto-investigated and correlated to other related signals.

Supported data types

Malwarebytes Nebula Events

Table name: malwarebytes_nebula_events

Recorded activities and incidents detected by the platform across the network's endpoints. These events can range from detections of malware and potentially unwanted programs (PUPs) to indications of attempted exploits and ransomware activity.

Malwarebytes Nebula Detections

Table name: malwarebytes_nebula_detections

Specific instances when the platform identifies and flags malicious software, suspicious activities, or potentially unwanted programs (PUPs) across an organization's endpoints. Built on the robust Malwarebytes cybersecurity framework, Nebula is designed to offer comprehensive endpoint protection and remediation services, leveraging advanced technologies like anomaly detection, behavior matching, and application hardening to protect against a wide spectrum of cyber threats.

Send data to Hunters

Hunters supports the collection of logs from Malwarebytes Nebula using API.

To connect Malwarebytes Nebula logs:

  1. Follow these guidelines to acquire an API token from Malwarebytes Nebula.

    📘Note

    Use the read scope for the API permissions.

  2. Acquire the following information from Malwarebytes Nebula:

    • Client ID - for example  mwb-cloud-12344321abcddcba12344321abcddcba

    • Account ID - for example  abcdef12-5467-ffff-aaaa-abcdef12adda

    • Client Secret - for example  abcdeedcbaff6abcdeedcbaff6abcdeedcbaff6abcdeedcbaff6abcdeedcbaff6

  3. Complete the process on the Hunters platform, following this guide.

Expected format

Logs are expected in JSON format.

Malwarebytes Nebula Events Sample

{"id": "a1m7bf01-1ec9-4606-8e11-kj3fe94cd57b", "machine_name": "slkhg5pfq05n.local", "machine_id": "86447a-6200-4ced-b118-0101b4bc1997", "user_id": "00000000-0000-0000-0000-000000000000", "source": 5, "source_name": "scan.threat", "type": 62, "type_name": "scheduled.threat.scan.success", "friendly_type": "scheduled.threat.scan.success", "severity": 4, "severity_name": "information", "details": {"scan_id": "32a422e3-be2a-5207-8e9a-4230e3662709", "schedule_id": "19fe7138-b8a7-42fe-9d4f-0904c13c0b18", "schedule_name": "Daily Threat Scan - Clients", "schedule_command_data": "{\"scan_settings\": {\"type\": \"ThreatScan\", \"remove\": true}, \"schedule_for_mac\": true, \"mac_scan_settings\": {\"remove\": true, \"pup_detection\": \"Detect\"}, \"schedule_for_linux\": false, \"linux_scan_settings\": {}, \"schedule_for_chrome\": true, \"schedule_for_android\": true, \"schedule_for_windows\": true}"}, "timestamp": "2023-01-01T19:22:26.45453Z"}

Malwarebytes Nebula Detections Sample

{"path": "C:\\USERS\\USER\\APPDATA\\LOCAL\\GOOGLE\\CHROME\\USER DATA\\Profile 1\\Preferences", "type": [ "file" ], "status": "quarantined", "trace_id": "abc124-ebc1-5788-a958-abc124-15a0-11ee-9a24-abc124", "group_id": "abc124-9d60-4b1b-abc124-f31594ce7457", "id": "abc124-abc124-51a9-b9c7-c45f871c363e", "is_root_detection": true, "threat_name": "Trojan.ChromeHijacker.D", "scan_id": "abc124-ebc1-abc124-a958-5041f4db9ace", "machine_id": "abc124abc124-d503-44b6-8801-8590ec3256ca", "account_id": "abc124abc124-abc124-49f2-a113-aaa64f7b4a87", "detection_id": "abc124-abc124-11ee-9a24-4851c506cdda", "scanned_at": "2023-06-28T10:38:27Z", "scanned_at_offset_seconds": 3600, "reported_at": "2023-06-28T10:45:07.865552397Z", "category": "MALWARE", "is_rtp_stream_event": false, "md5": "ABCDABC2442B377C0520F0EA31234ABC", "sha256": "ABCDABC7743B44039F70F54BBE4C6CCA84000033735A9CA9E8A464201DD12345", "cleaned_at": "2023-06-28T10:38:27Z", "machine_name": "ABCD123.EFGH654.LOCAL", "machine_ip": "1.10.11.12", "child_trace_count": 0, "account": { "parent": "45f2649c-59ff-49f2-a113-aaa64f7b4a87", "name": "Booking.com Transport Limited", "deleted": false }, "last_user": "ABCDVELJIGSAW\\USER"}