Could you share some sample logs / data?
I'm sure others use MalwareBytes, so it would be interesting to see what could be extracted from the logs.
I know this is old but the Malwarebytes addon/app is helpful - You need to contact them directly but they are more than willing to assist with getting everything configured with you on a call if need be
There are 3
sourcetypes defined in props.conf:
[mwb:cloud] description = Malwarebytes Cloud CEF [mwb:mbbr] description = Malwarebytes Breach Remediation CEF [mwb:mbmc] description = Malwarebytes Management Console CEF
Palo Alto, there are no configurations to split a generic incoming sourceytpe into separate specific sourcetypes (there isn't even a transforms.conf at all). So it appears that if you:
1: "Configure the Management Console to connect to a Syslog server" like this: https://support.malwarebytes.com/docs/DOC-1028 Then you should use "sourcetype=mwb:mbmc" 2: "Configure Syslog in Malwarebytes Cloud Console" like this: https://support.malwarebytes.com/docs/DOC-2811 Then you should use "sourcetype=mwb:cloud" 3: ??? I don't know how to generate the "Malwarebytes Breach Remediation CEF" for "sourcetype=mwb:mbbr"
The documentation on the TA here is of no help:
Has anyone successfully used Malwarebytes addon for getting the data in and being extracted as it shows in the addon?