EventLog Analyzer collects log data from Malwarebytes and presents it in the form of graphical reports. For the solution to start collecting this log data, the device has to be added as a threat source.
Adding Malwarebytes as a threat source:
To add a Malwarebytes as a threat source, the syslog service has to be configured.
- Log into the Management console of the Malwarebytes device.
- Navigate to the Admin pane and open the Syslog Settings tab.
- Click Change and tick the Enable Syslog check box.
- To export traffic monitoring logs to the EventLog Analyzer server, enter the following details in the space provided:
Click on OK to save.
- Address <EventLog Analyzer server IP address>
- Port <513/514>
- Payload format <CEF>
Once the threat source is added, EventLog Analyzer will start parsing the fields in the logs. This log data can now be viewed in the form of reports.
- In the EventLog Analyzer console, navigate to Settings > Configurations > Manage Threat Source > Add Source
- Click on Existing Host and select the device you had added from the list of existing devices.
- Select the Addon Type from the list.
- Click on Add.
The available reports are:
- Detected Threats
- Quarantined Threats
- Allowed Threats
- Top Threats based on source
- Top Threats based on user
- Top Threats Types
- Top Websites blocked based on source
- Detected Exploits
- Blocked Exploits
- Allowed Exploits
- Top Exploits based on source
- Top Exploits based on user
- Top Exploits types
- Malicious Websites Blocked
- Top Websites Blocked