ThreatConnect and Malwarebytes Nebula: Make Your Cloud-Based EDR SOAR

ThreatConnect is pleased to deliver a Playbook app for joint customers to leverage Malwarebytes Nebula. Malwarebytes Nebula is a cloud-hosted security operations platform that allows you to manage control of any malware or ransomware incident. With this Playbook App, you can take immediate action to investigate, stop, and remediate potential threats at the endpoint based on external threat intelligence.

Malwarebytes Nebula Playbook App

The following use cases are now available:

  • Improve Detection and Prevention – As part of a security process, a common use case is to deploy new high-risk indicators and signatures from ThreatConnect to Malwarebytes Nebula Block List anytime a new threat is received. By automating this process, you ensure a timely stream of intelligence so that your team has all the information needed to make fast,  informed decisions.
  • Alert Triage – As part of a security process, you can download recent detections from Malwarebytes Nebula and run them against validated Threat Intelligence within ThreatConnect. Upon matching, update detection information with further context to prioritize alert triage.
  • Endpoint Investigation – As part of an analysis, execute endpoint investigations and automate necessary response actions. Response actions include endpoint scans to gather context about a given endpoint to make investigations more efficient.
  • Endpoint Containment and Remediation – As part of a security process, take actions such as isolating or unisolating the endpoint, network, or hosts through Playbooks automation.
  • Threat Hunting – As part of a security process, use results from Malwarebytes Nebula to engage in Threat Hunting with Playbooks. The Playbook retrieves sandbox results, correlates with intelligence sources, and requests Malwarebytes Nebula to find and block the malicious endpoints.

The following actions are available:

  • Get Endpoint Info – Get info about an endpoint.
  • Get Endpoint Scan Detections – Get suspicious activity of an endpoint.
  • Get Job Status – Get the status of a job.
  • Isolate Endpoint – Isolate an endpoint. You can specify the extent of your isolation. Can be any combination of desktop, network, or process.
  • Scan Endpoint – Issue a scan on the target endpoint(machine).
  • Unisolate Endpoint – Removes desktop, network, and process isolation from the endpoint.
  • Advanced Request – Make advanced requests against any Nebula API endpoint.

Together, ThreatConnect and Malwarebytes help customers to protect their endpoints from sophisticated attacks. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on deploying the Malwarebytes Nebula app. If you’re not yet a customer and are interested in ThreatConnect and this integration, contact us at sales@threatconnect.com.

Jeff Quist
About the Author
Jeff Quist

Jeff Quist, Product Marketing Manager at ThreatConnect, has 9 years of experience in Sales, Marketing, Product Management, and Product Marketing, mainly in technology and financial services. His professional experience and empathy for customers and partners help him to develop engaging marketing content and empower sales teams. Jeff lives in New York City and in his free time, he enjoys sketching, reading sci-fi novels, and supporting the Boston Bruins.

Share

Subscribe