Skip to main content
Download the Buyer’s Guide for Cyber Risk Quantification Solutions
Download Guide
Request a Demo

ThreatConnect and Malwarebytes Nebula: Make Your Cloud-Based EDR SOAR

ThreatConnect is pleased to deliver a Playbook app for joint customers to leverage Malwarebytes Nebula. Malwarebytes Nebula is a cloud-hosted security operations platform that allows you to manage control of any malware or ransomware incident. With this Playbook App, you can take immediate action to investigate, stop, and remediate potential threats at the endpoint based on external threat intelligence.

Malwarebytes Nebula Playbook App

The following use cases are now available:

  • Improve Detection and Prevention – As part of a security process, a common use case is to deploy new high-risk indicators and signatures from ThreatConnect to Malwarebytes Nebula Block List anytime a new threat is received. By automating this process, you ensure a timely stream of intelligence so that your team has all the information needed to make fast,  informed decisions.
  • Alert Triage – As part of a security process, you can download recent detections from Malwarebytes Nebula and run them against validated Threat Intelligence within ThreatConnect. Upon matching, update detection information with further context to prioritize alert triage.
  • Endpoint Investigation – As part of an analysis, execute endpoint investigations and automate necessary response actions. Response actions include endpoint scans to gather context about a given endpoint to make investigations more efficient.
  • Endpoint Containment and Remediation – As part of a security process, take actions such as isolating or unisolating the endpoint, network, or hosts through Playbooks automation.
  • Threat Hunting – As part of a security process, use results from Malwarebytes Nebula to engage in Threat Hunting with Playbooks. The Playbook retrieves sandbox results, correlates with intelligence sources, and requests Malwarebytes Nebula to find and block the malicious endpoints.

The following actions are available:

  • Get Endpoint Info – Get info about an endpoint.
  • Get Endpoint Scan Detections – Get suspicious activity of an endpoint.
  • Get Job Status – Get the status of a job.
  • Isolate Endpoint – Isolate an endpoint. You can specify the extent of your isolation. Can be any combination of desktop, network, or process.
  • Scan Endpoint – Issue a scan on the target endpoint(machine).
  • Unisolate Endpoint – Removes desktop, network, and process isolation from the endpoint.
  • Advanced Request – Make advanced requests against any Nebula API endpoint.

Together, ThreatConnect and Malwarebytes help customers to protect their endpoints from sophisticated attacks. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on deploying the Malwarebytes Nebula app. If you’re not yet a customer and are interested in ThreatConnect and this integration, contact us at

About the Author


By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at