ThreatDown OneView
Version: 1.0
Updated: Mar 7, 2025
Malwarebytes ThreatDown OneView (MBOV) provides your business with a powerful and affordable security management platform that gives security teams maximum control. OneView streamlines endpoint security management by providing out-of-the-box security policies, scans, and remediation.
Actions
- Create Exclusion (Containment) - Create Exclusion.
- Create Policy (Containment) - Create policy.
- Delete Exclusion (Containment) - Delete exclusion by ID.
- Delete Policy (Containment) - Delete policy by ID.
- Get Account Info (Enrichment) - Retrieve Account Info.
- Get Endpoint (Enrichment) - Retrieve a single ID by its universally unique identifier.
- Get Endpoint Status (Enrichment) - Get the status of an endpoint.
- Get Exclusion (Enrichment) - Get exclusion by ID.
- Get Job Status (Enrichment) - Get details about an issued job by ID.
- Get Policy (Enrichment) - Get policy by ID.
- Get Suspicious Activity (Enrichment) - Fetch suspicious activity of an endpoint.
- Issue Job (Containment) - Issue a job (scan endpoint, restart endpoint, check for updates).
- List Detections (Enrichment) - Search detections.
- List Policies (Enrichment) - Retrieve a list of policies.
- List Sites (Enrichment) - Retrieves a list of all sites associated with the account.
- List Vulnerabilities (Enrichment) - Search CVE grouped by a specific field.
- Remediate Activity (Containment) - Remediate suspicious activity of an endpoint.
- Search Endpoints (Enrichment) - Search all endpoints, or search either the alias or the host name of a fully qualified host name.
- Update Exclusion (Containment) - Update Exclusion by ID.
- Update Policy (Containment) - Update policy.
Category
Threat Intelligence Reputation
ThreatDown OneView configuration
Generate API credentials
Create API credentials from your Malwarebytes account:
- Sign in to Malwarebytes with your Malwarebytes account.
- Click Integrate.
- Click "+" to create credentials.
- Give a name to the application.
- Select the required access.
When configuring credentials for the integration, permissions can be set to Read, Write, and Execute. While it's possible to grant only the required permissions based on your use case, we recommend assigning all three permissions during credential creation. This ensures full compatibility with all available actions in the integration and avoids permission-related failures in the future.
The minimum required permissions vary based on the type of actions being performed:- Enrichment actions
- These actions only retrieve data.
- Required Permission: Read
- Containment actions
- These actions perform changes or take action on endpoints.
- Required Permissions: Write and Execute
- Enrichment actions
- After this you will get an Client ID and Client Secret. Copy the Client ID and Client Secret.
Configure ThreatDown OneView in Automation Service and Cloud SOAR
Before you can use the integration, you must configure it so that the vendor can communicate with Sumo Logic. For general guidance, see Configure Authentication for Integrations.
- Access App Central and install the integration.
- Select the installed integration in the Integrations page.
Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations. - Select the integration.
- Hover over the resource name and click the Edit button that appears.
- In the Add Resource dialog, enter the authentication needed by the resource. When done, click TEST to test the configuration, and click SAVE to save the configuration.
- Label. Add a name for the resource.
- URL. Enter your ThreatDown OneView site URL.
- Client ID. Enter your Client ID.
- Client Secret. Enter your Client Secret.
For information about ThreatDown OneView, see ThreatDown OneView documentation.
Change Log
- March 7, 2025 - First upload