circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Malwarebytes Run Scan And Quarantine

Malwarebytes Run Scan And Quarantine playbook uses Malwarebytes API for threat investigation. It scans for potential malware in the endpoint and isolates it to prevent the malware from spreading in the system.

1. Trigger - retrieves the IP Address and sys_id from the parent playbook to continue the investigation.

2. API - uses Malwarebytes API and tries to authenticate.

3. If Then - checks if the authentication is successful or not. If it's successful, it continues the investigation. If not, it will get a global parameter.

4. API - uses the API to extract information about the endpoint.

5. Parameters - sets the global parameter Status as Authentication Failed.

6. If Then - checks if the information of the endpoint is extracted. If successful, it continues the investigation. If not, it will get a global parameter.

7. Script - uses Python script to extract endpoint details from API response.

8. Parameters - sets the global parameter Status as Failed.

9. API - uses API to extract information about the endpoint.

10. If Then - checks if the endpoint information is extracted.

11. Format - formats the status parameter to a specific text format.

12. If Then - checks if the global parameter status is equal to success or not.

13. API - uses API to run scan and quarantine the endpoint.

14. Format - formats the endpoint information into a specific text format.

15. Filter - filters the endpoint information by software installed on it.

16. Format - formats the text mentioning endpoint is not found.

17. If Then - checks if the scan is completed successfully.

18. Script - extracts the job_id from the scan.

19. API - uses API to update the endpoint information in the ServiceNow ticket.

20. Script - extracts the installed software in the endpoint.

21. API - uses API to update the ServiceNow ticket with the software list.

22. API - uses API to update the ServiceNow ticket with the Endpoint Not Found message.

23. Parameters - sets the global parameter Scanned to Job_id.

24. Format - formats the Scanned parameter to a specific text format.

25. API - uses API to update the ServiceNow ticket with a scan job message.

26. End - ends the playbook.

Last updated

Was this helpful?