Skip to content

Latest commit

 

History

History
74 lines (57 loc) · 2.73 KB

development.md

File metadata and controls

74 lines (57 loc) · 2.73 KB

Development

This integration focuses on Malware Bytes' Nebula and is using Nebula API for interacting with the Nebula platform.

Provider account setup

You can sign up for a trial account by visiting the following link.

Authentication

To get the client id and client secret you first need to create an API key/profile. To do so, login to the cloud platform, select "Settings" from the left side menu, and then click on "APIs & Integrations".

Next click on the "Add" button on the page that just opened, select "Read" access, give it a name if you want and then click "Save". The client ID and client secret will be visible. Note that this is the only time the secret will be visible so it's a perfect opportunity to save it in the env file by following steps.

  1. Create a .env file at the root of this project and set the CLIENT_ID variable to the client ID that you received from the previous step.
CLIENT_ID="client id value"
  1. Set the .env's CLIENT_SECRET variable to the client secret that you received from the previous step as well.
CLIENT_ID="client id value"
CLIENT_SECRET="client secret value"
  1. Next, you need to find your account id value. One way to find is to look at the URL just after logging in to the cloud platform. When you're on the dashboard page, the URL should look like https://cloud.malwarebytes.com/your-account-id/dashboard. Set the .env's ACCOUNT_ID variable to the account id value you find in the URL.
CLIENT_ID="client id value"
CLIENT_SECRET="client secret value"
ACCOUNT_ID="account id value (xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx)"
  1. Finally, you also need to set two additional .env's variables.

One is MIN_SCANNED_SINCE_DAYS which represents the minimum number of days since the last execution time (or now) to use when searching for scanned hosts and agents.

Another is MIN_FINDINGS_SINCE_DAYS which represents the minimum number of days since the last execution time (or now) to use when searching for findings and host detections.

CLIENT_ID="client id value"
CLIENT_SECRET="client secret value"
ACCOUNT_ID="account id value (xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx)"
MIN_SCANNED_SINCE_DAYS="minimum number of days (i.e. 5, 10, 30, etc)"
MIN_FINDINGS_SINCE_DAYS="minimum number of days (i.e. 5, 10, 30, etc)"

After following the above steps, you should now be able to start contributing to this integration. The integration will pull in the INSIGHT_CLIENT_USERNAME, INSIGHT_CLIENT_PASSWORD and INSTANCE_HOSTNAME variables from the .env file and use them when making requests.