I need help with the splunk side of the dashboard, I have setup the syslog server in the cloud and added a machine as the communication endpoint. the machine onsite has the universal forwarder installed and have configured the port and config on the endpoint and the cloud, but i cannot get any info into Splunk. I have installed the technical add-on for MalwareBytes as well as the Malwarebytes App for Splunk. within the data inputs i have configured the forwarded inputs UDP which selected the MWB:Cloud from the list and says its successful but nothing will show on the dashboard at all none of the endpoints. Anyone got this working?
We have configured the MalwareBytes Cloud portal syslog and used a PC that is always on as the endpoint communication device with the UDP port of 10516 due to port availability. We have installed the forwarder onto the PC to send to the Syslog server as normal but it only seems to be sending the windows event logs nothing to do with Malwarebytes. so it looks like the Cloud is not sending anything to the PC for some reason?
all resolved
I know I'm late but, any idea what was done to resolve this? We're having this exact same issue.