![]() ![]() It then automatically takes actions to keep businesses running normally, including rolling back malicious changes. Patented machine learning technologies combined with the ability to monitor behavior and detect attack techniques let GravityZone detect, prevent and block threats. GravityZone Security for Virtualized Environmentsīitdefender’s GravityZone Security for Endpoints defeats advanced and sophisticated threats by using an adaptive layered approach.GravityZone Managed Detection and Response (MDR).GravityZone Business Security Enterprise." Push Notifications", which provides a summary of push notifications received within the search window. There are two dashboards available as part of the integration, "security-container-update-available": true, "OTHERWISE DELETE THE ENTIRE subscribeToCompanies NODE TO GET EVERYTHING" "AND YOU WANT TO LIMIT THE SUBSCRIPTION TO ONLY SOME COMPANIES", "COMPANY IDS HERE IF YOU HAVE A MULTI TENANT ENVIRONMENT", header 'Authorization: Basic TE9MX05JQ0VfVFJZOgo=' \ header 'Content-Type: application/json' \ If you have sufficient privileges you will see the "API keys" section near the bottom of the page. Navigate to your account details within the GravityZone portal. you may wish to (probably should) create API keys for functions such as push notifications under a non-human/software service account that will never retire or be made redundant. A named human account may not be desirable, e.g. The API key needed to configure push notifications, and collection push notification configuration state and statistics, is typically configured within the BitDefender GravityZone cloud portal hereīear in mind the API key will be associated to the account you create it from. However, at the time of writing this is out of date and the screenshots the vendor provides do not accurately describe what you will need to do. The vendor documentation is available here. Click to open this image in fullscreen mode Create a BitDefender GravityZone API key that can configure a push notification service ![]() Click on Add BitDefender GravityZone button to add BitDefender GravityZone integration.Click on "BitDefender GravityZone" integration from the search results.In "Search for integrations" search bar type GravityZone.In Kibana go to Management > Integrations.Configuration Enabling the integration in Elastic The integration can also collect the push notification configuration and statistics by polling the BitDefender GravityZone API. The "qradar" format appears to be plain Newline Delimited JSON and is the format this integration expects by default, however the ingest pipeline will attempt to detect if "splunk" format events have been received. The package collects BitDefender GravityZone push notification transported events sent in "qradar" format or "splunk" format. This integration supports BitDefender GravityZone, which is the business oriented product set sold by BitDefender.īitDefender products for home users are not supported. This allows you to search, observe and visualize the BitDefender GravityZone events through Elastic, trigger alerts and monitor the BitDefender GravityZone Push Notification service for state and errors.įor more information about BitDefender GravityZone, refer to BitDefender GravityZone and read the Public API - Push documentation. This is very useful for MSP/MSSP environments or for large organisations with multiple sub-organisations. BitDefender company ID to your own company name/description mapping, in order to determine to which tenant the event relates to in a human friendly way.Support for multiple instances of the integration, which may be needed for MSP/MSSP scenarios where multiple BitDefender GravityZone tenants exist.Collection of push notification statistics via API polling, which includes the number of events sent, and counters for errors of different types, which you may wish to use to troubleshoot lost push notification events and for alerting purposes.This is useful as the state may change to disabled (value of 0) for unknown reasons and you may wish to alert on this event. indicating if it is currently enabled or disabled. Collection of push notification configuration via API polling, which includes the "state" of the push notification service on the BitDefender GravityZone server, e.g.Quick start: Get application traces into the Elastic StackīitDefender GravityZone supports SIEM integration using "push notifications", which are JSON messages sent via HTTP POST to a HTTP or HTTPS endpoint, which this integration can consume.Quick start: Get logs, metrics, and uptime data into the Elastic Stack.See the integrations quick start guides to get started: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |