Bitdefender GravityZone Integration

Overview

Bitdefender GravityZone provides unified endpoint security with advanced threat analytics and risk management. KYRA MDR collects GravityZone events via the API or syslog integration for centralized endpoint monitoring.

Prerequisites

• A KYRA MDR Collector installed and running
• Bitdefender GravityZone Control Center access
• API key with Event Push Service permissions
• Network connectivity from GravityZone to the collector

Configuration

Configure event push in Bitdefender GravityZone:

1. Log in to the GravityZone Control Center
2. Navigate to Configuration > Event Push Service Settings
3. Enable the Event Push Service
4. Configure the syslog destination:

Server Address: <collector-ip>
Port: 514
Protocol: TCP
Format: CEF
Event Types: All security events

5. Click Save

For API-based collection:

collector-config.yaml

sources:
  - type: bitdefender
    api_url: https://<cloud-region>.gravityzone.bitdefender.com/api
    api_key: <api-key>
    poll_interval: 60s

Collected Log Types

Log Type	Description	Security Use
Malware	Malware detection and cleanup	Endpoint threat protection
Advanced Threat	Behavioral detection events	Advanced threat detection
HyperDetect	ML-based threat detections	Zero-day protection
Firewall	Endpoint firewall events	Network security monitoring
Content Control	Web filtering events	Web security policy
Device Control	Removable device events	Data exfiltration prevention

Troubleshooting

Event Push not working: Verify the Event Push Service is enabled and the destination address is reachable.

Missing HyperDetect events: HyperDetect requires GravityZone Enterprise or Ultra licenses.

API pagination: The GravityZone API returns paginated results. The collector handles pagination automatically.

Contact kyra@seekerslab.com for support.