Step by step

Before you begin, you’ll need:

Generate Bitdefender GravityZone API key
  • Log in to your Bitdefender GravityZone Control Center.
  • Click the username in the upper-right corner and select My Account.
  • Go to API keys and click + Add (top left).
  • Enable Event Push Service API and REST API.
  • Click Save.
Copy the Bitdefender GravityZone API Access URL

Open Control Center API and copy the Access URL. Keep it handy for the following steps.

It is needed to replace the placeholder <<ACCESS_URL>> below.

Copy Bitdefender API ACCESS URL

Encode the API Key in Base64

Open a MAC or linux terminal. Run the echo command with the new API Key created in the previous section.

echo -n "API_Key:" | base64

Sample response (shortened for simplicity): AeFgjU5N0Eg4rRMwFGG=AeFgjU5N0Eg4rRMwFGG=

Copy the encoded API Kay. Keep it handy for the next step. It is needed to replace the placeholder <<ENCODED_API_KEY_BASE_64>> below.

Configure event push settings

Use a CURL command to configure Bitdefender event push settings.

Edit the placeholders before running the command:

curl -k -X POST
<<ACCESS_URL>>/v1.0/jsonrpc/push
-H 'authorization: Basic <<ENCODED_API_KEY_BASE_64>>'
-H 'cache-control: no-cache'
-H 'content-type: application/json'
-d '{"params": {"status": 1,"serviceType": "cef","serviceSettings": {"url": "https://<<LISTENER-HOST>>:8071?token=<<SHIPPING-TOKEN>>&type=bitdefender_grzone","requireValidSslCertificate": false,"authorization": "Basic <<ENCODED_API_KEY_BASE_64>>"},"subscribeToEventTypes": {"adcloud":true,"antiexploit":true,"aph":true,"av":true,"avc":true,"dp":true,"endpoint-moved-in":true,"endpoint-moved-out":true,"exchange-malware":true,"exchange-user-credentials":true,"fw":true,"hd":true,"hwid-change":true,"install":true,"modules":true,"network-monitor":true,"network-sandboxing":true,"new-incident":true,"registration":true,"supa-update-status":true,"sva":true,"sva-load":true,"task-status":true,"troubleshooting-activity":true,"uc":true,"uninstall":true}},"jsonrpc": "2.0","method": "setPushEventSettings","id": "1"}'
Placeholders to replace
  • <<ACCESS_URL>> - Replace with the Access URL copied in a previous step.
  • <<ENCODED_API_KEY_BASE_64>>- Replace with the encoded key returned in the previous step. (Do NOT delete the term basic. It belongs there.)
  • Replace <<LISTENER-HOST>> with your region’s listener host (for example, listener.logz.io). For more information on finding your account’s region, see Account region.
  • Replace <<SHIPPING-TOKEN>> with the token of the account you want to ship to.
Expected returned value

The returned value should look like this:

{"id":"1","jsonrpc":"2.0","result":true}
Contact support to request custom parsing assistance

The logs will require customized parsing so they can be effectively mapped in Kibana. Email Logz.io Support to request custom parsing assistance.