Step by step
Before you begin, you’ll need:
- Access to the Bitdefender GravityZone Control Center
- A MAC or Linux Terminal
- An API key for the Bitdefender cloud instance
- A Cloud Access URL for the Bitdefender cloud instance
Generate Bitdefender GravityZone API key
- Log in to your Bitdefender GravityZone Control Center.
- Click the username in the upper-right corner and select My Account.
- Go to API keys and click + Add (top left).
- Enable Event Push Service API and REST API.
- Click Save.
Copy the Bitdefender GravityZone API Access URL
Open Control Center API and copy the Access URL. Keep it handy for the following steps.
It is needed to replace the placeholder <<ACCESS_URL>>
below.
Encode the API Key in Base64
Open a MAC or linux terminal. Run the echo command with the new API Key created in the previous section.
echo -n "API_Key:" | base64
Sample response (shortened for simplicity): AeFgjU5N0Eg4rRMwFGG=AeFgjU5N0Eg4rRMwFGG=
Copy the encoded API Kay. Keep it handy for the next step. It is needed to replace the placeholder <<ENCODED_API_KEY_BASE_64>>
below.
Configure event push settings
Use a CURL command to configure Bitdefender event push settings.
Edit the placeholders before running the command:
curl -k -X POST
<<ACCESS_URL>>/v1.0/jsonrpc/push
-H 'authorization: Basic <<ENCODED_API_KEY_BASE_64>>'
-H 'cache-control: no-cache'
-H 'content-type: application/json'
-d '{"params": {"status": 1,"serviceType": "cef","serviceSettings": {"url": "https://<<LISTENER-HOST>>:8071?token=<<LOG-SHIPPING-TOKEN>>&type=bitdefender_grzone","requireValidSslCertificate": false,"authorization": "Basic <<ENCODED_API_KEY_BASE_64>>"},"subscribeToEventTypes": {"adcloud":true,"antiexploit":true,"aph":true,"av":true,"avc":true,"dp":true,"endpoint-moved-in":true,"endpoint-moved-out":true,"exchange-malware":true,"exchange-user-credentials":true,"fw":true,"hd":true,"hwid-change":true,"install":true,"modules":true,"network-monitor":true,"network-sandboxing":true,"new-incident":true,"registration":true,"supa-update-status":true,"sva":true,"sva-load":true,"task-status":true,"troubleshooting-activity":true,"uc":true,"uninstall":true}},"jsonrpc": "2.0","method": "setPushEventSettings","id": "1"}'
Placeholders to replace
<<ACCESS_URL>>
- Replace with the Access URL copied in a previous step.<<ENCODED_API_KEY_BASE_64>>
- Replace with the encoded key returned in the previous step. (Do NOT delete the termbasic
. It belongs there.)- Replace
<<LISTENER-HOST>>
with your region’s listener host (for example,listener.logz.io
). For more information on finding your account’s region, see Account region. - Replace
<<LOG-SHIPPING-TOKEN>>
with the token of the account you want to ship to.
Expected returned value
The returned value should look like this:
{"id":"1","jsonrpc":"2.0","result":true}
Contact support to request custom parsing assistance
The logs will require customized parsing so they can be effectively mapped in Kibana.
Email our support to request custom parsing assistance.