Bitdefender is an antivirus software. This integration allows you to send Bitdefender logs to your Logz.io SIEM account.

Before you begin, you’ll need:

Generate Bitdefender GravityZone API key
  • Log in to your Bitdefender GravityZone Control Center.
  • Click the username in the upper-right corner and select My Account.
  • Go to API keys and click + Add (top left).
  • Enable Event Push Service API and REST API.
  • Click Save.
Copy the Bitdefender GravityZone API Access URL

Open Control Center API and copy the Access URL. Keep it handy for the following steps.

It is needed to replace the placeholder <<ACCESS_URL>> below.

Copy Bitdefender API ACCESS URL

Encode the API Key in Base64

Open a MAC or linux terminal. Run the echo command with the new API Key created in the previous section.

echo -n "[<API_KEY]>" | base64

Sample response (shortened for simplicity): AeFgjU5N0Eg4rRMwFGG=AeFgjU5N0Eg4rRMwFGG=

Copy the encoded API Kay. Keep it handy for the next step. It is needed to replace the placeholder <<ENCODED_API_KEY_BASE_64>> below.

Configure event push settings

Use a CURL command to configure Bitdefender event push settings.

Edit the placeholders before running the command:

curl -k -X POST
<<ACCESS_URL>>/v1.0/jsonrpc/push
-H 'authorization: Basic <<ENCODED_API_KEY_BASE_64>>'
-H 'cache-control: no-cache'
-H 'content-type: application/json'
-d '{"params": {"status": 1,"serviceType": "cef","serviceSettings": {"url": "https://<<LISTENER-HOST>>:8071?token=<<LOG-SHIPPING-TOKEN>>&type=bitdefender_grzone","requireValidSslCertificate": false,"authorization": "Basic <<ENCODED_API_KEY_BASE_64>>"},"subscribeToEventTypes": {"adcloud":true,"antiexploit":true,"aph":true,"av":true,"avc":true,"dp":true,"endpoint-moved-in":true,"endpoint-moved-out":true,"exchange-malware":true,"exchange-user-credentials":true,"fw":true,"hd":true,"hwid-change":true,"install":true,"modules":true,"network-monitor":true,"network-sandboxing":true,"new-incident":true,"registration":true,"supa-update-status":true,"sva":true,"sva-load":true,"task-status":true,"troubleshooting-activity":true,"uc":true,"uninstall":true}},"jsonrpc": "2.0","method": "setPushEventSettings","id": "1"}'

Replace the placeholders to match your specifics. (They are indicated by the double angle brackets << >>):

  • Replace <<LOG-SHIPPING-TOKEN>> with the token of the account you want to ship to.

  • Replace <<LISTENER-HOST>> with the host for your region. For example, listener.logz.io if your account is hosted on AWS US East, or listener-nl.logz.io if hosted on Azure West Europe. The required port depends whether HTTP or HTTPS is used: HTTP = 8070, HTTPS = 8071.

  • <<ACCESS_URL>>: Replace with the Access URL copied in a previous step.
  • <<ENCODED_API_KEY_BASE_64>>: Replace with the encoded key returned in the previous step. (Do NOT delete the term basic. It belongs there.)
Expected returned value

The returned value should look like this:

{"id":"1","jsonrpc":"2.0","result":true}
Contact support to request custom parsing assistance

The logs will require customized parsing so they can be effectively mapped in Open Search Dashboards.

Email our support to request custom parsing assistance.