Security Events
The Security Events section displays information regarding detections made by Bitdefender protection modules and relies on the Event Push Service API from GravityZone Control Center.
Double-click clients, locations and computers in ConnectWise Automate Control Center to view the Security Events section in the Bitdefender GravityZone tab of the corresponding screens.
The following security events are available with the Bitdefender Plugin:
Advanced Threat Control
Advanced Anti-Exploit
Antimalware
Antiphishing
Endpoint Detection and Response
Firewall
Hyper Detect
Network Attack Defense
Ransomware Mitigation
Sandbox Analyzer
Web Traffic Scan
Each event corresponds to an alert you can configure in Tools > Bitdefender GravityZone > Configuration > Alert Settings.
Security events also have associated monitors. For details on how to operate them, refer to Monitors.
Advanced Threat Control
This page displays information regarding detections made by the Advanced Threat Control module. It includes details such as:
Computer name
Process path
Exploit type
Process status
When the threat was last blocked
Advanced Anti-Exploit
This page displays information regarding detections by the Advanced Anti-Exploit module. It includes details such as:
Computer name
Technique
Action taken on the exploited process
Process ID
Process path
Parent process ID
Parent process path
CVE
Detection time
Antimalware
This page displays information regarding detections made by the Antimalware module. It includes details such as:
Computer name
Malware name
Malware type
Infection status
Infected file name
Detection time
Antiphishing
This page displays information regarding detections made by the Content Control module. It includes details such as:
Computer name
Threat type
URL
Status
Timestamp
Endpoint Detection and Response
This page displays information regarding incidents monitored and reported by the Endpoint Detection and Response module. The main details include:
Location (available in the Client screen)
Computer name (available in the Client and Location screens)
Incident ID
Detection name
ATT&CK techniques
Severity
Main action taken
Last time the incident was updated with new information
Reporting on EDR incidents is much more complex. You can find all the details in the tickets generated by these incidents in the Service Desk > Tickets section of the ConnectWise Automate Control Center. Learn how tickets are generated in ConnectWise Automate and ConnectWise Manage in this article.
Firewall
This page displays information regarding detection made by the Firewall module. It includes the following details:
Status
Source IP
Port
Application path
Protocol
Date when the threat was last blocked
Hyper Detect
This page displays information regarding detections made by the Hyper Detect module. It includes the following details:
Location
Computer name
Malware type
Malware name
File path
Fileless attack (yes or no)
Attack type
Status (action taken)
Detection time
Network Attack Defense
This page displays information regarding detections made by the Network Attack Defense module. It includes details such as:
Computer name
Attack technique
Detection name
Victim’s IP address
Attacker’s IP address
Port
Action taken by Bitdefender
Ransomware Mitigation
This page displays information regarding detections made by the Antimalware module. It includes details such as:
Computer name
Attack type
Ransomware source
The number of encrypted files
Detection time
Sandbox Analyzer
This page displays information regarding detections made by the Sandbox Analyzer module. It includes the following details:
Threat type
File path
File size
Remediation action
Detection time
Web Traffic Scan
This page displays information regarding detections made by the Content Control module. It includes details such as:
Computer name
Threat type
URL
Timestamp
Access to website