Configuring consolidated Network Attack Defense alerts
With the Bitdefender Plugin for ConnectWise Automate integration with GravityZone, you can use the Bitdefender GravityZone Network Attack Defense Event (Consolidated) alert template to aggregate multiple Network Attack Defense events into a single ticket.
This is how the Bitdefender GravityZone Network Attack Defense Event (Consolidated) alert template works:
The alert template triggers a script for the Bitdefender GravityZone - Network Attack Defense Event monitor.
The script consolidates alerts for Network Attack Defense events by the following criteria:
The source IP (attacker's IP) address is the same for all alerts.
The ticket status is New.
If these conditions are met, the script appends any new alerts to the existing ticket. Should one condition not be met, the script creates a new ticket.
The Bitdefender GravityZone Network Attack Defense Event (Consolidated) template is not active by default. To use it, you must follow these configuration steps:
In ConnectWise Automate Control Center, go to Automation > Monitors > Internal Monitors tab.
Double-click to open the Bitdefender GravityZone – Network Attack Defense Event monitor.
Go to the Alerting tab.
Under Alert Config section, select Bitdefender GravityZone Network Attack Defense Event (Consolidated) in the list.
Click Save.
Make sure the monitor is not disabled after changing the template. If disabled, you have to reset it:
Open the Bitdefender GravityZone – Network Attack Defense Event monitor.
Click Reset Monitor.
Close the Monitors window and reopen it again to see Bitdefender GravityZone – Network Attack Defense Event is enabled.