Integrity Monitoring
Integrity Monitoring reviews and validates changes made on Windows and Linux endpoints to assess the integrity of multiple entities.
Integrity Monitoring operates based on default rules, provided by Bitdefender, and custom rules. These rules are available in the Policies > Integrity Monitoring Rules page of the Control Center .
Based on these rules, Integrity Monitoring takes action when events are generated for files, folders, registry entries, users, services and installed software. These events are displayed on the Reports > Integrity Monitoring Events page of the Control Center.
The product is available as an add-on, which, when added to your company is listed next to your main license:
The product gives your company access to the following benefits:
Monitor Beyond Files - Monitor beyond files and gain additional insights of multiple entities such as directories, registries, installed apps and user escalation of privilege.
Change & Risk Management - Identify meaningful configuration changes in real time which might indicate an integrity incident or event.
Operational Efficiency - Actionable recommendations tied to rules allowing teams to act to events reduce time and effort in identifying anomalies.
Start the trial
To start the trial, follow the steps below:
Log in to GravityZone with your administrator account.
Click the button on the upper right side of the console to access the Products hub page.
Select Learn more under the Integrity Monitoring section.
Select Start free trial.
The add-on will be added to your company's list of licenses as a separate product. You will be redirected the home page where you will see the new sections in GravityZone available to you.
Note
To remove the Integrity Monitoring license key, you can use the Stop Trial button. Learn more
Configure and install the new feature
Important
We recommend trying out the new feature on a limited set of endpoints. This is most easily done by creating a new policy and applying it to the endpoints selected for testing.
To start using this feature, follow the steps below:
Log in to GravityZone Control Center.
Go to the Policies page from the left side menu.
You can either:
Under Integrity monitoring enable and configure the module.
Save your policy.
If you created a new policy, apply it to the endpoints you want to test it on.
If you edited an existing policy, the changes will take place on all endpoints it was applied to.
This will allow you to enable the newly available features on all selected enpdoints.
Log in to GravityZone Control Center.
Go to the Network page from the left side menu and select the endpoints you wish to deploy the module on.
Click the Tasks button and select Reconfigure agent.
Under Modules select Add and enable the Integrity Monitoring module.
Note
For more information on using the Reconfigure client task refer to Reconfigure agent.
Click Save.
The task will now deploy the Integrity Monitoring module on all selected endpoints.
Test out the feature
Use the steps provided under Preparing and deploying policies to create a new rule that performs a specific action.
For example, you can create a specific rule, for a specific path on your endpoint, that quarantines all new files with the
.exe
extension:Go to Integrity Monitoring Rules > Custom rules > Actions > New rule.
Apply the following settings:
Under OS applicability, select an applicable Operating System.
Under Keys. add a file path and the extension of the files you want your rule to apply to.
Click the Add button:
Under Monitoring scope, select File was created and select the Move to quarantine action from the drop down menu on the right.
Click Save.
Simulate the circumstances that you designed the rule to trigger for.
For the above example, create a
.exe
file under theC:\Testing Integrity Monitoring
file path. This will cause the file to be moved under quarantine.
You can find all the files that were sent into quarantine by going to the Quarantine page.
Log in to GravityZone Control Center.
Go to the Quarantine page from the left side menu.
Apply the filters required for the files and period you are looking for.
Explore the results.
Stop the trial
To stop the trial, follow the steps below:
Log in to GravityZone with your administrator account.
Click the button on the upper right side of the console to access the Products hub page.
Select Learn more under the Integrity Monitoring section.
Select Stop trial.
The product will be removed from your company and all additional features will be disabled.