Skip to main content

eXtended Detection and Response (XDR)

The eXtended Detection and Response (XDR) feature is a cross-company event correlation component, capable of detecting advanced attacks across multiple endpoints in hybrid infrastructures (workstations, servers or containers, running various OS). As part of our comprehensive and integrated Environment Protection Platform, XDR brings together device intelligence across your enterprise network. This solution comes in aid of your incident response teams' effort to investigate and respond to advanced threats.

To access the XDR feature, if your company is not already using it, your main license is changed to GravityZone Business Security Enterprise during the course of the trial.

Product_Trials_XDR_BSE_429722_en.png

You can add sensors to XDR to enrich incident data and get better data correlation. Separate licenses are required for adding sensors related to network, identity providers, cloud workloads and productivity apps.

During the trial, additional licenses are added automatically so you can integrate all available sensors. They are grouped by the type of data they process: network, identity providers, cloud workloads, and productivity apps. There are four types of licenses available:

  • Bitdefender XDR Sensor - Cloud: this license allows integration with the AWS sensor and the Azure Cloud sensor.

  • Bitdefender XDR Sensor - Identity: this license allows integration with the Active Directory sensor, the Azure AD sensor, and the Microsoft Intune sensor.

  • Bitdefender XDR Sensor - Network: this license allows integration with the Network sensor.

  • Bitdefender XDR Sensor - Productivity: this license allows integration with the Office 365 sensors and the Google Workspace sensor.

Each sensor type is available as an add-on, which, when added to your company is listed next to your main license:

Product_Trials_XDR_add_ons_429722_en.png

Note

Any sensor licenses previously not available to your company are added for the duration of the trial.

Start the trial

To start the trial, follow the steps below:

  1. Log in to GravityZone with your administrator account.

  2. Click the product_trials_icon_262792_en.png button on the upper right side of the console to access the In Product Trials page.

  3. Select Learn more under the GravityZone XDR section.

  4. Select Start free trial.

Your company's licensing status will be updated to match your new product. You will be redirected the home page where you will see the new sections in GravityZone available to you.

Note

To revert to your previous license key, you can use the Stop Trial button. Learn more.

Configure and install XDR (if not previously available)

Important

We recommend trying out the new features on a limited set of endpoints. This is most easily done by creating a new policy and applying it to the endpoints selected for testing.

To start using these new features, follow the steps below:

Preparing and deploying policies
  1. Log in to GravityZone Control Center.

  2. Go to the Policies page from the left side menu.

  3. You can either:

    • Create a new policy.

    • Edit one of your existing policies.

  4. Under Incident Sensor, enable the module.

  5. Save your policy.

  6. If you created a new policy, apply it to the endpoints you want to test it on.

    If you edited an existing policy, the changes will take place on all endpoints it was applied to.

This will allow you to enable the newly available features on all selected endpoints.

Creating a reconfigure client task to deploy the EDR module
  1. Log in to GravityZone Control Center.

  2. Go to the Network page from the left side menu and select the endpoints you wish to deploy the module on.

  3. Click the Tasks button and select Reconfigure client.

  4. Under Modules select Add and enable EDR Sensor.

    Note

    For more information on using the Reconfigure client task refer to Reconfigure agent.

  5. Click Save.

    The task will now deploy the EDR sensor on all selected endpoints.

Add sensors to XDR to enrich incident data and get better data correlation.

To fully benefit from all possible sources of data, you will have to integrate all available sensor types. To set up your sensors, follow the steps below:

  1. Read the information in this article to better familiarize yourself with the available sensor types and what types of integration your require for your network.

  2. Follow the steps in this article to integrate your sensors. Installation and configuration

Test out the new features

Viewing and interpreting detections

You can view the detected threats and more information about them in one of these two sections:

  • Incidents - this page helps you filter, investigate and take actions on all security events detected by Incidents Sensor over a specific time interval. Learn more

  • Search - this page allows you to browse for past security events by using complex search criteria. You can choose which events GravityZone processes by going to Configuration > Raw Events. Learn more

Note

For more testing scenarios please refer to our XDR onboarding guide.

Tip

Read more about detections and EDR/XDR technology in our TechZone article.

Stop the trial

To stop the trial, follow the steps below:

  1. Log in to GravityZone with your administrator account.

  2. Click the product_trials_icon_262792_en.png button on the upper right side of the console to access the In Product Trials page.

  3. Select Learn more under the GravityZone Business Security Enterprise section.

  4. Select Stop trial.

Your company's licensing will revert to the previous state and all additional features will be disabled.