Skip to main content

Integrating with IntelliZone and accessing threat intelligence data

Bitdefender IntelliZone is an easy-to-use solution designed to assist security professionals in proactively identifying, monitoring, and mitigating cyber-threats. It provides threat intelligence data and access to Bitdefender’s next-generation malware analysis service.

Companies that use IntelliZone can also benefit from an integration with GravityZone. This provides GravityZone users that are investigating XDR incidents to pivot to the IntelliZone console and view additional information on specific threat actors or indicators of compromise.

Requirements

  • A GravityZone yearly license.

  • Access to the EDR and XDR features.

  • Your license key must not expire in the next 30 days.

Getting access to IntelliZone

To get access to the IntelliZone console follow the steps below:

  1. Log in to GravityZone with your administrator account.

  2. Click the product_trials_icon_262792_en.png button on the upper right side of the console to access the In Product Trials Hub page.

  3. Select Learn more under the IntelliZone section.

    IZ_integration_2_957021_en.png

    The Advanced Threat Intelligence page is displayed.

  4. Select Contact us.

    Depending on various eligibility factors, this will either automatically enroll you in the trial, or a sales representative will contact you.

    Once the process is complete, you will receive an onboarding email containing a link that you can use to activate your account and set up your login credentials.

    IZ_integration_957021_en.png
  5. Click Activate now and set up your login credentials.

    Once the activation is complete, this will also automatically integrate your new IntelliZone account with GravityZone.

  6. Log in to the IntelliZone console.

Note

Enrolling for a product trial is also available from the General: Company website, however this will not automatically integrate the account with GravityZone.

Benefiting from the added functionality

Once your IntelliZone account has been activated, the integration will allow you to pivot from organizational incidents to the IntelliZone console. This will provide you with additional information regarding the actor involved in the incident or any related indicators of compromise.

This feature is available in the Organization Incident Overview, in the following situations:

  • When viewing the Suspected actors section. To access the feature, click the Search in IntelliZone icon.

    IZ_integration_3_957021_en.png
  • When viewing the IoC details side panel. To access the feature, click the menu button on the right side of the IoC you want to search for, and select Search in IntelliZone:

    IZ_integration_4_957021_en.png

    Note

    This feature is available only for these IoC types: MD5, SHA256, URL, IP, and domain.

For more information on the Organization Incident Overview, refer to this kb article.

Important

All GravityZone users with the View and Analyze data rights will be able to use this feature, however, you will need to create user accounts for them in the IntelliZone console.

Creating additional IntelliZone users

Once your IntelliZone account has been activated and you have logged in to the console, you can set up additional accounts following this process:

  1. Log in to IntelliZone with your administrator account.

  2. Go to the Users page and click the Add user button.

    The Add new user window is displayed.

  3. Fill in the user information.

    IZ_integration_5_957021_en.png

    Important

    When creating IntelliZone users, assign the same email address used to create the user's GravityZone account.

  4. Click Add user.

    An automatic email will be sent to the email address assigned to the user containing an activation link. Once the account is activated, the user will be able to access the console and the associated features in the GravityZone console.