Directly contact our Support Team

Configure Bitdefender GravityZone source for Sumo Logic

You can view Bitdefender GravityZone data in Sumo Logic.  To collect this type of data, you need to add a source to a Hosted Collector in Sumo Logic and configure the Bitdefender GravityZone APIs.  

Prerequisites

  • Sumo Logic account 

  • Bitdefender GravityZone (cloud) account 

  • Hosted Collector set up on a machine in your Sumo Logic environment 

To collect Bitdefender GravityZone data via its APIs, follow these steps: 

  1. Add source to a Hosted Collector
  2. Access source URL
  3. Generate Bitdefender GravityZone API key
  4. Configure Event Push Service API

Add source to a Hosted Collector

  1. Log in to Sumo Logic. 
  2. Navigate to Manage Data > Collection
  3. Click Add Source next to a Hosted Collector. 
  4. Select HTTP Logs & Metrics
  5. Enter a Name for the source. 
  6. Configure Source details and advanced options for logs. 
    For more information, refer to the following Sumo Logic help article
  7. Click Save to add the source.  
    This source has a unique URL. Bitdefender GravityZone will send its data to this URL after you configure Event Push Service API. 

Access source URL

  1. Navigate to Manage Data > Collection
  2. Find the Hosted Collector by name and click Show URL
  3. Copy the HTTP source address. 

Generate Bitdefender GravityZone API key

  1. Log in to GravityZone Control Center.
  2. Click the username at the upper-right corner and choose My Account
  3. Go to the API keys section and click Add at the top side of the table. 
  4. Enable Event Push Service API
     You can enable other APIs to source more information from Bitdefender GravityZone.
  5. Click Save
    To prevent the leaking of sensitive information, do not share or distribute your own generated API keys.
  6. Copy the Access URL from the Control Center API section. 
    You need this key to configure Event Push Service API. The Access URL is referred to as API/CONTROL_CENTER_APIs_ACCESS_URL in the following step.

Configure Event Push Service API

Follow this procedure to set up the subscription for GravityZone Control Center events that you want to see in Sumo Logic. 

  1. Open a MAC or Linux terminal. 
  2. Run the echo command followed by the Bitdefender GravityZone API key with a colon (":") 
    > echo –n 'Ge9HCYqdU7jIDR90wN0eE1zbB5Snc5HN:' | base64 –w 0

    This encodes the API key in a base64 string.  

    Return value example:

    R2U5SENZcWRVN2pJRFI5MHdOMGVFMXpiQjVTbmM1SE46 

    You will use this encoded string as a token for POST authorization. 

  3. Run the following curl commands and edit the bolded settings:
    curl -k -X POST \
    API/CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/push \
    -H 'authorization: Basic R2U5SENZcWRVN2pJRFI5QndOMGVFMXpiQjVTbmNISE46' \
    -H 'cache-control: no-cache' \
    -H 'content-type: application/json' \
    -d '{"params": {"status": 1,"serviceType": "jsonRPC","serviceSettings": {"url": "SumoLogic URL","requireValidSslCertificate": false},"subscribeToEventTypes": {"modules": true,"sva": true,"registration": true,"supa-update-status": true,"av": true,"aph": true,"fw": true,"avc": true,"uc": true,"dp": true,"hd": true,"sva-load": true,"task-status": true,"exchange-malware": true,"network-sandboxing": true,"adcloud": true,"exchange-user-credentials": true}},"jsonrpc": "2.0","method": "setPushEventSettings","id": "1"}'
    

    Return value example:

    {"id":"1","jsonrpc":"2.0","result":true}
    

    GravityZone starts sending events to Sumo Logic after the Event Push Service settings are reloaded. This happens every 10 minutes.

    This table indicates the event types that GravityZone can send to Sumo Logic.

    Event type identifier Description
    modules Product Modules event
    sva Security Server Status event
    registration Product Registration event
    supa-update-status Outdated Update Server event (where the Update Server is a Relay)
    av Antimalware event
    aph Antiphishing event
    fw Firewall event
    avc ATC/IDS event
    uc User Control event
    dp Data Protection event
    hd Hyper Detect event
    sva-load Overloaded Security Server event
    task-status Task Status event
    exchange-malware Exchange Malware Detection event
    network-sandboxing Sandbox Analyzer Detection
    adcloud Active Directory Integration Issue
    exchange-user-credentials Exchange User Credentials
  4. To start sending events immediately, run the following command and edit the bolded settings:
    curl -k -X POST \
    API/CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/push \
    -H 'authorization: Basic R2U5SENZcWRVN2pJRFI5QndOMGVFMXpiQjVTbmNISE46' \
    -H 'cache-control: no-cache' \
    -H 'content-type: application/json' \
    -d '{"params": {}, "jsonrpc": "2.0", "method": "getPushEventSettings", "id": "2"}' 
    
  5. To test the integration, run the following command and edit the bolded settings:
    curl -k -X POST \
    API/CONTROL_CENTER_APIs_ACCESS_URL/api/v1.0/jsonrpc/push \
    -H 'authorization: Basic R2U5SENZcWRVN2pJRFI5QndOMGVFMXpiQjVTbmNISE46' \
    -H 'cache-control: no-cache' \
    -H 'content-type: application/json' \
    -d '{"params": {"eventType": "av"}, "jsonrpc": "2.0", "method": "sendTestPushEvent", "id": "3"}'
    
    You can now see Bitdefender GravityZone data in Manage Data > Collection

For details about Push Events Service, refer to the GravityZone Cloud API Documentation guide, chapter "Push".


Rate this article:

Submit