Quick Links

Integrating with Bitdefender

Overview

By integrating Bitdefender GravityZone with Blumira, you can send security logs to Blumira’s cloud-based platform for up to a year of long-term data retention, which is ideal for compliance and cyber insurance use cases. Blumira centralizes GravityZone logs and other logs from different data sources to provide a holistic view of the overall security of your environment.

Before you begin

This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.

Gather the IP address of your Blumira sensor to use when configuring the external service.

To find and copy the IP address of the sensor, do the following:

  1. In Blumira, navigate to Ingestion > Sensors.
  2. Click the sensor row to open the details page.
  3. In the Overview section, next to Host Details, copy the IP address.

Configuring Bitdefender GravityZone to send logs to Blumira

After gathering the IP address of your Blumira sensor, complete the procedures in Bitdefender's Generic integrations for SIEM platforms without HTTPS listeners, transporting via TLS to port 6514.

Important clarifications for the integration

This diagram helps to illustrate the architecture of this log integration:

Below are important notes about the procedure to integrate with GravityZone:

Step Details
Installing the connector

The authentication key <AUTH> in Step 4 of Install the connector is not your SIEM access key; it is an authorization token that GravityZone uses to authenticate to your collector.

You must create this key; it is a customer-supplied value and should be cryptographically strong. Never use example values like XXXXX or dGVzdDp0ZXN0 in production.

Testing the collector

In the cURL test command in Test the connector, if you are testing from the same system that is running your collector, use localhost or 127.0.0.1 instead of your public IP address.

Example: https://localhost:8443/api or https://127.0.0.1:8443/api

Configuring GravityZone push settings
  • When you POST the configuration to GravityZone's API, the url field tells GravityZone where to send logs to your collector.
  • This must be your collector's public-facing IP or FQDN that GravityZone can reach.
  • Use the same public IP for both inbound and outbound NAT on your firewall. Asymmetric routing causes TCP session failures