SOCFortress Integrations — BitDefender EndPoint Protection

2 min readJul 25, 2023


SOCFortress integration and visualization tools allow security analysts the visualization and triage of BitDefender security events using a single pane of glass.

About BitDefender

Bitdefender EPP includes advanced antivirus and internet security software to protect users from a wide range of cyber threats.

BitDefender products are available for various platforms, including Windows, macOS, Android, and iOS.

Some key features and offerings of Bitdefender’s security solutions include:

  • Antivirus Protection: Antivirus engine to scan and detect viruses, malware, spyware, and other threats.
  • Advanced Threat Defense: Behavioral analysis and machine learning to detect and block emerging and sophisticated threats.
  • Ransomware Protection: Safeguard against ransomware attacks.
  • Firewall: Monitors and controls incoming and outgoing network traffic to protect against unauthorized.
  • Safe Online Banking and Shopping: Secure browsing and protection to ensure a safe online shopping and banking experience.

Ingesting BitDefender Security Events (“gz-evpsc” connector)

Ingesting BitDefender security events leverages cagz-evpsc service. As part of this implementation, this service can forward the CEF ingested events to a remote syslog.

The connector uses the POST method to receive authenticated and secured messages from the GravityZone Event Push Service. It parses the message and then forwards it to a local or a remote Syslog server.

The configuration script is used to configure the config.json file. This file holds the <LISTENINGPORT> <SYSLOGFORWARDPORT> <TRANSPORT> <TARGET> <AUTH> <CONFIG_FILENAME>

By default, the config script creates self signed certificates for the HTTPS connector server. For better security, certificates obtained from a certificate authority can be used.

Once the HTTPS collector service is running and listening for messages, you can configure Control Center to send events to the above-defined URL: https://your_web_server_hostname_or_public_IP:port/api

All settings for Event Push Service API are configured via the setPushEventSettings method. For detailed information about these settings, refer to BitDefender documentation.

Visualizations and Events Details

BitDender Alerts:

Events histogram:

BitDefender Events Table:

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.


Contact Us:




SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).