SOCFortress Integrations — BitDefender EndPoint Protection

SOCFortress
2 min readJul 25, 2023

Intro

SOCFortress integration and visualization tools allow security analysts the visualization and triage of BitDefender security events using a single pane of glass.

About BitDefender

Bitdefender EPP includes advanced antivirus and internet security software to protect users from a wide range of cyber threats.

BitDefender products are available for various platforms, including Windows, macOS, Android, and iOS.

Some key features and offerings of Bitdefender’s security solutions include:

  • Antivirus Protection: Antivirus engine to scan and detect viruses, malware, spyware, and other threats.
  • Advanced Threat Defense: Behavioral analysis and machine learning to detect and block emerging and sophisticated threats.
  • Ransomware Protection: Safeguard against ransomware attacks.
  • Firewall: Monitors and controls incoming and outgoing network traffic to protect against unauthorized.
  • Safe Online Banking and Shopping: Secure browsing and protection to ensure a safe online shopping and banking experience.

Ingesting BitDefender Security Events (“gz-evpsc” connector)

Ingesting BitDefender security events leverages cagz-evpsc service. As part of this implementation, this service can forward the CEF ingested events to a remote syslog.

The connector uses the POST method to receive authenticated and secured messages from the GravityZone Event Push Service. It parses the message and then forwards it to a local or a remote Syslog server.

The configuration script is used to configure the config.json file. This file holds the <LISTENINGPORT> <SYSLOGFORWARDPORT> <TRANSPORT> <TARGET> <AUTH> <CONFIG_FILENAME>

By default, the config script creates self signed certificates for the HTTPS connector server. For better security, certificates obtained from a certificate authority can be used.

Once the HTTPS collector service is running and listening for messages, you can configure Control Center to send events to the above-defined URL: https://your_web_server_hostname_or_public_IP:port/api

All settings for Event Push Service API are configured via the setPushEventSettings method. For detailed information about these settings, refer to BitDefender documentation.

Visualizations and Events Details

BitDender Alerts:

Events histogram:

BitDefender Events Table:

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Contact Us: https://www.socfortress.co/contact_form.html

--

--

SOCFortress

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).