Skip to main content


The Dashboards page provides you with several tabs that offer an overview of your company, all relevant activity, recent security events, and more.

  1. Company selection. Company selector for which you want to display information.

  2. Date selection. Selector for a predetermined time interval, relative to the current time:

    • Last 24 hours.

    • Last 7 days.

    • Last 30 days.

  3. Info button - hyperlink to the knowledge base article relevant for the page displayed.

  4. Notifications. Allows you to configure notification settings for your company.

  5. Org. Summary. A high-level overview of endpoint and license status, incidents, investigations, and recommendations for all your managed companies.

  6. Overview. General information about the overall security status of your company and the most recent relevant events.

  7. MDR service. Statistics, lists and information regarding all recent Bitdefender MDR activity performed by the SOC team.

  8. Agent actions. An overview of alerts, incidents and threats that resulted from agent actions.

  9. Configuration. General company information broken down per operating system.

Org. Summary


The Org. Summary dashboard shows how many organizations are monitored and the total number of endpoints across those organizations, along with how many organizations have licenses expiring soon (or already expired).

The sections are presented in the order that they appear in the console, from top to bottom. The page is separated by title blocks for their respective data sets.

  1. Managed companies. Shows the total number of companies that you manage.


    Click the title to view Companies page.

  2. Monitored endpoints. Shows the total number of endpoints you manage. This includes both the endpoints in your company and the companies you manage that have the security agent installed.

  3. Top investigations. Shows the highest number of investigations by type.

    For more information on investigation types, refer to Investigations.


    • Click the title to view the Investigations page.

    • Click a specific investigation type from the list to go to the Investigation page, which displays only the type of investigation you have selected.

  4. License Status. Displays the number of used and available licenses in your company.

  5. Recent incidents. Displays the five most recent incidents reported in your managed companies. The following information is displayed for each incident:

    • Date and time of occurrence

    • Company where the incident occurred

    • Investigation code

    • Description of incident


    Click any entry to go to the Reports page.

  6. Top customers with recommendations. Displays the companies that have received the most recommendations.


    • Click the title to access the Recommendations page

    • Click on a specific company from the list will also take you to the page and filter out the results to display only the recommendations for the company you have selected.

  7. Top customers with open tickets. Displays the companies with the highest number of open tickets.


    • Click the title to view the Tickets page.

    • Click on a specific company from the list will also take you to the page and filter out the results to display only the tickets for the company you have selected.

  8. Top customers with investigations. Displays the companies with the highest number of ongoing investigations.


    • Click the title to view the Investigations page.

    • Click on a specific company from the list will also take you to the page and filter out the results to display only the investigations for the company you have selected.



The Overview dashboard gives you a high-level view across your environment, starting with the number of licenses and monitored endpoints, a glance at the types of threats to the environment, as well as the endpoints and users who are being impacted the most.

  1. Total licenses. Shows the total number of seats available for your license.

  2. Monitored endpoints. Number of endpoints protected by Bitdefender services and currently monitored by Bitdefender MDR.

  3. Active incidents. Number of incidents which may derive from alerts in overly vulnerable environments.

  4. Open recommendations. Number of recommendations that are currently open.


    Click on the text to go to the Recommendations page.

  5. Activity summary. Provides an overview of the most common types of activity detected on your environment over a specific period, depending on the date selection you opted for.


    Hovering over any of the columns, provides an additional tool tip with useful information.

    From left to right, each column indicates the following:

    • Environment telemetry - the number of events registered in the environment.

    • Suspicious events - the number of alerts generated from the total events registered in the first column. If you have have purchased an XDR for MDR add-on, the Suspicious events bar will have hover data showing counts for EDR alerts and for XDR alerts.

    • Human analysis - the number of alerts from the previous column which resulted in investigations and threat hunts.

    • Analysis outcome - based on the human analysis, this column indicates the number of actions taken and recommendations.

    • Incidents - number of incidents resulted from the investigations.

  6. Activity trend. Provides a timeline in the form of a a line chart of when the investigations took place and it's comprised of the following variables:

    • Investigations

    • Incidents

    • Hunts

  7. Recent activity. Lists the most recent investigations, along with a timestamp and a brief description.


    Click on one of the items listed to access the Investigations page.

  8. Recent documents. Lists the most recent documents, along with a timestamp and the document type. Each document will open in a separate page, depending on the document type listed.

  9. Top investigation categories. Shows the highest number of incidents, per category.


    Click on one of the items listed to access the Investigations page.

  10. Top impacted users. Displays a list of users with the highest number of related alerts.

  11. Top endpoints by alerts. Displays a list of endpoints with the highest number of related alerts.

Bitdefender MDR Service


The Bitdefender MDR Service dashboard focuses on the actions taken by the SOC team on your behalf.

  1. Active investigations. Number of currently ongoing investigations.

  2. Pending response. Indicates an action you need to take in the form of a recommendation or a pre-approved action which has not yet been pre-approved and needs a response for SOC to take a certain action on your behalf. For example: quarantine an endpoint or delete a file.

  3. Mean time to acknowledge. The average time required for an alert to result in the initiation of action.

  4. Investigation severity trend. A list of incidents, organized per severity rating and a graph showing a timeline of recent investigations.

  5. Hunt outcomes. A graph providing a breakdown of recent hunt results which can lead to actions and recommendations. The results are displayed in two columns:

    • Targeted - results from the base line of your environment created during onboarding. Original threat line created.

    • Risk-based - results based on external threat intelligence. For example, a new threat actor.

  6. Recent investigations. Summary of the recent investigations.

  7. Recent hunts. A list of recent hunts showing information about the hunt type, and a summary of that specific hunt along with action taken and recommendation, if any applicable.

  8. Top investigation categories. Shows the highest number of incidents, grouped by category.

  9. Top investigation hosts. Displays the hosts which were included in most of the investigations.

  10. Top investigation signature names. Displays the signatures detected most during the investigations.

XDR for MDR add-ons

The following license bar is displayed on the MDR Portal Dashboard:

  • Overview dashboard for Premium and Enterprise customers.

  • Service dashboard for Foundations customers.


XDR add-ons:

  • XDR for MDR – Cloud

  • XDR for MDR – Network

  • XDR for MDR – Productivity

  • XDR for MDR – Identity


For each of those four that the you have purchased, the icon and label will be in color. If you do not have a specific add-on and you hover over the icon and label, you will see a text box that says “You don’t have this add-on yet”.

Agent actions


The Agent actions dashboard provides a summary of what type of alerts are coming from the endpoint agent, including how many and what types of responses the agent was able to make.

  1. Alerts Shows the number of alerts created by agents on endpoints.

  2. Agent actions. Shows the number of automatically actions taken, based on that number of alerts.

  3. Most mitigated threats. Shows the most common addressed threats along with threat type and number of occurrences.

  4. Alert trend. Shows the evolution of alerts triggered in the selected time interval. The trend may follow a weekly pattern, high during the working days, and low during non-working days.

  5. Top alerts. Displays the highest number of alerts by type.

  6. Automatic actions trend. Provides an overview of actions taken by the agent. For example:

    • Block

    • Block and Disinfect

    • Delete

    • Quarantine

    • Disinfect Only

    • Malicious process killed


  1. Total licenses. Shows the total number of seats available for your license.

  2. Licensed endpoints. Shows the current number endpoints consuming a license seat.

    If this number is higher than you expect or close to the license limit, you can review the list of protected endpoints in GravityZone and reclaim licenses from endpoints that no longer need them.

  3. Monitored endpoints. Shows the number of endpoints for which the SOC has received telemetry in the last 30 days. 

    This number will be different from the number of monitored endpoints in the GravityZone endpoint status widget as this widget may include endpoints that are offline and not currently active in GravityZone.

  4. Active endpoints. Indicates the number of endpoints for which the SOC has received telemetry for the period of time selected in the console (24 hours, 7 days, or 30 days). 

    This number refers to the number of endpoints that are active within Bitdefender MDR by sending telemetry, and it may be different to the number of endpoints active in GravityZone as reflected in the GravityZone endpoint status widget.

  5. Endpoints by OS trend. This widget shows the number of active endpoints in the your environment over the period of time specified by the dashboard time selector, grouped by operating system.

  6. Endpoints by OS. Displays all endpoints, grouped per installed operating system.

  7. Status of deployment. Displays the overall progress of:

    • Onboarding.This widget tracks the progression of the setup and configuration of infrastructure within the Bitdefender environment so that endpoints can be monitored. The onboarding process consists of four phases:

      1. Phase 1 - Customer enrollment

        A request is sent to the Bitdefender MDR SOC containing all necessary licensing and company information for enrollment. A new account is created and configured in the SOC automation platform and the Bitdefender MDR Portal.

      2. Phase 2: Integration with Bitdefender MDR

        Telemetry ingest is set up. This involves updating your GravityZone policy, setting up the telemetry gateways within the SOC, and adding the company to our SIEM.

        As a result, we will be able to collect your events and alerts once GravityZone has been deployed on your environment.


        Onboarding may stall in this phase if:

        • You have not activated your license. 

        • You do not have the Your Bitdefender partner can assist you with security management option enabled in GravityZone.

        • Your company still has a trial or proof of concept trial assigned.

      3. Phase 3: Access to Bitdefender MDR Portal

        In this phase your account is updated withing the SOC’s automation platform and a new user is created for the Bitdefender MDR Portal. The user is created for the contact listed in the GravityZone platform.

        An activation email will be sent to the email address of the new Bitdefender MDR Portal user. The content of the email will be customized based on the information that is provided at the time of onboarding.

      4. Phase 4: Commencement of monitoring

        This phase represents the end of the onboarding process and the beginning of SOC monitoring.

        The SOC automation system notifies the billing system that monitoring has begun. A welcome email is sent to the Bitdefender MDR Portal user created in phase 3.


      Once all steps are complete, the status for the Onboarding widget will change from Onboarding to Onboarded. This indicates that the Bitdefender MDR service is active and ready to process telemetry from your endpoints.

    • Deployment. This widget tracks the status of deployment within your environment.  It shows the establishment of the telemetry pipeline, which assures that events and alerts from your endpoints can reach the Bitdefender MDR service.

      There are four key milestones:

      • Establish licensing

      • Business Security Enterprise agent detected

      • EDR enabled

      • Agent sending telemetry

      Once at least one endpoint in your company meets the milestone, the widget shows a check mark for the milestone.


      Once all of these items are in place, the Deployment widget will transition from Deploying to Active.

      In addition, the widget shows the percentage of your company's endpoints that are currently active in the GravityZone console which are monitored by the Bitdefender MDR Security Operations Center.

  8. GravityZone endpoint status. This widget provides a breakdown of all your company's endpoints that are active in the GravityZone console, based on whether or not (and why) they are monitored by Bitdefender MDR.

    The widget displays the following information:

    • The center shows the total number of active endpoints available in the GravityZone console.

      This is the number of your endpoints that are currently online or that have synchronized with GravityZone within the time period of the dashboard.

    • Monitored by MDR - The total number of endpoints monitored by Bitdefender MDR.

      This number reflects the number of your endpoints that are currently active in GravityZone and from which the SOC is receiving telemetry.

    The rest of the endpoints are split into the following categories, based on what configuration issue is preventing them from being monitored by Bitdefender MDR:

    • Telemetry issues - the endpoint is not sending telemetry information to the Security Operations Center. Please contact support to resolve this issue.

    • EDR issues - the endpoint does not have EDR deployed or enabled. You can resolve this issue within GravityZone.

    • License issues - the endpoint is not licensed or that the license has expired. You can resolve this issue within GravityZone.

    • Other issues - any issue not included in the above categories. You should contact support for assistance in resolving this issue.


    Clicking on any of the items in the widget will download a list containing information on all the endpoints that are included under that category.