Bitdefender B2B Help Center

Security Events

The Security Events section displays information regarding detections made by Bitdefender protection modules and relies on the Event Push Service API from GravityZone Control Center.

img20-events-atc.png

The following security events are available with the Bitdefender Plugin:

  • Advanced Threat Control

  • Advanced Anti-Exploit

  • Antimalware

  • Antiphishing

  • Endpoint Detection and Response

  • Hyper Detect

  • Network Attack Defense

  • Ransomware Mitigation

  • Web Traffic Scan

Each event corresponds to an alert you can configure in Tools > Bitdefender GravityZone > Configuration > Alert Settings.

Security events also have associated monitors. For details on how to operate them, refer to Monitors.

The Security Events section is available on the Client, Location and Computer screens.

Advanced Threat Control

This page displays information regarding to detections made by the Advanced Threat Control module. It includes details such as:

  • Computer name

  • Process path

  • Exploit type

  • Process status

  • When the threat was last blocked

Advanced Anti-Exploit

This page displays information regarding to detections by the Advanced Anti-Exploit module. It includes details such as:

  • Computer name

  • Technique

  • Action taken on the exploited process

  • Process ID

  • Process path

  • Parent process ID

  • Parent process path

  • CVE

  • Detection time

Antimalware

This page displays information regarding to detections made by the Antimalware module. It includes details such as:

  • Computer name

  • Malware name

  • Malware type

  • Infection status

  • Infected file name

  • Detection time

Antiphishing

This page displays information regarding to detections made by the Content Control module. It includes details such as:

  • Computer name

  • Threat type

  • URL

  • Status

  • Timestamp

Endpoint Detection and Response

This page displays information regarding incidents monitored and reported by the Endpoint Detection and Response module. The main details include:

  • Location (available in the Client screen)

  • Computer name (available in the Client and Location screens)

  • Incident ID

  • Detection name

  • ATT&CK techniques

  • Severity

  • Main action taken

  • Last time the incident was updated with new information

Reporting on EDR incidents is much more complex. You can find all the details in the tickets generated by these incidents in the Service Desk > Tickets section of the ConnectWse Automate Control Center. Learn how tickets are generated in ConnectWise Automate and ConnectWise Manage in this article.

Hyper Detect

This page displays information regarding to detections made by the Hyper Detect module. It includes the following details:

  • Location

  • Computer name

  • Malware type

  • Malware name

  • File path

  • Fileless attack (yes or no)

  • Attack type

  • Status (action taken)

  • Detection time

Network Attack Defense

This page displays information regarding to detections made by the Network Attack Defense module. It includes details such as:

  • Computer name

  • Attack technique

  • Detection name

  • Victim’s IP address

  • Attacker’s IP address

  • Port

  • Action taken by Bitdefender

Ransomware Mitigation

This page displays information regarding to detections made by the Antimalware module. It includes details such as:

  • Computer name

  • Attack type

  • Ransomware source

  • The number of encrypted files

  • Detection time

Web Traffic Scan

This page displays information regarding to detections made by the Content Control module. It includes details such as:

  • Computer name

  • Threat type

  • URL

  • Timestamp

  • Access to website

In this section: