Skip to main content

XDR installation

The following requirements need to be met for XDR to work on an endpoint, correlate endpoint events, and generate incidents:

  • The BEST agent needs to be installed on the endpoint with the EDR Sensor module enabled.

    If your endpoints already have the BEST agent deployed, you can use a Reconfigure agent task to add the module to the endpoint. For more information, refer to Reconfigure client.

    If no agent is installed, you will need to use an installation package to deploy BEST on your endpoints along with all required modules. For more information, refer to Install security agents - standard procedure.

  • A policy needs to be applied to the endpoint that has the feature enabled in the Incident Sensors page.

    For information on how to enable the feature for a specific policy, refer to Incidents sensor.

  • Each Sensor needs to be integrated with your GravityZone account for data to be received.

  • A license that includes the XDR feature. On it's own, the XDR feature provides Endpoint to Endpoint correlation, and gathers data from endpoint nodes.

    You require licenses for integrating additional sensors. They are grouped by the type of data they process: network, identity providers, cloud workloads, and productivity apps. There are four types of licenses available:

    • Bitdefender XDR Sensor - Cloud: this license allows integration with the AWS sensor and the Azure Cloud sensor.

    • Bitdefender XDR Sensor - Identity: this license allows integration with the Active Directory sensor, the Azure AD sensor, and the Microsoft Intune sensor.

    • Bitdefender XDR Sensor - Network: this license allows integration with the Network sensor.

    • Bitdefender XDR Sensor - Productivity: this license allows integration with the Office 365 sensors and the Google Workspace sensor.

    You can find a list of compatible licenses under Features by product


If this is your first time using XDR, we recommend checking out our XDR onboarding guide.