Skip to main content

Notification types

This is the list of available notification types:

  • Malware Outbreak

    This notification is sent to the users that have at least 5% of all their managed network objects infected by the same malware.

    You can configure the malware outbreak threshold according to your needs in the Notifications Settings window. For more information, refer to Configuring Notification Settings.

  • License Expires

    A notification is sent 90, 30, 7 days, and also one day before the license expires. The notifications will include company information, product name, the expired license keys and useful URLs.

    Note

    You must have Manage Company right to view this notification.

  • License Usage Limit Has Been Reached or Exceeded

    This notification is sent when all of the available licenses have been used. In case the number of installations exceeds the license limit, the notification shows the unlicensed endpoints within the past 24 hours.

    Note

    You must have Manage Company right to view this notification.

  • License Limit Is About To Be Reached

    This notification is sent when 90% of the available licenses have been used.

    Note

    You must have Manage Company right to view this notification.

  • Servers License Usage Limit Has Been Reached

    This notification is sent when the number of protected servers reaches the limit specified on your license key.

    Note

    You must have Manage Company right to view this notification.

  • Servers License Limit is About to Be Reached

    This notification is sent when 90% of the available license seats for servers have been used.

    Note

    You must have Manage Company right to view this notification.

  • Exchange License Usage Limit Has Been Reached

    This notification is triggered each time the number of protected mailboxes from your Exchange servers reaches the limit specified on your license key.

  • Invalid Exchange user credentials

    This notification is sent when an on-demand scan task could not start on the target Exchange server due to invalid Exchange user credentials.

  • Advanced Anti-Exploit

    This notification informs you when Advanced Anti-Exploit has detected exploit attempts in your network.

  • Antiphishing event

    This notification informs you each time the endpoint agent blocks a known phishing web page from being accessed. This notification also provides details such as the endpoint that attempted to access the unsafe website (name and IP), installed agent or blocked URL.

  • Firewall event

    With this notification you are informed each time the firewall module of an installed agent has blocked a port scan or an application from accessing the network, according to applied policy.

  • ATC/IDS event

    This notification is sent each time a potentially dangerous application is detected on an endpoint in your network. You will find details about the application type, name, and path as well as the parent process ID and path and the command line that started the process if the case.

  • Content Control event

    This notification is triggered each time a user activity such as web browsing or software application is blocked by the endpoint client according to applied policy.

    Note

    Content Control event notifications cannot be sent through email. Due to performance reasons, these notifications can only be sent via API to a SIEM platform.

  • Product Modules event

    This notification is sent each time a security module of an installed agent gets enabled or disabled.

  • Security Server Status event

    This type of notification provides information about the status changes of a certain Security Server installed in your network. The Security Server status changes refer to the following events: powered off / powered on, product update, security content update and reboot required.

  • Overloaded Security Server event

    This notification is sent when the scan load on a Security Server in your network exceeds the defined threshold.

  • Product Registration event

    This notification informs you when the registration status of an agent installed in your network has changed.

  • Amazon EC2 subscription activated

    This notification informs you that an Amazon EC2 integration has been successfully licensed.

  • Amazon EC2 subscription canceled

    This notification is triggered when an AWS subscription is canceled.

  • Amazon EC2 trial expires in 7 days

    This notification informs you that your Amazon EC2 trial will expire in 7 days.

  • Amazon EC2 trial expires tomorrow

    This notification is sent one day before the expiration of an Amazon EC2 trial.

  • Invalid Amazon EC2 credentials

    This notification is triggered when the AWS credentials are invalid.

  • Amazon EC2 trial started

    This notification informs you that an Amazon EC2 trial has started.

  • Amazon EC2 subscription type has changed

    This notification informs you that your Amazon EC2 subscription type has been changed.

  • Authentication Audit

    This notification informs you when another GravityZone account from your company, except your own, was used to log in to Control Center from an unrecognized device. If you select the Receive notification for child companies check box, notifications will be sent also for GravityZone accounts belonging to your managed companies.

    This notification informs you when another GravityZone account, except your own, was used to log in to Control Center from an unrecognized device.

  • Login from New Device

    This notification informs you that your GravityZone account was used to log in to Control Center from a device you have not used for this purpose before. The notification is automatically configured to be visible both in Control Center and on email and you can only view it. This notification also includes the email address of the account used.

  • Task Status

    This notification informs you either each time a task status changes, or only when a task finishes, according to your preferences.

    You can also receive this notification for scanning tasks triggered through NTSA.

  • Outdated Update Server

    This notification is sent when an Update Serverr in your network has outdated security content.

  • Network Attack Defense event

    This notification is sent each time the Network Attack Defense module detects an attack attempt on your network. This notification also informs you if the attack attempt was conducted either from outside the network or from a compromised endpoint inside the network. Other details include data about the endpoint, attack technique, attacker’s IP, and the action taken by Network Attack Defense.

  • Sensor integration status

    This notification informs you when the status of a sensor integration changes. You can configure this notification to alert you in the GravityZoneControl Center, via email, or both.

    By default, the notification is sent out every 2 hours if a sensor integration issue persists. But you can customize this time interval.

  • Sandbox Analyzer Detection

    This notification alerts you every time Sandbox Analyzer detects a new threat among the automatically submitted samples. You are presented with details such as company name, hostname or IP of the endpoint, time and date of the detection, threat type, path, name, size of the files and the remediation action taken on each one.

    This notification is not sent for manual submissions.

    Note

    You will not receive notifications for clean analyzed samples. Information on samples submitted by your company is available in the Sandbox Analyzer Results report. Information on samples submitted by your company is also available in the Sandbox Analyzer section, in the main menu of Control Center.

  • HyperDetect event

    This notification informs you when HyperDetect finds any antimalware or unblocked events in the network. This notification is sent for each HyperDetect event and provides the following details:

    • Affected endpoint information (name, IP, installed agent)

    • Malware type and name

    • Infected file path and parent process path. For file-less attacks it is provided the name of the executable used in the attack.

    • Infection status

    • The SHA256 hash of the malware executable

    • The type of the intended attack (targeted attack, grayware, exploits, ransomware, suspicious files and network traffic)

    • Detection level (Permissive, Normal, Aggressive)

    • Detection time and date

    • Detection type

    • Logged user

    • Company name

    • Command line used

    You can view details about the infection and further investigate the issues by generating a HyperDetect Activity report right from the Notifications page. To do so:

    1. In Control Center, click the gz_notifications_bell_icon_48451_c_p_op_en.pngNotification button to display the Notification Area.

    2. Click the Show more link at the end of the notification to open the Notifications page.

    3. Click the View report button in the notification details. This opens the report configuration window.

    4. Configure the report if needed. For more information, refer to Creating Reports.

    5. Click Generate.

    Note

    To avoid spamming, you will receive maximum one notification per hour.

  • Active Directory Integration Issue

    This notification informs you of issues that affect the synchronization with Active Directory.

  • Missing Patch Issue

    This notification occurs when endpoints in your network are missing one or more available patches.

    GravityZone automatically sends a notification containing all findings within the last 24 hours to the notification date. The notification is sent to all your user accounts.

    You can view which endpoints are in this situation by clicking the View report button in notification details.

    By default, the notification refers to security patches, but you may configure it to inform you of non-security patches as well.

  • New Incident

    This notification informs you when a new incident occurs. Once enabled, the notification is generated every time a new incident is displayed under the Incidents section of Control Center.

    Note

    In order to get notifications for new incidents, the minimum value for the Severity Score field is 10. However, you can adjust by entering any value between 10 and 100.

  • New incident assigned to you

    This notification informs you when a new incident has been assigned to you. The notification contains the incident number and additional relevant details.

  • Correlated incident

    This notification informs you that an incident assigned to you is correlated with another incident. The notification includes the incident number assigned to you and correlated parent incident number.

  • Ransomware detection

    This notification informs you when GravityZone detects a ransomware attack within your network. You are provided with details regarding the targeted endpoint, the user that was logged in, the source of the attack, the number of encrypted files, and the time and date of the attack.

    At the time you receive the notification the attack is already blocked.

    The link in the notification will redirect you to the Ransomware Activity page, where you can view the list of encrypted files and restore them if needed.

  • Storage Antimalware

    This notification is sent when malware is detected on an ICAP-compliant storage device. This notification is created for each malware detection, providing details about the infected storage device (name, IP, type), detected malware and detection time.

  • Troubleshooting activity

    This notification informs you when a troubleshooting event in your network ends. You can view details about the event type and status, the troubleshooting target, the storage location where you can find the logs archive, and others.

  • New Investigation Files Activity

    This notification is triggered when there are new requests related to:

    You can choose to enable notifications for remote shell uploads, downloads, or both. Remote shell upload notifications are sent when the files are successfully uploaded to the target endpoint. Remote shell download notifications are sent when the files are available for download in the Investigation Files Activity grid. For more details, refer to Retrieving downloaded files from Network inventory.

  • Security Container update status

    The notification informs you when the product update status changes for a Security Container installed in your network.

  • Partner download permission changed

    This notification informs you whenever your direct Bitdefender partner is granted or revoked access to retrieve and download quarantined files from your company.

    Note

    You must have Manage Company right to view this notification.

  • Password Expiration Enabled

    This notification informs you when the password expiration is enabled on your account.

  • Password Expiration Reminder

    This notification is sent daily, starting 10 days before your GravityZone password expires, to remind you that you need to change it.

    To quickly update the password, click the My Account button from the notification in Control Center.

  • Account Lockout Enabled

    This notification informs you when the account lockout is enabled on your account.

  • Account Locked Out

    This notification is sent via email to inform you that your account was locked out due to repeated login attempts with invalid passwords.

  • Anti-Tampering event

    This notification informs you whenever the security agent’s callback functions are maliciously removed or disabled, or vulnerable drivers are detected on endpoints.