Skip to main content

Create reports in Splunk based on GravityZone data

This section explains how to create reports based on the events received from GravityZone in Splunk.

As a Bitdefender partner, you can integrate GravityZone with Splunk by using HTTP Event Collector and GravityZone APIs. Thus, you are able to send data from GravityZone Control Center directly to Splunk Enterprise or Splunk Cloud.

Create reports manually in Splunk

  1. Log in to Splunk and go to Search & Reporting.

    16419_1.png
  2. In the Search screen, select the interval that you are interested in and click Data Summary.

    16419_2.png
  3. In the new window, select your host associated to GravityZone.

    1. In the Events screen, from the left-side menu, select events to build your reports.

      16419_3.png

      Click Yes in the window to confirm your selection.

      16419_4.png

      For example, to build an Antimalware report, select any of the following events:

      • module

      • product_installed

      • companyId

      • computer_name

      • computer_fqdn

      • computer_ip

      • computer_id

      • malware_type

      • malware_name

      • hash

      • final_status

      • file_path

      • timestamp

      The results will be displayed in the right-side panel.

      You can configure the report as you want by selecting any kind of event. However, the GravityZone reports are defined by certain events. You can find the reports and their associated events in Public API.

    2. If you want other events, follow these steps:

      1. Click + Extract New Fields at the end of the list.

      2. In the new screen, select one event and click Next at the upper side of the page.

      3. Select Delimiters and click Next.

      4. Choose a delimiter, preferably Comma.

      5. The events appear in separate fields. Click them for renaming, if you need it.

      6. Under Save, at Extractions Name, enter a name.

      7. Click Finish.

  4. After configuring the events, click the Statistics tab.

  5. Click Pivot.

    16419_5.png
  6. In the new windows, choose Selected Fields and click OK.

  7. In New Pivot, choose the preferred type of chart and configure it.

    Example

    1. Select Column Chart.

    2. In the time rage, select the desired interval (e.g. last 7 days).

    3. Under X-Axis, at Field, select final_status.

    4. Under Y-Axis, at Field, select malware_name.

      The chart will show you the status of the malware detected in the last 7 days in your network.

  8. Click Save As… at the upper side of the chart and select Dashboard Panel.

    16419_6.png
  9. In the new window, fill in the required data. You can either create a new dashboard or edit an existing one.

  10. Click Save. The chart is now in your preferred dashboard. You can create your own GravityZone dashboard, with multiple charts, as shown the picture below.

    16419_7.png

Create reports by using Bitdefender GravityZone for Splunk app

Bitdefender GravityZone for Splunk app helps you predefine and view dashboards, reports and search for events. This application works together with Bitdefender GravityZone Add-on for Splunk.

For proper functioning with GravityZone Control Center, install these products on the Splunk platform in this order:

  1. Install Bitdefender GravityZone Add-on for Splunk. Click here to download.

  2. Install Bitdefender GravityZone for Splunk App. Click here to download.