PARTNERS

Configure the integration

ConnectWise Automate requires access to GravityZone services. To authorize access, you need to generate an API key in GravityZone Control Center, then configure the integration in the Tools > Bitdefender GravityZone section of the ConnectWise Control Center.

This is what you have to take into account when configuring the integration:

Generate the API key

To generate the API key, follow these steps:

  1. Log in to GravityZone Control Center using your Partner account credentials.

  2. Click the username at the upper-right corner and choose My Account.

  3. Go to the API keys section and click Add at the top side of the table.

  4. Enable the following APIs:

    • Companies API

    • Licensing API

    • Packages API

    • Network API

    • Integrations API

    • Policies API

    • Reports API

    • Accounts API

    • Incidents API

    • Quarantine API

    • Event Push Service API

    api_key_cwa.png
  5. Click Save.

    An API key is generated. To prevent the leaking of sensitive information, do not share or distribute your own generated API keys.

  6. Copy the Access URL from the Control Center API section.

Plugin Settings

The Plugin Settings page contains data necessary to connect ConnectWise Automate to GravityZone, like access URL, API key and installation options for the Bitdefender security agent.

  1. In ConnectWise Automate Control Center, go to Tools > Bitdefender GravityZone > Plugin Settings.

    img-00-Tools-BD-GravityZone.png
  2. Under API Options, enter the URL of GravityZone console along with the generated API key and click Validate.

  3. Under Installation Options, select Automatically reboot if needed. This options useful when the computer needs to restart following the Bitdefender security agent installation. If you leave this check box unselected, the endpoint will remain unprotected until the next manual reboot.

  4. Click Advanced Settings at the upper right corner of the screen for more deployment options:

    1. In the new window, next to Automatic Deployment Retry, select the time interval on which the Bitdefender security agent will try again to install if an error occurs.

    2. Next to Download Timeout, select a time limit within which the installation package should be downloaded.

    3. Use the On/Off switch to enable or disable Setup Downloader for the security agent deployment.

      When Setup Downloader is enabled, the Bitdefender Plugin uses this file to deploy the Bitdefender security agent on Windows computers instead of the full kit.

      Note

      The Enable Setup Downloader option does not support Linux and macOS. On computers running Linux and macOS, the Plugin continues using the full kit when deploying the Bitdefender security agent.

    4. Click Save to apply the changes and to close the window.

      img24-plugin-settings-advanced.png
  5. Click Save Settings in the upper right corner of the screen to confirm the changes.

Alert Settings

In the Alert Settings page, you can configure the Bitdefender Plugin to send you alerts based on push notifications from GravityZone protection modules.

  1. Click Detect URL to auto discover the ConnectWise Automate Server and verify that the Callback URL field contains the correct address.

    img22-alert-settings.png
  2. Select the number of days for keeping old data (up to 120 days).

  3. Select check boxes to enable alerts for specific security events and for Blocked Threats or Current Threats (which are still present on computers). Alerts are available for the following security events:

    • Advanced Threat Control

    • Advanced Anti-Exploit

    • Antimalware

    • Antiphishing

    • Endpoint Detection and Response (EDR)

    • Hyper Detect

    • Network Attack Defense

    • Ransomware Mitigation

    • Web Traffic Scan

    For certain security events, such as Antiphishing, Ransomware Mitigation and Web Traffic Scan, you can only select Blocked Threats, as Bitdefender automatically takes action without waiting for user interaction.

    For EDR incidents, you can only enable alerts for all threats, with no option to select separately the blocked or current ones. This limitation is due to the complex nature of the EDR incidents, on which Bitdefender may take actions while monitoring and reporting them. Therefore, in order to have a complete incident coverage, it is critical to receive alerts for both current and blocked threats. Learn more about EDR incidents in ConnectWise Automate integration.

  4. Click Save Settings at the upper right corner of the screen to confirm your selection.

You can see the security events related to alerts in the GravityZone tab of the Client,Location and Computer screens. For details, refer to Security events.

Package Defaults

The integration creates a new deployment package in the GravityZone Control Center for each mapped client or location. Configure deployment packages to install the Bitdefender security agent on target machines.

img08.png
  1. In Automate Control Center navigate to Tools > Bitdefender GravityZone.

  2. Go to Package Defaults.

  3. Under Language, select the package language from the drop-down menu.

  4. Under Modules, select the protection module enabled in the default package.

  5. Under Installation, choose to uninstall existing security products or deploy on top of them.

  6. Under Settings, you can set an uninstall password for the security agent.

  7. Click Save Settings in the upper right-hand corner to confirm the changes.

Making changes in the Package Defaults page does not update deployment packages already existing in the GravityZone console. In this situation, you need to either manually update them in the GravityZone console or to recreate them.

To recreate a package, follow these steps:

  1. Delete the ConnectWise Automate deployment package from the GravityZone console.

  2. In Automate Control Center, go to Tools > Bitdefender GravityZone > Auto Deployment.

  3. Click Refresh Package List.

    The Plugin will recreate the deployment package based on the settings from the Package Defaults page.

Client Mapping

The Bitdefender Plugin creates company records for existing ConnectWise Automate clients within GravityZone Control Center. You can control the creation of these company records using the settings on the Client Mapping page. Also, during this process, you can configure the product type or subscriptions for the new companies.

img09.png

To automatically configure GravityZone companies associated with ConnectWise Automate clients, click the Auto Map button in the upper right corner of the page. Subsequent dialogs will ask you if you want to create GravityZone companies with random names and location based groups.

To manually configure GravityZone companies for clients without previous mapping:

  1. In the Bitdefender GravityZone Company column, click the corresponding entries for Automate clients.

  2. From the drop-down menu, choose one of the options:

    • Create Customer Record - creates a new company in GravityZone.

    • Ignore Customer - excludes that client from the mapping process (when using Auto Map, for example).

    • Select a GravityZone company already created to associate it to the ConnectWise Automate client.

  3. Optionally, in the Create Location based Group in GravityZone column, select the check boxes for clients for which you want this setting.

  4. Click the Save Client Mappings button. A configuration wizard will guide you through the synchronization process, which implies selecting the product type for the new companies and the available features. Follow the on-screen indications:

    1. Select the product. Depending on the product type, the Bitdefender security agent installed on computers belonging to that company will have certain features enabled.

      The following product types are available:

      • Endpoint Security, the fully-featured security solution, with all modules available for deployment on machines running Windows, Linux or macOS.

      • Bitdefender EDR, a lightweight Endpoint Detection and Response (EDR) solution for Windows-based systems that can run alongside any third-party protection platform.

      Click Continue.

    2. Select what add-ons to be available with the product type. Depending on the add-ons, you will be able to install the Bitdefender security agent with certain features.

      Click Continue.

    3. Configure the deployment package:

      1. Choose the default settings or customize the package by selecting certainmodules and options.

        Click Continue.

      2. Set preferences for installing and updating the Bitdefender security agent.

        Click Continue.

      The Plugin will create one or more companies in GravityZone having the specified product type. The Bitdefender security agent installed on computers within these companies will have features as configured in the wizard.

    4. Select the EDR rules you want to assign to the client, if applicable, and click Finish.

In case of clients already associated to GravityZone companies, changing the mapping does not move any installed Bitdefender agents to the newly selected companies within GravityZone Control Center. To show under the new company in GravityZone, you must uninstalled and then reinstall the Bitdefender agents.

Once a company mapped, you can reconfigure the product type and the available Bitdefender services in the Client Subscriptions page.

Note

The Bitdefender Plugin provisions companies for MSPs using Monthly Subscription, Monthly Subscription Trial, and Monthly License Trial.

Client Subscriptions

In the Client Subscriptions page, you can control, through the Bitdefender Plugin, the product type and the services enabled on clients.

img19.png
Configure services

To reconfigure the Bitdefender services for a client without changing the product type:

  1. In the upper left-side corner of the Client Subscriptions page, click to view clients by product type.

  2. Select or deselect the check boxes corresponding to the services you want to enable.

  3. Click the Save Settings button.

Note

This operation does not automatically update the existing deployment packages. When creating a new package, you need to enable the corresponding modules in the Package Defaults page.

Reconfigure the client

To reconfigure the client and change the product type between Endpoint Security and Bitdefender EDR for a client:

  1. In the upper left-side corner of the page, click to view clients by product type.

  2. Select the client for which to change the product.

  3. Click the Reconfigure Client button. A wizard will guide you through the process. Follow the on-screen indications:

    1. Select the product. The following product types are available:

      • Endpoint Security, the fully-featured security solution, with all modules available for deployment on machines running Windows, Linux or macOS.

      • Bitdefender EDR, a lightweight Endpoint Detection and Response (EDR) solution for Windows-based systems that can run alongside any third-party protection platform.

      Click Continue.

    2. Select what add-ons to be available with the product type. Depending on the add-ons, you will be able to install the Bitdefender security agent with certain features.

      Click Continue.

    3. Configure the deployment package:

      1. Choose the default settings, or customize the package by selecting certain modules and options.

        Click Continue.

      2. Set preferences for installing and updating the Bitdefender security agent.

        Click Continue.

    4. Select the EDR rules you want to assign to the client, if applicable, and click Finish.

    The product will change for that client.

After changing the product, you need to you need to reconfigure the Bitdefender security agent installed on computers from GravityZone in order to include the newfeatures. The existing product and its features expire in seven days.

Note

In case your license does not allow changing the product type for managed clients, the Reconfigure Client button replaces Change Product on the Client Subscriptions page. That means you can only modify the add-ons and the other settings within the existing product.

EDR Rules

In the EDR Rules section of the Bitdefender Plugin, you can create and manage custom rules to include or exclude specific behaviors from triggering incidents in Security Events.

img-01-edr-rules.png

EDR rules include two categories:

To view rules in each category, select the Detection or Exclusion above the grid area.

In the grid area, click the + icon next to a rule to view the clients to which that rule has been assigned. The greyed-out + icon indicates that the rule is not assigned to any clients.

To create and manage EDR rules, use the following options on the upper-side of the window:

  • Add Rule - click to create a new rule and select the clients that will use it.

  • Edit Rule - click to modify an existing rule, including the list of the clients that use it. To edit a rule, you first need to select the corresponding check box in the grid area.

  • Delete Rule - click to remove a rule you no longer need. To delete a rule, you first need to select the corresponding check box in the grid area.

  • Sync Rules - click to synchronize the existing rules in the Bitdefender Plugin and in the GravityZone console.

  • Refresh - click to update the page with the latest data.

Changes made to EDR rules in the Bitdefender Plugin also reflect in the GravityZone console, in the EDR Custom Rules section.

img-02-edr-rule-in-gravityzone.png

An EDR rule created in ConnectWise Automate as seen in GravityZone Control Center

The following sections describe how to create detection and exclusion rules. The procedure also applies to editing rules. For the procedure of creating EDR custom rules in the GravityZone console, refer to this topic.

Detection

The Detection category provides you the framework to create and manage custom detection rules, to mark specific behavior from your environment as a valid detection, and generate corresponding incidents in Security Events.

To create a detection rule, follow these steps:

  1. In the EDR Rules section, click the Detection tab.

  2. In the top-right corner, click Add Rule.

  3. In the subsequent page, fill in the following details:

    1. Name of the rule. This field is mandatory.

    2. A short description for easier rule identification.

    3. Target – select what type of element to include in the rule:

      • Process

      • File

      • Connection

      • Registry

    4. Status – specify whether the rule to be enabled or disabled.

    5. Tag – add specific tags for easier rule grouping and management. Press Enter after each tag or click inside the box.

    6. Severity – from the drop-down list, set the level of the triggered security event to Low, Medium, or High.

    img-04-add-detection-rule.png
  4. Under Criteria, specify the rule elements as follows:

    1. Select one of the options depending on the chosen target. For example, for target File, select element Name.

    2. Select the type of relationship between target and its value:

      • Is - includes all incidents with elements that match the exact value entered in the value field.

      • Contains - includes all incidents with elements that contain the value entered in the value field (for example wildcards, file extensions, etc.).

      • Is one of - includes all incidents with elements matching one of the values entered in the value field. The OR operator is applied between the entered values.

    3. Enter the specific value for each criteria.

      Note

      When entering multiple values for a criterion (when using the Is one of condition), you must press Enter after each value, to complete the action.

    criteria-details.png
  5. To add more criteria for this rule, click Add Criteria.

    Note

    The rule will trigger incidents that include every defined criteria. The AND operator is applied between multiple criteria added.

    To remove an entry, click the delete_inline.png icon.

  6. After all the criteria have been defined, click Next.

  7. In the Rule Application window, select the clients for which you want to apply the rule. Use the search box to find specific clients and the following buttons:

    • cw-plus.png - select all clients in the list.

    • cw-minus.png - click to deselect all clients in the list.

    • cw-return.png - click to undo changes (for example, a selection you have made).

    • cw-columns.png - click to display the clients on multiple columns with horizontal scroll bar instead of a single column with vertical scrolling bar.

    img-05-add-detection-rule-application.png

    The list displays only clients that have Endpoint Detection and Response (EDR) subscription and a valid client mapping. Loading the list might take a while depending on the on the number of available clients.

    Note

    You can add different clients later on when editing the rule. Deselecting a client will result in removing the rule from that client to which it was previously assigned.

  8. Click Finish to save the rule and apply it to the clients.

Exclusion

The Exclusion category provides you the framework to create and manage custom exclusion rules, to exclude incidents you find irrelevant for your organization, which otherwise would normally be flagged in Security Events.

To create an exclusion rule, follow these steps:

  1. In the EDR Rules section, click the Exclusion tab.

  2. In the top-right corner, click Add Rule.

  3. In the subsequent page, fill in the following details:

    1. Name of the rule. This field is mandatory.

    2. A short description for easier rule identification.

    3. Target – select what type of element to include in the rule:

      • Process

      • File

      • Connection

    4. Status – specify whether the rule to be enabled or disabled.

    5. Tag – add specific tags for easier rule grouping and management. Press Enter after each tag or click inside the box.

    6. Severity – from the drop-down list, set the level of the triggered security event to Low, Medium, or High.

    img-06-add-exclusion-rule.PNG
  4. Under Criteria, specify the rule elements as follows:

    1. Select one of the options depending on the chosen target. For example, for target File, select element Name.

    2. Select the type of relationship between target and its value:

      • Is - excludes all incidents with elements that match the exact value entered in the value field.

      • Contains - excludes all incidents with elements that contain the value entered in the value field (for example wildcards, file extensions, etc.).

      • Is one of - excludes all incidents with elements matching one of the values entered in the value field. The OR operator is applied between the entered values.

    3. Enter the specific value for each criteria.

      Note

      When entering multiple values for a criterion (when using the Is one of condition), you must press Enter after each value, to complete the action.

    criteria-details.png
  5. To add more criteria for this rule, click Add Criteria.

    Note

    The rule will trigger incidents that include every defined criteria. The AND operator is applied between multiple criteria added.

    To remove an entry, click the delete_inline.png icon.

  6. After all the criteria have been defined, click Next.

  7. In the Rule Application window, select the clients for which you want to apply the rule. Use the search box to find specific clients and the following buttons:

    • cw-plus.png - select all clients in the list.

    • cw-minus.png - click to deselect all clients in the list.

    • cw-return.png - click to undo changes (for example, a selection you have made).

    • cw-columns.png - click to display the clients on multiple columns with horizontal scroll bar instead of a single column with vertical scrolling bar.

    img-05-add-detection-rule-application.png

    The list displays only clients that have Endpoint Detection and Response (EDR) subscription and a valid client mapping. Loading the list might take a while depending on the on the number of available clients.

    Note

    You can add different clients later on when editing the rule. Deselecting a client will result in removing the rule from that client to which it was previously assigned.

  8. Click Finish to save the rule and apply it to the clients.

Computer Mapping

The integration automatically creates a record in Automate Control Center for computers with the Bitdefender security agent installed and maps computers associated with the GravityZone Control Center.

Computer mapping is required for the following functionalities to work correctly:

  • Quarantine management

  • Queue scans

  • View security event history

  • Alerts and monitors

If automatic mapping is unable to create a successful mapping, you can manually adjust this by completing the following steps:

  1. Click Change Computer Mapping on the Bitdefender tab on the computer screen.

  2. From the drop-down list select the target device in the GravityZone Control Center that you wish to link to.

  3. Select Save in the upper right-hand corner of the window to save the changes and close the window.