Skip to main content

Security Events

The Security Events section displays information regarding detections made by Bitdefender protection modules and relies on the Event Push Service API from GravityZone Control Center.

Double-click clients, locations and computers in ConnectWise Automate Control Center to view the Security Events section in the Bitdefender GravityZone tab of the corresponding screens.

The following security events are available with the Bitdefender Plugin:

  • Advanced Threat Control

  • Advanced Anti-Exploit

  • Antimalware

  • Antiphishing

  • Endpoint Detection and Response

  • Firewall

  • Hyper Detect

  • Network Attack Defense

  • Ransomware Mitigation

  • Sandbox Analyzer

  • Web Traffic Scan

Each event corresponds to an alert you can configure in Tools > Bitdefender GravityZone > Configuration > Alert Settings.

Security events also have associated monitors. For details on how to operate them, refer to Monitors.

Advanced Threat Control

This page displays information regarding detections made by the Advanced Threat Control module. It includes details such as:

  • Computer name

  • Process path

  • Exploit type

  • Process status

  • When the threat was last blocked

img20-events-atc.png

Advanced Anti-Exploit

This page displays information regarding detections by the Advanced Anti-Exploit module. It includes details such as:

  • Computer name

  • Technique

  • Action taken on the exploited process

  • Process ID

  • Process path

  • Parent process ID

  • Parent process path

  • CVE

  • Detection time

Antimalware

This page displays information regarding detections made by the Antimalware module. It includes details such as:

  • Computer name

  • Malware name

  • Malware type

  • Infection status

  • Infected file name

  • Detection time

Antiphishing

This page displays information regarding detections made by the Content Control module. It includes details such as:

  • Computer name

  • Threat type

  • URL

  • Status

  • Timestamp

Endpoint Detection and Response

This page displays information regarding incidents monitored and reported by the Endpoint Detection and Response module. The main details include:

  • Location (available in the Client screen)

  • Computer name (available in the Client and Location screens)

  • Incident ID

  • Detection name

  • ATT&CK techniques

  • Severity

  • Main action taken

  • Last time the incident was updated with new information

Reporting on EDR incidents is much more complex. You can find all the details in the tickets generated by these incidents in the Service Desk > Tickets section of the ConnectWise Automate Control Center. Learn how tickets are generated in ConnectWise Automate and ConnectWise Manage in this article.

Firewall

This page displays information regarding detection made by the Firewall module. It includes the following details:

  • Status

  • Source IP

  • Port

  • Application path

  • Protocol

  • Date when the threat was last blocked

cw-automate_firewall_p_171108_en.png

Hyper Detect

This page displays information regarding detections made by the Hyper Detect module. It includes the following details:

  • Location

  • Computer name

  • Malware type

  • Malware name

  • File path

  • Fileless attack (yes or no)

  • Attack type

  • Status (action taken)

  • Detection time

Network Attack Defense

This page displays information regarding detections made by the Network Attack Defense module. It includes details such as:

  • Computer name

  • Attack technique

  • Detection name

  • Victim’s IP address

  • Attacker’s IP address

  • Port

  • Action taken by Bitdefender

Ransomware Mitigation

This page displays information regarding detections made by the Antimalware module. It includes details such as:

  • Computer name

  • Attack type

  • Ransomware source

  • The number of encrypted files

  • Detection time

Sandbox Analyzer

This page displays information regarding detections made by the Sandbox Analyzer module. It includes the following details:

  • Threat type

  • File path

  • File size

  • Remediation action

  • Detection time

cw-automate_sandbox_analyzer_p_171108_en.png

Web Traffic Scan

This page displays information regarding detections made by the Content Control module. It includes details such as:

  • Computer name

  • Threat type

  • URL

  • Timestamp

  • Access to website