Skip to main content

Integrity Monitoring events

When a file is modified, a new entry is added in Reports > Integrity Monitoring Events.

The Integrity Monitoring Events page has the following filter options:

  • Event date

  • Endpoint

  • Change. This filtering option allows you to select one or multiple types of changes: All, Created, Updated, Deleted, and Renamed.

  • Severity. This filtering option allows you to select the severity type: All, Low, Medium, High, and Critical.

  • Category. This filtering option allows you to select the event category:

    • Bitdefender Trusted - these are events triggered by processes that have an image path considered safe by Bitdefender. On Windows endpoints, the image paths are also checked for a valid digital signature.

    • Unapproved - these are events that have been triggered based on the rules applied in the policy.

    • Approved - these are events that were initially marked as Unapproved, but were later changed by the user.

    You can change the category of the events by following these steps:

    1. Select the events you want to change the category for.

    2. Select their new status from the Change Category dropdown list.

      gravityzone_cl_pt_fim_cange_category.png
  • More. This filtering option allows you to select other options: All, Reason, Entity type, Location, and User.

Note

Integrity Monitoring displays up to 5000 events/hour. If this number is reached, events are no longer sent to GravityZone for the next hour.

Event details window

The Event details window is available on the right side of the page once you have selected an event. Here, you can see what changes have been made that triggered that event.

You can resize the Events details window by dragging the four dots.

The Event details window has the following fields:

  • General information:

    • Reason: the rule set applied that triggered the event.

    • Event date

    • Severity

    • Endpoint name

    • User: the endpoint user that modified the file.

  • Details:

    • Event type

    • Location

    • Change type

  • Attribute changes:

    • Size (old)

    • Size (new)

    • Hash (old)

    • Hash (new)

    • Last modified (old)

    • Last modified (new)

Note

On Windows, user-specific events can only be monitored if Audit Account Management is enabled. For more information, refer to Audit Account Management.