Skip to main content

Raw Events

Raw Events helps you filter which events GravityZone processes. The settings on this page are applicable at company level.

raw_events_cp_242085_en.png

This feature becomes available in the Configuration tab if you have the following:

  • GravityZone Business Security Enterprise or Bitdefender EDR license

  • One of the storage add-on licenses: GravityZone EDR 90 days Data Retention Add-on, GravityZone EDR 180 days Data Retention Add-on, or GravityZone EDR 365 days Data Retention Add-on

  • EDR or XDR module enabled

Note

The prerequisites listed above are for feature availability and certain core endpoint-related events. However, certain event types within the Raw Events grid may have further prerequisites. Be sure to consult the Requirements column in GravityZoneControl Center or, for more detailed information, the individual requirements below this article.

Events are collected from available endpoints. Support is available for Windows, Linux, and macOS. To see which events are available for each type of operating system, you can check the OS type column. To see a full list of supported events, refer to Raw Events - Event types supported.

You can send these events to one feature at a time: either to a SIEM, to the Search feature, or to Bitdefender MDR.

To enable or disable events, follow these steps:

  1. Select the event types from the grid.

  2. Click Change status.

  3. Select either Enable or Disable.

  4. Click Accept.

Note

The changes you make on this page do not affect endpoints that have the following policy option enabled: Policies > General > Security Telemetry.

For more information on which events are sent to the Control Center and which are ignored, which events are aggregated and how, refer to Raw Events processing rules.