Raw Events
Raw Events helps you filter which events GravityZone processes. The settings on this page are applicable at company level.
This feature becomes available in the Configuration tab if a company has the following:
A license that provides access to the EDR feature.
A license that provides access one of the EDR Data Retention add-ons.
Managed endpoints that have the BEST agent installed with the EDR sensor module enabled and a policy applied with the EDR feature.
Note
The prerequisites listed above are for feature availability and certain core endpoint-related events. However, certain event types within the Raw Events grid may have further prerequisites. Be sure to consult the Requirements column in GravityZone Control Center or, for more detailed information, the individual requirements below this article.
Partners can view data from multiple companies, as long as they meet the prerequisites mentioned above.
Events are collected from available endpoints. Support is available for Windows, Linux, and macOS. To see which events are available for each type of operating system, you can check the OS type column. To see a full list of supported events, refer to Raw Events - Event types supported.
You can send these events to one feature at a time: either to a SIEM, to the Search feature, or to Bitdefender MDR.
To enable or disable events, follow these steps:
Select the event types from the grid.
Click Change status.
Select either Enable or Disable.
Click Accept.
Note
The changes you make on this page do not affect endpoints that have the following policy option enabled: Policies > General > Security Telemetry.
For more information on which events are sent to the Control Center and which are ignored, which events are aggregated and how, refer to Raw Events processing rules.