Skip to main content


Raw Events

Raw Events helps you filter which events GravityZone processes. The settings on this page are applicable at company level.


This feature becomes available in the Configuration tab if you have the following:

  • GravityZone Business Security Enterprise or Bitdefender EDR license

  • One of the storage add-on licenses: GravityZone EDR 90 days Data Retention Add-on, GravityZone EDR 180 days Data Retention Add-on, or GravityZone EDR 365 days Data Retention Add-on

  • EDR or XDR module enabled


The prerequisites listed above are for feature availability and certain core endpoint-related events. However, certain event types within the Raw Events grid may have further prerequisites. Be sure to consult the Requirements column in GravityZone Control Center or, for more detailed information, the individual requirements below this article.

Events are collected from available endpoints. You can then send them to one feature at a time: either to a SIEM, to the Search feature, or to MDR.

To enable or disable events, follow these steps:

  1. Select the event types from the grid.

  2. Click Change status.

  3. Select either Enable or Disable.

  4. Click Accept.


The changes you make on this page do not affect endpoints that have the following policy option enabled: Policies > General > Security Telemetry.

For more information on which events are sent to the Control Center and which are ignored, which events are aggregated and how, refer to Raw Events processing rules.