PARTNERS

Integrate GravityZone Cloud with Splunk

As a Bitdefender partner, you can integrate GravityZone with Splunk by using GravityZone APIs and Splunk HTTP Event Collector. With this service, you are able to send data from GravityZone Control Center directly to Splunk Enterprise or Splunk Cloud.

Prerequisites

To integrate GravityZone with Splunk, you must have at hand:

  1. Credentials for your GravityZone Cloud account.

  2. Credentials for your Splunk account (cloud or on-premises).

Optionally, you can use a script to automatically enable the integration.

For Bitdefender Splunk App to correlate data coming from GravityZone, you must install Bitdefender Splunk Add-on.

Integration steps

To use the GravityZone integration with Splunk you need to follow the steps listed in the index in the upper left side of the screen.

Enable Event Push API in GravityZone Control Center
  1. Log in to GravityZone Control Center.

  2. Go to My Account.

  3. Under API keys section, click Add.

  4. Select the Event Push Service API check box and click Save. The new key appears in the API Keys table.

    14099_1.png
  5. Click Save to preserve the changes made in My Account page.

Enable a new token for HTTP Event Collector in Splunk
  1. Log in to Splunk.

  2. Go to Settings > Data Inputs > HTTP Event Colector.

    14099_2.png
  3. Click New Token.

  4. In the Add Data screen, fill in the Name field, as suggested in the image below, and click Next.

    14099_3.png
  5. For Source type, click Select and choose _json.

    14099_4.png

    When using Bitdefender Splunk App, after installing Splunk Bitdefender Add-on, click Select and choose bitdefender:gz as the source.

    14099_5.png
  6. At Index, select a default index or create a new one. The events received by HTTP Event Collector will be inserted in the selected index.

  7. Click Review.

  8. Verify the data you entered and click Submit.

    The token has been created successfully. Copy the token value and save it. You will need it later to enable the integration.

    14099_6.png
  9. Go to Settings > Data Inputs > HTTP Event Collector and click Global Settings.

    14099_7.png
  10. In the new window, under All Tokens section, select Enabled.

    14099_8.png
  11. Click Save.