Integration and synchronization
The plugin relies on API Web Service to establish communication between Kaseya VSA and GravityZone and to import your inventory to GravityZone through a synchronization task.
Installing the Bitdefender Plugin
To install the Bitdefender Plugin, follow these steps:
Log in to a computer with access to Kaseya resources.
Download the plugin.
Log in to Kaseya VSA.
Go to System > Server Management > License Manager. If you do not see this option, consult your VSA Master Administrator.
Select the Third Party tab on the right. If this tab is not present, you can enable it under System > Server Management > Configure and check the box labeled Enable Third Party App Installation Globally.
Note
This step applies only to VSA on-premises servers. On SaaS servers, the option is already enabled by Kaseya.
Click
Install.
Locate the plugin you downloaded at step 2.
Note
The file must have the name
Bitdefender.vsaz
. Changing the name returns an error when installing it.Follow the on-screen instructions to install the package.
You can see a new entry for Bitdefender in the Navigation Panel.
Note
When needed, you can install the same version of the plugin without uninstalling the existing one. This solution is recommended in case of issues with Kaseya Agent Procedures (they have been deleted or they do not appear anymore for some reason).
Updating the Bitdefender Plugin
New releases of the plugin may require updating your installation. To do that, you need to download the new VSAZ
file and go through the installation process.
Note
To view the installed plugin version, check the System > Server Management > License Manager page of Kaseya VSA.
Configuring the integration
Kaseya VSA needs to access GravityZone services. To authorize access, you need to generate an API key in GravityZone and configure the integration.
Generating the API key
To generate the API key required for integration, follow these steps:
Log in to GravityZone using your Partner account credentials.
Click the username at the upper-right corner and choose My Account.
Go to the API keys section and click
Add at the top side of the table.
Enable the APIs that you want.
Important
The integration works with the least possible number of APIs as follows:
Companies API
Licensing API
Packages API
Network API
Policies API
Quarantine API
Event Push Service API
Click Save.
An API key is generated. To prevent the leaking of sensitive information, do not share or distribute your own generated API keys.
Copy the Access URL from the Control Center API section.
Performing the integration
Using the API key you have generated, you now perform the actual integration of Kaseya VSA with GravityZone:
Log into Kaseya VSA.
In the navigation panel, click Bitdefender and go to General > Configuration.
Enter the API key and API Access URL in the GravityZone Settings section, and click Next.
In the Recommended Policies screen, enable the option Create recommended policies.
This option allows the Bitdefender Plugin to create security policies automatically in GravityZone, under your root company (for which you entered the API key), according to Bitdefender recommendations.
The recommended policies are the following:
Kaseya - Aggressive
Kaseya - Normal
Kaseya - Permissive
Kaseya - Reporting
During the process, the new policies replace the existing ones with the same same.
If you disable this option, the recommended policies will not be created automatically.
Click Save.
You are redirected to the Help & Support page, where you can get started with the plugin.
Synchronizing the Kaseya inventory
The integration mirrors your managed inventory structure (Assets in Kaseya VSA) to GravityZoneControl Center through a synchronization task.
Following the synchronization, an endpoint management system continuously monitors both inventories to identify and solve synchronization issues.
Synchronization settings in the Configuration page
You can control the automatic synchronization process by using specific options of the Bitdefender Plugin in Bitdefender > General > Configuration. After making the desired changes, click Save at the bottom of the page to start synchronization. This may take a few minutes.
Note
In the Configuration page, click the Plus button to expand each section.
My Company
Enter the generated API key and API Access URL in the Bitdefender Settings section.
You can change the API details later by clicking the Change API Key button under this section.
To change the user under automatic inventory and agent tasks run, click the Take Task Ownership button. This option is useful later on, for example when the user who configured the integration becomes invalid and the sync tasks cannot run anymore. The button is visible if you have system or master role in Kaseya VSA. For details, refer to Fixing the token refresh issue with automatic sync tasks in Kaseya integration.

Inventory Synchronization
In this section you can configure settings regarding the inventory synchronization between Kaseya VSA and GravityZone and the handling of issues that may occur during the process.
Select an Inventory Synchronization level:
Monitor & report synchronized inventory status to run without automatic event handling. This sync level is the default state.
Monitor & handle synchronized inventory status to run and perform automatic event handling.
Automatic inventory synchronization to run across the entire inventory and perform automatic event handling.
Note
The inventory synchronization levels run only on associated and non-excluded entities.
You can configure the Automatic Handling settings for the Monitor & handle synchronized inventory status and the Automatic inventory synchronization levels.
Choose the Default Synchronization Mode to include or exclude the entire inventory from the synchronization task.
Note
You can use this option to synchronize the entire inventory and exclude individual organizations and groups from this task. Alternatively, the option to exclude the entire inventory from synchronization and include specific entities is available.
Synchronizing and excluding individual organizations and groups is available in the Inventory page.
Configure Synchronization Event Handling settings.
During the synchronization task, the differences between inventories generate synchronization events. Choose to handle these events either automatically or manually.
The automatic actions taken on the synchronization events are described below:
Event Type
Automatic Action
Destination Moved
Move an item in destination inventory (GravityZone) to match the source inventory location (Kaseya).
Destination Deleted
Copy an item from the source inventory (Kaseya) to the destination inventory (GravityZone).
Association Missing
Create a link between items that have the same name and location in both inventories.
Prefix-based Association Missing
Create the link between items with the same name and location in both inventories, taking into account the destination contains the prefix set in Prefix Settings.
Note
For manual actions taken on synchronization events, refer to Fix Unhandled Events.
Configure a prefix for creating new organizations or associating existing organizations during the synchronization:
Enter your prefix name in the field.
Select one or both options for prefix usage during synchronization.
Note
For prefix creation, you can choose Only if the name already exists to use the source organization name for the destination organization name. If the name is already taken, the plugin will use the prefix name you have entered.
Agents Synchronization
In this section you can configure settings for deploying the Bitdefender security agent (named Bitdefender Endpoint Security Tools) on machines in your Kaseya inventory.
Select an Agents Synchronization level:
Monitor & report synchronized agent status to run without automatic event handling. This sync level is the default state.
Monitor & handle synchronized agent status to run and perform automatic event handling.
Automatic agent synchronization to run across all agents and perform automatic event handling.
Note
The agents synchronization levels run only on associated and non-excluded entities.
You can configure the Automatic Handling settings for the Monitor & handle synchronized agent status and the Automatic agent synchronization levels.
You can configure the Deployment Window settings for the Monitor & handle synchronized agent status and the Automatic agent synchronization levels.
Configure the Deployment Window for automatic and manual agent synchronization:
Start at > End at
Runs the deployment within the specified time interval. Keep at least one hour between the start and the end of the time interval.
Deployment slots per hour
Set the number of deployments per hour.
Skip if offline
Skip deployment if the machine is offline.
Power up if offline
Powers up any unprotected offline machine during the automatic agent synchronization task. Available only for Windows systems.
Under Deployment Package, configure the default list of modules to install with the Bitdefender agent on all machines in organizations that do not have specific packages applied on yet, or are not in sync.
While the package defined here applies to the entire inventory, you can override it by editing the existing packages for specific companies in the Subscription Management page.
You can also override the default package settings by using the Configure and Sync option of the contextual menu in the Inventory page.
Important
Changes in the default deployment package apply to subsequent Bitdefender agent installations. They do not result in reconfiguring existing installations.
Configure Custom Action Handling settings to run an agent procedure when a reboot is required. For more information, refer to Kaseya Agent Procedures.
Configure Synchronization Event Handling settings.
During the synchronization task, the differences between the Bitdefender agent locations in the source (Kaseya VSA) and destination (GravityZone) inventories generate synchronization events. Choose to handle these events either automatically or manually.
The automatic actions taken on the synchronization events are described below:
Event Type
Automatic Action
Destination Moved
Moves the Bitdefender security agent in destination inventory (GravityZone) to match the source inventory location (Kaseya), inside the same organization or between organizations.
Rogue Bitdefender Endpoint Found
Moves the Bitdefender security agent in destination inventory (GravityZone) to match the source inventory location (Kaseya) and force the uninstallation/reinstallation of the Bitdefender security agent.
Destination Deleted
Reinstalls the Bitdefender security agent.
Install Bitdefender Agent
Installs the Bitdefender security agent according to the Kaseya agent location.
For manual actions taken on deployment events, refer to Fixing unhandled events.
Choose download preferences for the Bitdefender security agent:
Setup Downloader
Use a small-sized file to download and run Bitdefender agent installation files. You can use the Relay role to the Setup Downloader when you configure the installation package in GravityZone. For more information, refer to the GravityZone documentation.
Full Kit
Use a large-sized file to run Bitdefender agent installation files. Configure Kaseya LAN Cache settings to use this full installation kit as the file source.
Alerts
In this section, you configure alerts for security events generated after Bitdefender detecting threats in your synchronized inventory. For details, refer to this topic.
Manual synchronization options in the Inventory page
You can run various operations, such a synchronization task, deploy the security agent, configure exclusions, and manage company associations manually, by using the contextual menu in the Inventory page.
In the navigation panel, select Bitdefender.
Navigate to Operations > Inventory
Right-click any organization tree and select one of the following operations:
Synchronize Inventory
Configure and Sync Inventory
Exclude from Inventory Synchronization
Synchronize Agents
Exclude from Agents Synchronization
Manage Association
Each of these operation is explained below.
Synchronize Inventory
Click Synchronize Inventory to synchronize your Kaseya VSA inventory with GravityZone.
Following this operation you can view and manage your inventory in GravityZone.
Configure and Sync Inventory
Click Configure and Sync Inventory to configure the product type for the selected organization and synchronize it in GravityZone. When using this option to synchronize an organization for the first time, a corresponding company will be created in GravityZone.
Note
You can synchronize a child company only if the parent company is also synchronized.
After clicking Configure and Sync Inventory, a succession of windows will guide you through the configuration process. After each step, click Next.
In the introduction window, click Start to begin.
Select the product type. Depending on the product type, the Bitdefender security agent installed on machines belonging to that organization will have certain features enabled.
The following options are available:
Endpoint Security, the fully-featured security solution, with all modules available for deployment on machines running Windows, Linux or macOS.
BitdefenderEDR, a lightweight Endpoint Detection and Response (EDR) solution for Windows-based systems that can run alongside third-party protection platforms.
Select what add-ons will be available with the product type.
Configure the installation package:
Select what protection modules to install with the Bitdefender security agent on machines under that organization.
Configure your preferences for installing and updating the Bitdefender security agent.
Click Save and Sync.
Important
Changes in the deployment package apply to subsequent Bitdefender agent installations. They do not result in reconfiguring existing installations.
Exclude from Inventory Synchronization
Click Exclude from Inventory Synchronization to exclude the selected entity from synchronization.
Note
Excluded entities are marked with the following icon and do not generate inventory sync events. Excluded entities do not show up in GravityZone inventory. To include back the entity for synchronization, right-click it and select
Include for inventory synchronization.
Synchronize Agents
Click Synchronize Agents and configure the deployment time:
Immediate deployment to install Bitdefender agent across your inventory.
Deployment in window to schedule Bitdefender agent installation using the settings from the Configuration > Agents Synchronization section.
Deployment in custom window to schedule Bitdefender agent installation regardless of the settings from the Configuration > Agents Synchronization section.
You can configure these options:
Set time to start the deployment (machine time by default) and distribution window (deployment interval) configurable in hours and minutes.
Use server time instead of machine time.
Skip deployment if machines are offline.
Power up the machines that are offline so you can deploy the agent.
Unlike the settings in the Configuration > Agents Synchronization section, you are not required to specify a number of deployment slots. That means the deployment will take place on all selected machines, in the same deployment window.
Once the options configured, click Synchronize to start the synchronization task.
Note
The option to remove competitor is available when configuring the installation package in the Subscription Management section.
Exclude from Agents Synchronization
Click Exclude from Agents Synchronization to exclude the selected entity from deployment.
Excluded entities are marked with the following icon and do not generate agent sync events. To include the entity in the agent sync task, right-click it and select
Include for agents synchronization.
Note
For an excluded entity, synchronization and deployment can run only manually, by selecting
Synchronize inventory and
Synchronize agents from the contextual menu for that entity. If you select these options from a parent node, they will not affect the excluded entity.
If an entity is deleted from the Kaseya inventory, the exclusions will be ignored and there will be generated Source Deleted events instead.
If there are unhandled events from the last synchronization, a pop-up window will inform you about them each time you access the Inventory page.
Manage Association
Click the Manage Association option in the contextual menu to create custom associations, and to view and delete existing company associations. Custom associations are useful when the Bitdefender plugin is unable to make particular associations between Kaseya VSA and GravityZone inventories that you would want.
Note
The Manage Association option is available only to Kaseya VSA users with System or Master roles.
To create a custom association:
In the Manage Association window, go to Name and select in the drop-down list the GravityZone company you want to associate with the current Kaseya organization. The list contains only companies that do not have other associations in Kaseya VSA.
Once you make a selection, the Type, Address, and Phone fields are filled-in with details specified in GravityZone. Additional information indicate if the company has security managed by a partner or the company is suspended.
Note
Custom association between two organizations is only possible if their parent organizations are associated as well.
Click Save.
To delete an association:
Next to Name, click the
Delete icon.
In the expanded area, a warning message informs you that the association will be deleted along all other associations under it. However, future synchronizations may restore some or all associations. To prevent this, select the Exclude the organization from synchronization option.
Click Save.
Note
You cannot delete an association when inventory or agent tasks are running.
Managing endpoints
Use the Inventory page to browse for endpoints under your organizations inventory. The inventory page includes:
The organization tree pane, at the left side
The agents table at the right side
Below you have an overview of the status icons used and their meaning:
Endpoint not synchronized.
Unhandled events associated with the endpoint.
Searching the organization tree
The right-side pane displays entities alphabetically, by their organization ID. You can view the organization name when you hover the mouse over its ID.
The Search tree field from the right-side pane allows searching for organizations,with the results being highlighted.
You can search for organizations by the following attributes:
Entity name and ID (for example:
Company_001
)Entity type (
organization, group
)Entity synchronization status (
events, sync_exclude, install_exclude, not_synced
).
Example: When searching for events
, all organizations and groups with events created for will be highlighted.
To filter the results, select the check-box Show only matches, under the Search tree field. When enabled, this option will display only the entities that match the search criteria.
Searching the agents table
You can search for agents from the selected inventory node using the search field at the upper side of the inventory table from the left-side pane. Table search applies only to the following columns: Kaseya Agent, IP and OS Info.
You can search the inventory table as follows:
Enter the search term that you want, for example, a part of the IP number, or a Kaseya agent name (machine ID).
Filter agent results by using the Online Status and OS filter columns.
Sort ascending / descending the current view items from the Kaseya Agent and Last Seen columns.
Browse the agents inventory using the pagination options at the lower side of the inventory table.
Using Views to filter agents
To create views for advanced agent filtering:
Navigate to Audit > Run Audit.
Click New. View Definitions window appears.
Click Save As and enter a name.
Configure filter attributes. For more information, refer to View Definitions in the Kaseya VSA User Guide.
Click Save. Your View now appears in the Inventory section.
To filter agents using a view:
In Kaseya VSA navigate to Bitdefender > Operations > Inventory.
Click View to search for your configured filter.
Note
The View filter works only when none of your inventory entities is selected.
To deselect entities, click Clear Selection in the Inventory column.
Using the contextual menu
In the agents table, you can place your mouse pointer in the text area and right-click to access the contextual menu.
To select multiple non-adjacent agents, select the first endpoint check box of your intended selection and add other agents to your selection. To select all agents, click Select All at the top of the table.
Select the option that you want:
Synchronize agents settings:
Immediate deployment to install Bitdefender agent across your inventory.
Deployment window to schedule Bitdefender agent installation using the configured deployment window.
Competitor removal settings:
Install and remove competitors to delete existing security agents.
Install over competitor to install on top of existing security agents.
Exclude agents from synchronization to exclude the target endpoint from the deployment task.
The endpoint is excluded from a deployment task and does not generate a deployment event.
Start Scan to run a task scan on the target endpoint.
You can choose from the following scan options:
Quick Scan. This option uses in-the-cloud scanning to detect malware running in the system.
Full Scan. This option scans the entire system for all types of malware threatening its security, such as viruses, spyware, adware, rootkits and others.
Memory Scan. This options checks for any programs running in the endpoint's memory.
To view scan results, log in to GravityZone Control Center and go to the Network > Tasks page.
Note
For more information about scan tasks, refer to the GravityZone documentation.
Uninstall to remove the Bitdefender agent. The Bitdefender uninstall password protection prompts you, if configured in GravityZone Control Center. If this is required, fill in the password and select Uninstall to confirm.
Note
This option is available only for synchronized organizations and groups. The Bitdefender agent will be installed back if the agent is included in a deployment task.
To view agent information, click and check the applied policy name, agent versions, detection status, engines version, or the last security content update.