Skip to main content

Integration and synchronization

The plugin relies on API Web Service to establish communication between Kaseya VSA and GravityZone and to import your inventory to GravityZone through a synchronization task.

Installing the Bitdefender Plugin

To install the Bitdefender Plugin, follow these steps:

  1. Log in to a computer with access to Kaseya resources.

  2. Download the plugin.

  3. Log in to Kaseya VSA.

  4. Go to System > Server Management > License Manager. If you do not see this option, consult your VSA Master Administrator.

  5. Select the Third Party tab on the right. If this tab is not present, you can enable it under System > Server Management > Configure and check the box labeled Enable Third Party App Installation Globally.

    Note

    This step applies only to VSA on-premises servers. On SaaS servers, the option is already enabled by Kaseya.

  6. Click kaseya_install.pngInstall.

  7. Locate the plugin you downloaded at step 2.

    Note

    The file must have the name Bitdefender.vsaz. Changing the name returns an error when installing it.

  8. Follow the on-screen instructions to install the package.

  9. You can see a new entry for Bitdefender in the Navigation Panel.

Note

When needed, you can install the same version of the plugin without uninstalling the existing one. This solution is recommended in case of issues with Kaseya Agent Procedures (they have been deleted or they do not appear anymore for some reason).

Updating the Bitdefender Plugin

New releases of the plugin may require updating your installation. To do that, you need to download the new VSAZ file and go through the installation process.

Note

To view the installed plugin version, check the System > Server Management > License Manager page of Kaseya VSA.

Configuring the integration

Kaseya VSA needs to access GravityZone services. To authorize access, you need to generate an API key in GravityZone and configure the integration.

Generating the API key

To generate the API key required for integration, follow these steps:

  1. Log in to GravityZone using your Partner account credentials.

  2. Click the username at the upper-right corner and choose My Account.

  3. Go to the API keys section and click add.png Add at the top side of the table.

  4. Enable the APIs that you want.

    img-02_GZ_API_keys.png

    Important

    The integration works with the least possible number of APIs as follows:

    • Companies API

    • Licensing API

    • Packages API

    • Network API

    • Policies API

    • Quarantine API

    • Event Push Service API

  5. Click Save.

    An API key is generated. To prevent the leaking of sensitive information, do not share or distribute your own generated API keys.

  6. Copy the Access URL from the Control Center API section.

Performing the integration

Using the API key you have generated, you now perform the actual integration of Kaseya VSA with GravityZone:

  1. Log into Kaseya VSA.

  2. In the navigation panel, click Bitdefender and go to General > Configuration.

  3. Enter the API key and API Access URL in the GravityZone Settings section, and click Next.

    img-03_gravityzone_integration_settings.png

  4. In the Recommended Policies screen, enable the option Create recommended policies.

    This option allows the Bitdefender Plugin to create security policies automatically in GravityZone, under your root company (for which you entered the API key), according to Bitdefender recommendations.

    The recommended policies are the following:

    • Kaseya - Aggressive

    • Kaseya - Normal

    • Kaseya - Permissive

    • Kaseya - Reporting

    During the process, the new policies replace the existing ones with the same same.

    If you disable this option, the recommended policies will not be created automatically.

    img-04_recommended_policies.png

  5. Click Save.

    You are redirected to the Help & Support page, where you can get started with the plugin.

Synchronizing the Kaseya inventory

The integration mirrors your managed inventory structure (Assets in Kaseya VSA) to GravityZoneControl Center through a synchronization task.

Following the synchronization, an endpoint management system continuously monitors both inventories to identify and solve synchronization issues.

Synchronization settings in the Configuration page

You can control the automatic synchronization process by using specific options of the Bitdefender Plugin in Bitdefender > General > Configuration. After making the desired changes, click Save at the bottom of the page to start synchronization. This may take a few minutes.

Note

In the Configuration page, click the kaseya_expand.pngPlus button to expand each section.

My Company

Enter the generated API key and API Access URL in the Bitdefender Settings section.

You can change the API details later by clicking the Change API Key button under this section.

To change the user under automatic inventory and agent tasks run, click the Take Task Ownership button. This option is useful later on, for example when the user who configured the integration becomes invalid and the sync tasks cannot run anymore. The button is visible if you have system or master role in Kaseya VSA. For details, refer to Fixing the token refresh issue with automatic sync tasks in Kaseya integration.

kaseya_configuration_change_api_take_task_p_119924_en.png

Inventory Synchronization

In this section you can configure settings regarding the inventory synchronization between Kaseya VSA and GravityZone and the handling of issues that may occur during the process.

  1. Select an Inventory Synchronization level:

    • Monitor & report synchronized inventory status to run without automatic event handling. This sync level is the default state.

    • Monitor & handle synchronized inventory status to run and perform automatic event handling.

    • Automatic inventory synchronization to run across the entire inventory and perform automatic event handling.

      Note

      • The inventory synchronization levels run only on associated and non-excluded entities.

      • You can configure the Automatic Handling settings for the Monitor & handle synchronized inventory status and the Automatic inventory synchronization levels.

  2. Choose the Default Synchronization Mode to include or exclude the entire inventory from the synchronization task.

    Note

    You can use this option to synchronize the entire inventory and exclude individual organizations and groups from this task. Alternatively, the option to exclude the entire inventory from synchronization and include specific entities is available.

    Synchronizing and excluding individual organizations and groups is available in the Inventory page.

  3. Configure Synchronization Event Handling settings.

    During the synchronization task, the differences between inventories generate synchronization events. Choose to handle these events either automatically or manually.

    The automatic actions taken on the synchronization events are described below:

    Event Type

    Automatic Action

    Destination Moved

    Move an item in destination inventory (GravityZone) to match the source inventory location (Kaseya).

    Destination Deleted

    Copy an item from the source inventory (Kaseya) to the destination inventory (GravityZone).

    Association Missing

    Create a link between items that have the same name and location in both inventories.

    Prefix-based Association Missing

    Create the link between items with the same name and location in both inventories, taking into account the destination contains the prefix set in Prefix Settings.

    Note

    For manual actions taken on synchronization events, refer to Fix Unhandled Events.

  4. Configure a prefix for creating new organizations or associating existing organizations during the synchronization:

    1. Enter your prefix name in the field.

    2. Select one or both options for prefix usage during synchronization.

    Note

    For prefix creation, you can choose Only if the name already exists to use the source organization name for the destination organization name. If the name is already taken, the plugin will use the prefix name you have entered.

Agents Synchronization

In this section you can configure settings for deploying the Bitdefender security agent (named Bitdefender Endpoint Security Tools) on machines in your Kaseya inventory.

  1. Select an Agents Synchronization level:

    • Monitor & report synchronized agent status to run without automatic event handling. This sync level is the default state.

    • Monitor & handle synchronized agent status to run and perform automatic event handling.

    • Automatic agent synchronization to run across all agents and perform automatic event handling.

      Note

      • The agents synchronization levels run only on associated and non-excluded entities.

      • You can configure the Automatic Handling settings for the Monitor & handle synchronized agent status and the Automatic agent synchronization levels.

      • You can configure the Deployment Window settings for the Monitor & handle synchronized agent status and the Automatic agent synchronization levels.

  2. Configure the Deployment Window for automatic and manual agent synchronization:

    • Start at > End at

      Runs the deployment within the specified time interval. Keep at least one hour between the start and the end of the time interval.

    • Deployment slots per hour

      Set the number of deployments per hour.

    • Skip if offline

      Skip deployment if the machine is offline.

    • Power up if offline

      Powers up any unprotected offline machine during the automatic agent synchronization task. Available only for Windows systems.

  3. Under Deployment Package, configure the default list of modules to install with the Bitdefender agent on all machines in organizations that do not have specific packages applied on yet, or are not in sync.

    While the package defined here applies to the entire inventory, you can override it by editing the existing packages for specific companies in the Subscription Management page.

    You can also override the default package settings by using the Configure and Sync option of the contextual menu in the Inventory page.

    Important

    Changes in the default deployment package apply to subsequent Bitdefender agent installations. They do not result in reconfiguring existing installations.

    img-05_default_deployment_package.png

  4. Configure Custom Action Handling settings to run an agent procedure when a reboot is required. For more information, refer to Kaseya Agent Procedures.

  5. Configure Synchronization Event Handling settings.

    During the synchronization task, the differences between the Bitdefender agent locations in the source (Kaseya VSA) and destination (GravityZone) inventories generate synchronization events. Choose to handle these events either automatically or manually.

    The automatic actions taken on the synchronization events are described below:

    Event Type

    Automatic Action

    Destination Moved

    Moves the Bitdefender security agent in destination inventory (GravityZone) to match the source inventory location (Kaseya), inside the same organization or between organizations.

    Rogue Bitdefender Endpoint Found

    Moves the Bitdefender security agent in destination inventory (GravityZone) to match the source inventory location (Kaseya) and force the uninstallation/reinstallation of the Bitdefender security agent.

    Destination Deleted

    Reinstalls the Bitdefender security agent.

    Install Bitdefender Agent

    Installs the Bitdefender security agent according to the Kaseya agent location.

    For manual actions taken on deployment events, refer to Fixing unhandled events.

  6. Choose download preferences for the Bitdefender security agent:

    • Setup Downloader

      Use a small-sized file to download and run Bitdefender agent installation files. You can use the Relay role to the Setup Downloader when you configure the installation package in GravityZone. For more information, refer to the GravityZone documentation.

    • Full Kit

      Use a large-sized file to run Bitdefender agent installation files. Configure Kaseya LAN Cache settings to use this full installation kit as the file source.

Alerts

In this section, you configure alerts for security events generated after Bitdefender detecting threats in your synchronized inventory. For details, refer to this topic.

Manual synchronization options in the Inventory page

You can run various operations, such a synchronization task, deploy the security agent, configure exclusions, and manage company associations manually, by using the contextual menu in the Inventory page.

  1. In the navigation panel, select Bitdefender.

  2. Navigate to Operations > Inventory

  3. Right-click any organization tree and select one of the following operations:

    • Synchronize Inventory

    • Configure and Sync Inventory

    • Exclude from Inventory Synchronization

    • Synchronize Agents

    • Exclude from Agents Synchronization

    • Manage Association

    Each of these operation is explained below.

Synchronize Inventory

Click kaseya_sync.pngSynchronize Inventory to synchronize your Kaseya VSA inventory with GravityZone.

Following this operation you can view and manage your inventory in GravityZone.

Configure and Sync Inventory

Click kaseya_config_and_sync.pngConfigure and Sync Inventory to configure the product type for the selected organization and synchronize it in GravityZone. When using this option to synchronize an organization for the first time, a corresponding company will be created in GravityZone.

Note

You can synchronize a child company only if the parent company is also synchronized.

After clicking Configure and Sync Inventory, a succession of windows will guide you through the configuration process. After each step, click Next.

  1. In the introduction window, click Start to begin.

  2. Select the product type. Depending on the product type, the Bitdefender security agent installed on machines belonging to that organization will have certain features enabled.

    The following options are available:

    • Endpoint Security, the fully-featured security solution, with all modules available for deployment on machines running Windows, Linux or macOS.

    • BitdefenderEDR, a lightweight Endpoint Detection and Response (EDR) solution for Windows-based systems that can run alongside third-party protection platforms.

  3. Select what add-ons will be available with the product type.

  4. Configure the installation package:

    1. Select what protection modules to install with the Bitdefender security agent on machines under that organization.

    2. Configure your preferences for installing and updating the Bitdefender security agent.

  5. Click Save and Sync.

Important

Changes in the deployment package apply to subsequent Bitdefender agent installations. They do not result in reconfiguring existing installations.

Exclude from Inventory Synchronization

Click kaseya_exclude_sync.pngExclude from Inventory Synchronization to exclude the selected entity from synchronization.

Note

Excluded entities are marked with the following icon kaseya_exclude_sync.png and do not generate inventory sync events. Excluded entities do not show up in GravityZone inventory. To include back the entity for synchronization, right-click it and select kaseya_include_sync.pngInclude for inventory synchronization.

Synchronize Agents

Click kaseya_install.pngSynchronize Agents and configure the deployment time:

  • Immediate deployment to install Bitdefender agent across your inventory.

  • Deployment in window to schedule Bitdefender agent installation using the settings from the Configuration > Agents Synchronization section.

  • Deployment in custom window to schedule Bitdefender agent installation regardless of the settings from the Configuration > Agents Synchronization section.

    You can configure these options:

    • Set time to start the deployment (machine time by default) and distribution window (deployment interval) configurable in hours and minutes.

    • Use server time instead of machine time.

    • Skip deployment if machines are offline.

    • Power up the machines that are offline so you can deploy the agent.

    Unlike the settings in the Configuration > Agents Synchronization section, you are not required to specify a number of deployment slots. That means the deployment will take place on all selected machines, in the same deployment window.

Once the options configured, click Synchronize to start the synchronization task.

Note

The option to remove competitor is available when configuring the installation package in the Subscription Management section.

Exclude from Agents Synchronization

Click kaseya_exclude_install.pngExclude from Agents Synchronization to exclude the selected entity from deployment.

Excluded entities are marked with the following icon kaseya_exclude_sync.png and do not generate agent sync events. To include the entity in the agent sync task, right-click it and select kaseya_include_sync.pngInclude for agents synchronization.

Note

  • For an excluded entity, synchronization and deployment can run only manually, by selecting kaseya_sync.pngSynchronize inventory and kaseya_install.pngSynchronize agents from the contextual menu for that entity. If you select these options from a parent node, they will not affect the excluded entity.

  • If an entity is deleted from the Kaseya inventory, the exclusions will be ignored and there will be generated Source Deleted events instead.

  • If there are unhandled events from the last synchronization, a pop-up window will inform you about them each time you access the Inventory page.

Manage Association

Click the kaseya_manage_install.pngManage Association option in the contextual menu to create custom associations, and to view and delete existing company associations. Custom associations are useful when the Bitdefender plugin is unable to make particular associations between Kaseya VSA and GravityZone inventories that you would want.

Note

The Manage Association option is available only to Kaseya VSA users with System or Master roles.

To create a custom association:

  1. In the Manage Association window, go to Name and select in the drop-down list the GravityZone company you want to associate with the current Kaseya organization. The list contains only companies that do not have other associations in Kaseya VSA.

    Once you make a selection, the Type, Address, and Phone fields are filled-in with details specified in GravityZone. Additional information indicate if the company has security managed by a partner or the company is suspended.

    Note

    Custom association between two organizations is only possible if their parent organizations are associated as well.

  2. Click Save.

To delete an association:

  1. Next to Name, click the delete.pngDelete icon.

  2. In the expanded area, a warning message informs you that the association will be deleted along all other associations under it. However, future synchronizations may restore some or all associations. To prevent this, select the Exclude the organization from synchronization option.

  3. Click Save.

Note

You cannot delete an association when inventory or agent tasks are running.

Managing endpoints

Use the Inventory page to browse for endpoints under your organizations inventory. The inventory page includes:

  • The organization tree pane, at the left side

  • The agents table at the right side

Below you have an overview of the status icons used and their meaning:

  • kaseya_not_synced.png Endpoint not synchronized.

  • kaseya_warning.png Unhandled events associated with the endpoint.

Searching the organization tree

The right-side pane displays entities alphabetically, by their organization ID. You can view the organization name when you hover the mouse over its ID.

The Search tree field from the right-side pane allows searching for organizations,with the results being highlighted.

You can search for organizations by the following attributes:

  • Entity name and ID (for example: Company_001)

  • Entity type (organization, group)

  • Entity synchronization status (events, sync_exclude, install_exclude, not_synced).

Example: When searching for events, all organizations and groups with events created for will be highlighted.

To filter the results, select the check-box Show only matches, under the Search tree field. When enabled, this option will display only the entities that match the search criteria.

Searching the agents table

You can search for agents from the selected inventory node using the search field at the upper side of the inventory table from the left-side pane. Table search applies only to the following columns: Kaseya Agent, IP and OS Info.

You can search the inventory table as follows:

  • Enter the search term that you want, for example, a part of the IP number, or a Kaseya agent name (machine ID).

  • Filter agent results by using the Online Status and OS filter columns.

  • Sort ascending / descending the current view items from the Kaseya Agent and Last Seen columns.

  • Browse the agents inventory using the pagination options at the lower side of the inventory table.

Using Views to filter agents

To create views for advanced agent filtering:

  1. Navigate to Audit > Run Audit.

  2. Click New. View Definitions window appears.

  3. Click Save As and enter a name.

  4. Configure filter attributes. For more information, refer to View Definitions in the Kaseya VSA User Guide.

  5. Click Save. Your View now appears in the Inventory section.

To filter agents using a view:

  1. In Kaseya VSA navigate to Bitdefender > Operations > Inventory.

  2. Click View to search for your configured filter.

Note

The View filter works only when none of your inventory entities is selected.

To deselect entities, click Clear Selection in the Inventory column.

Using the contextual menu

In the agents table, you can place your mouse pointer in the text area and right-click to access the contextual menu.

To select multiple non-adjacent agents, select the first endpoint check box of your intended selection and add other agents to your selection. To select all agents, click Select All at the top of the table.

Select the option that you want:

  • Synchronize agents settings:

    1. Immediate deployment to install Bitdefender agent across your inventory.

    2. Deployment window to schedule Bitdefender agent installation using the configured deployment window.

  • Competitor removal settings:

    1. Install and remove competitors to delete existing security agents.

    2. Install over competitor to install on top of existing security agents.

  • kaseya_exclude_sync.png Exclude agents from synchronization to exclude the target endpoint from the deployment task.

    The endpoint is excluded from a deployment task and does not generate a deployment event.

  • kaseya_start_scan.png Start Scan to run a task scan on the target endpoint.

    You can choose from the following scan options:

    • Quick Scan. This option uses in-the-cloud scanning to detect malware running in the system.

    • Full Scan. This option scans the entire system for all types of malware threatening its security, such as viruses, spyware, adware, rootkits and others.

    • Memory Scan. This options checks for any programs running in the endpoint's memory.

    To view scan results, log in to GravityZone Control Center and go to the Network > Tasks page.

    Note

    For more information about scan tasks, refer to the GravityZone documentation.

  • kaseya_uninstall.png Uninstall to remove the Bitdefender agent. The Bitdefender uninstall password protection prompts you, if configured in GravityZone Control Center. If this is required, fill in the password and select Uninstall to confirm.

    Note

    This option is available only for synchronized organizations and groups. The Bitdefender agent will be installed back if the agent is included in a deployment task.

To view agent information, click kaseya_endpoint_details_expand.png and check the applied policy name, agent versions, detection status, engines version, or the last security content update.

In this section: