ON PREMISES SOLUTIONS

Control Center console

Control Center at a glance

This section serves as orientation through the GravityZone Control Center console and provides a quick description of all first level pages available in GravityZone. The pages are presented in the order that they appear in the console, from top to bottom.

Main Pages
89506_13.png
  1. Toggle menu view

    Use the View Menu button to view, hide, or expand the menu options. Click the button to run though the options sequentially, or double-click to skip.

  2. Main menu options

    The menu contains links to all the main Control Console pages.

  3. Pagination Toolbar

    Depending on the page that is displayed, the Page Toolbar contains buttons or drop-down menus that allow you to interact directly with the information being displayed on the page.

  4. Account Menu

    The Account Menu provides several account and company management options:

    • My Account. Click this option to manage your user account details and preferences.

    • Help & Support. Click this option to find help and support information.

    • Feedback. Click this option to display a form allowing you to edit and send your feedback messages regarding your experience with GravityZone.

    • Logout. Click this option to log out of your account.

  5. What's New

    After each Control Center product update, we add a short description of changes and additions in the What's New section, along with a link to the more detailed Release Notes.

  6. Help Mode

    Help Mode enables expandable tooltip boxes placed on Control Center items. You can easily find out useful information regarding the Control Center features.

  7. Notifications

    Notifications provide easy access to notification messages and also to the Notifications page.

  8. Page Content

    Displays and allows you to interact with information relevant to the page that is currently selected.

Control Center Pages
Dashboard
89506_1.png

The Dashboard consists of a series of portlets that provide you with security event information from your environment. You can customize the portlets and create your own, specifying the protection mechanism you would like the monitor and the time interval you would like to see in the data.

Portlets are interactive; if you wish to display further information on any event you can click on the datapoint in the portlet representing said event. Doing so will display a report that is representative of the time interval in which the event occurred and provides more in-depth information.

Executive Summary

The Executive Summary page presents a high-level, endpoint-focused version of the Dashboard, providing a series of widgets displaying details about endpoint modules, detections and taken actions, threat types and techniques, your company risk score, threat breakdowns, statistics and many more.

Note

As opposed to Dashboard portlets, the widgets in the Executive Summary screen are static and read-only.

Incidents
89506_2.png

The Incidents screen provides you with a list of recent security incidents going back 90 days, and the ability to search for security incidents in all your managed companies or using a variety of filters and search criteria.

Clicking any incident will display additional information about the event.

You can search for three types of incidents:

  • Extended Incidents

    Note

    Available in Ultra Plus.

    The Extended Incidents tab displays all organization-wide incidents which require further investigation.

  • Endpoint Incidents

    Note

    Available in Ultra, Ultra Plus and EDR companion standalone.

    The Endpoint Incidents tab displays all endpoint-related incidents detected by the BEST Cross-Technology Correlations module which require further investigation.

  • Detected Threats

    Note

    Available in Ultra, Ultra Plus and Elite.

    The Detected Threats tab displays a list of threats that have been identified and stopped (or reported, depending on your policies) by GravityZone prevention technologies.

Blocklist

Blocklists stop the spread of malware detected by EDR to other endpoints. To be able to identify these threats, they are given a hash value.

The Blocklist screen displays incidents related to a specific hash value and manage the hashes you are currently tracking.

Search

The search page provides you a complex search engine to locate incidents based on a high number of criteria and parameters. It also provides several predefined search options and the ability to save your preferred search criteria.

Custom Rules

The Custom Rules page allows you to create and manage rules that block or whitelist specific behavior or events.

  • Detections - They mark specific behavior that might occur in your environment as a valid detection. Any event matching this behavior will generate an appropriate incident.

  • Exclusions - They mark specific behavior that might occur in your environment as safe. Any event matching this behavior, even if it would normally be flagged, will not generate any event.

Network
89506_3.png

In the Network page you can display, search for, and manage your companies, networks and endpoints. For each entity you can perform various operations such as display additional information, create tasks and reports, assign policies, troubleshoot and more.

Packages

The Packages page allows you to manage, create, download and send installation kits.

You can customize an installation package to specify the language, modules, roles, scan mode and method of installation.

Tasks

The tasks page displays a list of all the tasks that were initiated inside your managed companies. Each task provides additional information. You can narrow down the list of displayed tasks by using several filters.

Risk Management
iorDashboardOverview.png

The Risk Management page provides you with a network and operating system risk overview and with the capability of creating and managing scan tasks. You can set the tasks to run recurrently on specific endpoints and choose from a large number of indicators of risk to search for to locate any vulnerabilities.

Security Risks

The Security Risks page displays the results of the scan tasks created in the Risk Management page. The results contain information on possible risks, affected devices and vulnerable users in a fully customizable grid formation with complex filtering options.

Companies View

As a partner, in the Companies View page you can display a high level overview of risk management applied over all your companies. You can view each company's risk score, search or filter out results and export lists as .csv files.

Policies
89506_5.png

In the Policies page you can create, customize and assign your company's security policies.

A policy specifies the security settings to be applied on target network inventory objects (computers, virtual machines or mobile devices). You can create as many policies as you need based on security requirements, for each type of managed network object.

Assignment rules

In the Assignment Rules page you can define user and location-aware policies. For example, you can apply more restrictive firewall rules when users connect to the internet from outside the company or you can enable Web Access Control for users that are not part of the administrators group.

Reports
89506_6.png

The Reports page allows you to create and view the results of multiple types of reports reports on the security status of your managed network objects. Reports can consolidate data from the entire network of managed network objects or from specific groups only can be used for multiple purposes.

Several different report types are available so that you can easily get the information you need. The information is presented as easy-to-read interactive charts and tables, allowing you to quickly check the network security status and identify security issues.

Ransomware Activity

The Ransomware Activity page provides information on the ransomware attacks that GravityZone has detected on the endpoints you manage, and provides you with the necessary tools to recover the files affected during the attacks.

Quarantine
89506_7.png

The Quarantine page provides on overview on all malicious files, such as malware-suspected, malware-infected or other unwanted files that have been detected by GravityZone protection. You can search or filter through the list of files, display additional information on each of them and decides on whether to restore, download or delete the files.

When a virus or other form of malware is in quarantine, it cannot do any harm because it cannot be executed or read. GravityZone moves files to quarantine according to the policies assigned to endpoints.

Companies
89506_11.png

The Company page provides you with a list of all managed companies and allows you to create additional companies or manage already existing ones. You can modify company information, login security settings, license usage and assigned protection modules.

Custom Fields

In the Custom Fields page you can manage, import and export custom fields used to store third party or other custom data and facilitating billing automation.

Accounts
89506_8.png

In the Accounts page you can create and manage all your company user accounts. For each user you can add personal information, modify login security settings and assign a default language, timezone and user role.

User Activity

You can use the User Activity page to search for any actions taken by a specific user on a specific company and logged by Control Center.

Sandbox Analyzer
89506_9.png

In the Sandbox Analyzer page you can configure the Sandbox Analyzer settings for automatic submission via Bitdefender Endpoint Security Tools.

Sandbox Analyzer provides a powerful layer of analysis by performing automatic detonation of suspicious content in a secure cloud environment, for files not yet signed by Bitdefender antimalware engines.

Manual Submission

In the Manual Submission page you can send samples of suspicious objects to Sandbox Analyzer,to determine whether they are threats or harmless files.

Email Security
89506_10.png

In the Email Security page you can access the Email Security console and create accounts for your managed companies.

Bitdefender Gravity Zone Email Security is a cloud-driven email security gateway able to protect any type of email service against various types of email-centric threat vectors.

Configuration
89506_12.png

In the Configuration page, you can configure settings related to Network Inventory, Offline Machine Cleanup, Login Security, Single Sign-on and Security Server.

Navigating GravityZone

Table data

Tables are frequently used throughout the console to organize data into an easy-to-use format.

table_data.png
Navigating through Pages

Tables with more than 20 entries span on several pages. By default, only 20 entries are displayed per page.

To move through the pages, use the navigation buttons at the bottom of the table. You can change the number of entries displayed on a page by selecting a different option from the menu next to the navigation buttons.

Searching for Specific Entries

To easily find specific entries, use the search boxes available below the column headers.

Enter the search term in the corresponding field. Matching items are displayed in the table as you type. To reset the table contents, clear the search fields.

Sorting Data

To sort data by a specific column, click the column header. Click the column header again to revert the sorting order.

Refreshing Table Data

To make sure the console displays the latest information, click the refresh.png Refresh button at the upper side of the table. This may be needed when you spend more time on the page.

Action toolbars

In Control Center, action toolbars allow you to perform specific operations pertaining to the section you are in.

Each toolbar consists of a set of icons that is usually placed at the upper side of the table.

For example, the action toolbar in the Reports section allows you to perform the following actions:

  • add.png Create a new report.

  • download.png Download a scheduled report.

  • delete.png Delete a scheduled report.

action_toolbar.png
Contextual menu

The action toolbar commands are also accessible from the contextual menu. Right-click the Control Center section you are currently using and select the command that you need from the available list.

contextual_menu.png