ON PREMISES SOLUTIONS

Notifications types

This is the list of available notifications types:

  • Malware Outbreak

    This notification is sent to the users that have at least 5% of all their managed network objects infected by the same malware.

    You can configure the malware outbreak threshold according to your needs in the Notifications Settings window. For more information, refer to Configuring Notification Settings.

    Syslog format availability: JSON, CEF

  • License Expires

    A notification is sent 30, seven days, and also one day before the license expires.

    Note

    You must have Manage Company right to view this notification.

    Syslog format availability: JSON, CEF

  • License Usage Limit Has Been Reached

    This notification is sent when all of the available licenses have been used.

    Syslog format availability: JSON, CEF

  • License Limit Is About To Be Reached

    This notification is sent when 90% of the available licenses have been used.

    Note

    You must have Manage Company right to view this notification.

    Syslog format availability: JSON, CEF

  • Servers License Usage Limit Has Been Reached

    This notification is sent when the number of protected servers reaches the limit specified on your license key.

    Note

    You must have Manage Company right to view this notification.

    Syslog format availability: JSON, CEF

  • Servers License Limit is About to Be Reached

    This notification is sent when 90% of the available license seats for servers have been used.

    Note

    You must have Manage Company right to view this notification.

    Syslog format availability: JSON, CEF

  • Exchange License Usage Limit Has Been Reached

    This notification is triggered each time the number of protected mailboxes from your Exchange servers reaches the limit specified on your license key.

    Note

    You must have Manage Company right to view this notification.

    Syslog format availability: JSON, CEF

  • Invalid Exchange user credentials

    This notification is sent when an on-demand scan task could not start on the target Exchange server due to invalid Exchange user credentials.

    Syslog format availability: JSON, CEF

  • Upgrade Status

    This notification is triggered weekly, if old product versions are found in your network.

    Syslog format availability: JSON, CEF

  • Update Available

    This notification informs you about the availability of a new GravityZone, new package or new product update.

    Syslog format availability: JSON, CEF

  • Internet Connection

    This notification is triggered when Internet connectivity changes are detected by the following processes:

    • License validation

    • Obtaining an Apple Certificate Signing Request

    • Communication with Apple and Android mobile devices

    • Accessing MyBitdefender account

    Syslog format availability: JSON, CEF

  • SMTP Connection

    This notification is sent each time BitdefenderGravityZone detects changes regarding the mail server connectivity.

    Syslog format availability: JSON, CEF

  • Mobile device users without email address

    This notification is sent after adding mobile devices to multiple users and one or several selected users have no email address specified for their account. This notification is intended to warn you that users with no specified email address cannot enroll the mobile devices assigned to them, since the activation details are automatically sent by email.

    For details about adding mobile devices to multiple users, refer to the GravityZone Installation Guide.

    Syslog format availability: JSON, CEF

  • Database Backup

    This notification informs you about the status of a scheduled database backup, whether successful or unsuccessful. If the database backup has failed, the notification message will display also the failure reason.

    For details about configuring GravityZone database backups, refer to the GravityZone Installation Guide.

    Syslog format availability: JSON, CEF

  • Exchange Malware Detected

    This notification informs you when malware is detected on an Exchange Server in your network.

  • Advanced Anti-Exploit

    This notification informs you when Advanced Anti-Exploit has detected exploit attempts in your network.

    Syslog format availability: JSON, CEF

  • Antimalware event

    This notification informs you when malware is detected on an endpoint in your network. This notification is created for each malware detection,providing details about the infected endpoint (name,IP, installed agent) the type of scan, detected malware, signature version,detection time and the scan engine type.

    Syslog format availability: JSON, CEF

  • Out of Sync Integration

    This notification is sent when an existing virtual platform integration could not synchronize with GravityZone. In the notification settings, you can select the integrations for which you want to be notified when a synchronization error occurs. You can check more information about the synchronization status in the notification details.

    Syslog format availability: JSON, CEF

  • Antiphishing event

    This notification informs you each time the endpoint agent blocks a known phishing web page from being accessed. This notification also provides details such as the endpoint that attempted to access the unsafe website (name and IP), installed agent or blocked URL.

    This notification informs you each time the endpoint agent detects a known phishing web page.

    Syslog format availability: JSON, CEF

  • Firewall event

    With this notification you are informed each time the firewall module of an installed agent has blocked a port scan or an application from accessing the network, according to applied policy.

    Syslog format availability: JSON, CEF

  • ATC/IDS event

    This notification is sent each time a potentially dangerous application is detected and blocked on an endpoint in your network. You will find details about the application type, name and path as well as the parent process ID and path and the command line that started the process, if the case.

    This notification is sent each time a potentially dangerous application is detected on an endpoint in your network. You will find details about the application type, name, and path as well as the parent process ID and path and the command line that started the process if the case.

    Syslog format availability: JSON, CEF

  • User Control event

    This notification is triggered each time a user activity such as web browsing or software application is blocked by the endpoint client according to applied policy.

    Syslog format availability: JSON, CEF

    Note

    User Control event notifications cannot be sent through email. Due to performance reasons, these notifications can only be sent via API to a SIEM platform.

  • Data Protection event

    This notification is sent each time data traffic is blocked on an endpoint according to data protection rules.

  • Product Modules event

    This notification is sent each time a security module of an installed agent gets enabled or disabled.

    Syslog format availability: JSON, CEF

  • Security Server Status event

    This type of notification provides information about the status changes of a certain Security Server installed in your network. The Security Server status changes refer to the following events: powered off / powered on, product update, security content update and reboot required.

    Syslog format availability: JSON, CEF

  • Overloaded Security Server event

    This notification is sent when the scan load on a Security Server in your network exceeds the defined threshold.

    Syslog format availability: JSON, CEF

  • Product Registration event

    This notification informs you when the registration status of an agent installed in your network has changed.

    Syslog format availability: JSON, CEF

  • Authentication Audit

    This notification informs you when another GravityZone account, except your own, was used to log in to Control Center from an unrecognized device.

    Syslog format availability: JSON, CEF

  • Login from New Device

    This notification informs you that your GravityZone account was used to log in to Control Center from a device you have not used for this purpose before. The notification is automatically configured to be visible both in Control Center and on email and you can only view it.

    Syslog format availability: JSON, CEF

  • Certificate Expires

    This notification informs you that a security certificate expires. The notification is sent 30, seven and one day prior to expiration date.

    Syslog format availability: JSON, CEF

  • GravityZone Update

    The notification is sent when a GravityZone update is completed. If failed, the update will run again in 24 hours.

    Syslog format availability: JSON, CEF

  • Task Status

    This notification informs you either each time a task status changes, or only when a task finishes, according to your preferences.

    Syslog format availability: JSON, CEF

  • Outdated Update Server

    This notification is sent when an update server in your network has outdated security content.

    Syslog format availability: JSON, CEF

  • Network Incidents event

    This notification is sent each time the Network Attack Defense module detects an attack attempt on your network. This notification also informs you if the attack attempt was conducted either from outside the network or from a compromised endpoint inside the network. Other details include data about the endpoint, attack technique, attacker’s IP, and the action taken by Network Attack Defense.

    Syslog format availability: JSON, CEF

  • Custom Report Has Been Generated

    This notification informs you when a query-based report has been generated.

    Syslog format availability: N/A

  • Detected Memory Violation

    This notification informs you when HVI detects an attack that violates the memory of protected virtual machines in Citrix Xen environment. The notification provides you with important details, such as the name and IP of the infected machine, incident description, the source and target of the attack, action taken to remove the threat and detection time.

    Notifications are created for the following incidents:

    • Attempts to use a memory area differently than the hypervisor has intended, via the Extended Page Tables (EPT).

    • Attempts of processes to inject code into other processes.

    • Attempts to change process addresses in the translation tables.

    • Attempts to change the Model Specific Registers (MSR).

    • Attempts to change the contents of specific Driver Objects or of the Interrupt Descriptor Table (IDT).

    • Attempts to load specific Control Registers (CR) with invalid values.

    • Attempts to load specific Extended Control Registers (XCR) with invalid values.

    • Attempts to change the Global or Interrupt Descriptor Tables.

    Note

    The HVI feature may be available for your GravityZone solution with a separate license key.

    Syslog format availability: JSON, CEF

  • New Application in Application Inventory

    This notification informs you when Application Control detects a new application installed on monitored endpoints.

    Syslog format availability: JSON, CEF

  • Blocked Application

    This notification informs you when Application Control blocked or would have blocked a process of an unauthorized application, depending on the module configuration (Production or Test Mode).

    Syslog format availability: JSON, CEF

  • Sandbox Analyzer Detection

    This notification alerts you every time Sandbox Analyzer detects a new threat among the submitted samples. You are presented with details such as hostname or IP of the endpoint, time and date of the detection, threat type, path, name, size of the files and the remediation action taken on each one.

    Note

    You will not receive notifications for clean analyzed samples. Information on all submitted samples is available in the Sandbox Analyzer Results (Deprecated) report and in the Sandbox Analyzer section, in the main menu of Control Center.

    Syslog format availability: JSON, CEF

  • HyperDetect Activity

    This notification informs you when HyperDetect finds any antimalware or unblocked events in the network. This notification is sent for each HyperDetect event and provides the following details:

    • Affected endpoint information (name, IP, installed agent)

    • Malware type and name

    • Infected file path. For file-less attacks it is provided the name of the executable used in the attack.

    • Infection status

    • The SHA256 hash of the malware executable

    • The type of the intended attack (targeted attack, grayware, exploits, ransomware, suspicious files and network traffic)

    • Detection level (Permissive, Normal, Aggressive)

    • Detection time and date

    Syslog format availability: JSON, CEF

    You can view details about the infection and further investigate the issues by generating a HyperDetect Activity report right from the Notifications page. To do so:

    1. In Control Center, click the notifications.png Notification button to display the Notification Area.

    2. Click the Show more link at the end of the notification to open the Notifications page.

    3. Click the View report button in the notification details. This opens the report configuration window.

    4. Configure the report if needed. For more information, refer to Creating Reports.

    5. Click Generate.

    Note

    To avoid spamming, you will receive maximum one notification per hour.

  • Out of Sync Integration

    This notification informs you when an integration has issues and can no longer synchronize. This may happen due to various resons such as integration details that have changed, or temporary unavailability of the server.

  • Missing Patch Issue

    This notification occurs when endpoints in your network are missing one or more available patches.

    GravityZone automatically sends a notification containing all findings within the last 24 hours to the notification date.

    You can view which endpoints are in this situation by clicking the View report button in notification details.

    By default, the notification refers to security patches, but you may configure it to inform you of non-security patches as well.

    Syslog format availability: JSON, CEF

  • Ransomware detection

    This notification informs you when GravityZone detects a ransomware attack within your network. You are provided with details regarding the targeted endpoint, the user that was logged in, the source of the attack, the number of encrypted files, and the time and date of the attack.

    At the time you receive the notification the attack is already blocked.

    The link in the notification will redirect you to the Ransomware Activity page, where you can view the list of encrypted files and restore them if needed.

    Syslog format availability: JSON, CEF

  • Storage Antimalware

    This notification is sent when malware is detected on an ICAP-compliant storage device. This notification is created for each malware detection, providing details about the infected storage device (name, IP, type), detected malware and detection time.

    Syslog format availability: JSON, CEF

  • Blocked Devices

    This notification is triggered when a blocked device or a device with read-only permission connects to the endpoint. If the exact same device connects multiple times in one hour, only one notification is sent during this interval. If the device connects again after one hour a new notification is triggered.

    Syslog format availability: JSON, CEF

  • Troubleshooting activity

    This notification informs you when a troubleshooting event in your network ends. You can view details about the event type and status, the troubleshooting target, the storage location where you can find the logs archive, and others.

    Syslog format availability: JSON, CEF

  • Security Container Status Update

    The notification informs you when the product update status changes for a Security Container installed in your network.

    Syslog format availability: JSON, CEF