www

Directly contact our Support Team

How to create reports based on data from GravityZone in Splunk

As a Bitdefender partner, you can integrate GravityZone with Splunk by using HTTP Event Collector and GravityZone APIs. Thus, you are able to send data from GravityZone Control Center directly to Splunk Enterprise or Splunk Cloud.

This article explains how to create reports in Splunk, based on the events received from GravityZone.

Create reports manually in Splunk

  1. Log in to Splunk and go to Search & Reporting.
    Image-Splunk-page-search-reporting
  2. In the Search screen, select the interval that you are interested in and click Data Summary.
    Image-Splunk-page-search
  3. In the new window, select your host associated to GravityZone.
    1. In the Events screen, from the left-side menu, select events to build your reports.
      Image-Splunk-page-events
      Click Yes in the window to confirm your selection.
      Image-Splunk-page-events-configure

      For example, to build an Antimalware report, select any of the following events:

      • module
      • product_installed
      • companyId
      • computer_name
      • computer_fqdn
      • computer_ip
      • computer_id
      • malware_type
      • malware_name
      • hash
      • final_status
      • file_path
      • timestamp

      The results will be displayed in the right-side panel.

      You can configure the report as you want by select any kind of events. However, the GravityZone reports are defined by certain events. You find the reports and their associated events in the GravityZone API Documentation guide, in Reference > Push > Event Types.

    2. If you want other events, follow these steps:
      1. Click + Extract New Fields at the end of the list.
      2. In the new screen, select one event and click Next at the upper side of the page.
      3. Select Delimiters and click Next.
      4. Choose a delimiter, preferably Comma.
      5. The events appear in separate fields. Click them for renaming, if you need it.
      6. Under Save, at Extractions Name, enter a name.
      7. Click Finish.
  4. After configuring the events, click the Statistics tab.
  5. Click Pivot.
    Image-Splunk-page-pivot
  6. In the new windows, choose Selected Fields and click OK.
  7. In New Pivot, choose the preferred type of chart and configure it.

    Example

    1. Select Column Chart.
    2. In the time rage, select the desired interval (e.g. last 7 days).
    3. Under X-Axis, at Field, select final_status.
    4. Under Y-Axis, at Field, select malware_name.

      The chart will show you the status of the malware detected in the last 7 days in your network.

  8. Click Save As… at the upper side of the chart and select Dashboard Panel.
    Image-Splunk-page-dashboard
  9. In the new window, fill in the required data. You can either create a new dashboard or edit an existing one.
  10. Click Save. The chart is now in your preferred dashboard. You can create your own GravityZone dashboard, with multiple charts, as shown the picture below.
    Image-Splunk-dashboard-gravityzone

Create reports by using Bitdefender GravityZone for Splunk App

Bitdefender GravityZone for Splunk App helps you predefine and view dashboards, reports and search for events. This application works together with Bitdefender GravityZone Add-on for Splunk.

For proper functioning with GravityZone Control Center, install these products on the Splunk platform in this order:

  1. Install Bitdefender GravityZone Add-on for Splunk. Click here to download.
  2. Install Bitdefender GravityZone for Splunk App. Click here to download.
Can't find a solution for your problem? Open an email ticket and we will answer the question or concern in the shortest time possible.

Rate this article:

Submit