GravityZone Control Center 

A new method is now available for the Network API: deleteTask. The method allows users to delete a specific task, identifying it using its task ID.

The GravityZone CSPM+ license now also provides access to cloud detection and response features, as follows:

Fixed an issue that caused inconsistencies between the number of non-compliant endpoints in the Endpoints policy status widget and the number reported in the Policy Compliance report.

Fixed an issue causing endpoints to incorrectly appear as isolated in GravityZone.

Due to an internal issue, scheduled Reconfigure agent tasks were running immediately on endpoints.

In some cases, users were forcefully logged out of GravityZone after attempting to delete multiple endpoints from the Network grid.

In some cases, the endpoints were not displayed in GravityZone despite BEST being successfully installed.

In some cases, importing a CSV with Content Control exclusions in Policy > Content Control > Web Access Control > Exclusions resulted in uppercase URLs being converted to lowercase, causing exclusions to fail.

Resolved an issue that caused the Incident Graph to fail loading due to an unexpected error.

Using the updateCompanyDetails method to update a company no longer incorrectly activates its subscription end date, incorrectly adding a value in the company's endSubscription attribute.

Fixed an issue causing an error message to appear when trying to save changes to a GravityZone company. This would occur due to an inconsistency in the company's recorded subscription end date.

Security fixes.

Vulnerable drivers

This pre-tampering technology detects vulnerable drivers on endpoints that can be exploited by attackers, posing threats to the integrity of the product. The technology is compatible with Windows and Linux operating systems.

Callback evasion

This post-tampering technology can detect when the security agent callback functions have been maliciously removed or disabled. New threats or unintentional human error could be engineered to potentially allow unauthorized access to the kernel, leading to compromised product integrity. The technology is compatible with Windows operating systems.

Customer type companies without a monthly subscription will now experience an improved experience when accessing the control center landing page. The page will feature user-friendly content that simplifies basic tasks and provides access to the latest news from Bitdefender.

You can now submit quarantined files to Bitdefender Labs directly from Quarantine. The new option Submit to Bitdefender Labs enables you to submit previously retrieved files for an in-depth analysis that can rule out possible false positive detections. You will receive the analysis results on the email address provided when submitting the file.

You can now remotely retrieve and download quarantined files from endpoints with Linux operating systems.

GravityZone email notifications now have a fresh design, revised email subjects and notification titles. Additionally, some notifications in GravityZone Control Center have been renamed. You can find more information in Changes to GravityZone email notifications.

The New incident notification has been improved: all configuration options have been merged into one. Exiting users, with any on the three settings activated prior to the update, now have the New incident notification enabled by default.

The Actions button from Configuration Profiles > Exclusions has been removed.

The Export Selection and Delete options, previously located under Configuration Profiles > Exclusions > Actions, have been added to the interface for better accessibility and ease of use.

GravityZone user account permissions now apply to existing roles from the Cloud Security console. Depending on the user rights assigned to your GravityZone account, you will have access only to specific features, actions or sections of the Cloud Security console.

On demand endpoint actions executed from an incident graph are now displayed in the response grid of that incident.

The status of tasks resulting from EDR response actions is now changed to Failed after being unresponsive for two days.

The Remediation button and the associated section have been removed from the Endpoint Incidents tab and are now available in the new EDR Response tab.

You can now manually mark endpoint response actions as done or dismissed from the Response grid.

The Contact Details section under the My company page is now called Contact details for GravityZone.

A new section is now available under the My company page: Contact details for Bitdefender MDR. This section contains mandatory information required to onboard a partner Company that is new to the MDR console. When saving the information, validation is required, and can be done by sending a code to the email address assigned to the contact.

The information in this section is mandatory to Partner companies that haven't enabled the MDR service and haven't initiated onboarding prior to this release. Until the information is filled in, they will not be able to enable the MDR service for their client companies own use.

Once the information has been saved, an Emergency Contact is automatically created in the Bitdefender MDR console. You can not change this information at a later date from GravityZone.

The requirements for activating the MDR service for reselling for client Partner companies are:

The requirements for the onboarding process to begin for a Partner company are:

Once all requirements are met, an automatic activation email is sent to the contact listed under Contact details for Bitdefender MDR.

The requirements for activating the MDR service for the own use of client Customer companies are:

Accounts API

Companies API

General API

Incidents API

Network API

In some cases, restoring the Docker host resulted in container duplication and the container inventory failing to load in the Network page.

Security fixes.

GravityZone users from companies using Business Security Premium license are not receiving New incident notifications.

YARA rules are now available on macOS endpoints starting with the following BEST version: 7.16.42.200016.

MSP Product Trials enables partners to enroll client companies in trials, allowing them to test out features, add-ons, and services that are not included in their subscription. The feature is being released in stages, in a controlled availability manner.

You can now filter detection events based on endpoint tags. Using automatic or custom tags helps you view events from specific endpoint groups and efficiently analyze and correlate detections.

Reported: includes Endpoint and Organization incidents upon which no action was taken and require further investigation.

Partially blocked: includes Organization incidents in which the automatic actions defined in the policies have been taken only on some entities.

Blocked: includes Endpoint incidents that were detected and blocked by GravityZone prevention modules.

Basics - covers GravityZone general use, technical assistance, legal aspects, and more.

Advanced Configuration - provides information on specific GravityZone features.

Packages API

Companies API

API Event Push Service

Entries related to creating or editing a policy now include the list of changed settings in the Details area. The settings are grouped by sections.

CSPM+. This new sensor collects telemetry about cloud platforms security posture from Cloud Security to enrich GravityZone XDR incidents and risk information.

Security for Mobile. This new sensor processes mobile device events collected from GravityZone Security for Mobile.

The Associated risks widget is now available in the Overview tab of the Incidents view window. The widget provides a graph detailing a breakdown of all known risks per entity type and links to related entities.

7.9.5.324 (Windows)

7.0.3.2271 (Linux)

7.14.32.200019 (macOS)

The Amazon EC2 integration experienced synchronization issues, which resulted in previously removed secured instances being displayed in the Network Inventory.

Some users experienced an issue where exclusions were still being applied, even when the Use Exclusions option was disabled in the Web access control settings section.

The Network section and the Policy Compliance report did not reflect changes made by Power User to the policy.

Security fixes.

The export functionality is now available in Health Dashboard. You can use this new option to access and manage the centralized data outside GravityZone Control Center, according to your needs. All events are exported in the widely available CSV format, making it easier to import into other software programs tailored for your business.

A new entry is now available in the Endpoint patch management widget. Patches available, not installed provides you with the number of endpoints in your network that have patches available, but no patch installation task was initiated to install them.

You can now enable sending telemetry data from your BEST protected endpoints to integrated platforms in syslog format. The option can be accessed by editing a policy, going to General > Security Telemetry and selecting Syslog (JSON) from the SIEM solution field under the SIEM Connection Settings section.

A new demo function is now available on the Incidents page. This feature simulates a scenario from multiple sensors and showcases the capabilities of the XDR feature.

You can access this new capability from the Show demo incident button, on the upper right side of the Incidents page.

A new GravityZone Cloud instance hosted in Singapore is now available.

Licensing compatibility extends to all GravityZone standard products with the exception of Free Risk Assessment Tool and GravityZone EDR Cloud.

It supports multiple Amazon EC2 inventories per company.

Users can now set names for Amazon EC2 integrations.

The Amazon EC2 integration aligns on the same level with Computers and Groups in Network Inventory.

The Integration tags tab now also displays AWS tags. They are available in the Information window of Amazon EC2 instances. You can use tags in Policies > Assignment Rules.

The Tasks Details panel now includes information about the Amazon EC2 integration name.

The new Amazon EC2 subscription type has changed notification informs you whenever your subscription type changes from Marketplace to Partner.

The User Activity page has been updated.

Amazon EC2 Subscription Status report is now available for any company using or managing Amazon EC2 integrations.

Partners can now suspend or reactivate integrations directly from the Amazon EC2 Subscription Status report.

The Amazon EC2 Monthly Usage report now contains two new columns: Integration Name and AWS Account ID.

The Integrations page now includes multiple new columns: Name, Status, Subscription type and Subscription status.

You can now submit quarantined files to Sandbox Analyzer directly from Quarantine. The new option Submit to Sandbox Analyzer enables you to submit previously retrieved files for an in-depth behavioral analysis.

Filtering quarantined files based on the technology that performed the detection is now available. The new Detecting technology filter and column helps you view manually quarantined files and files detected by multiple Antimalware and Integrity Monitoring technologies.

You can now remotely retrieve and download quarantined files from endpoints with macOS operating systems.

A new version (1.1) is now available for the following APIs and methods, providing various quality of life improvements:

The following changes have been performed for the Integrations API as a result of the changes done to AWS integrations:

The licensedServices parameter is now also returned by the getLicenseInfo method for companies using yearly licenses.

The possible values of the maxResults parameter have changed for the findCompaniesByName method.

A new option is available when creating a Monthly License Usage report: Only new customer companies. Enabling this option allows you to display monthly usage reports only for companies created between two specific dates.

Added Google Chrome to the Predefined Windows Applications list that you can find in the Antimalware > Advanced Anti-Exploit policy settings. Now you have the flexibility to customize browser protection based on your preferences.

Customers with CSPM+ licenses will now have an improved experience when accessing the Control Center landing page. The page will feature user-friendly content that simplifies basic tasks and provides access to the latest news from Bitdefender.

Companies using GravityZone Small Business Security can now enroll in Product Trials and and explore new features and products.

The settings in the Risk Management section have been changed: scheduled scans can now be set to run only daily or weekly.

MAC information for the following nodes:

If Endpoint or Server nodes have multiple IPs, the MAC information may contain multiple values.

One or multiple IP addresses for the following nodes:

One or multiple domain names for the IP node.

The Update Linux EDR modules using product update option has been removed from the General > Update page in the policy settings.

Fixed an issue that caused inconsistencies between detection events reported in Threats Xplorer and information displayed in HyperDetect Activity report.

Sometimes, endpoints under Active Directory integrations could not be used as network scanners for on-demand tasks.

Fixed an issue that was affecting the EC2 Monthly Usage report. Data was being returned for the month previous to the one requested in the report.

Fixed an issue where disabling EDR for own use on a partner company would incorrectly disable the Live Search feature for all their customers.

Scanned streams summary in the Scan Logs tab of endpoint details had some information duplicated.

Security fixes.

Remotely submitting logs using the Troubleshooting tab to Bitdefender Cloud fails for endpoints that communicate with the GravityZone console using a Relay. This issue affects only the new GravityZone Cloud instance introduced with this release.

Setting up a Security Server requires you to manually configure the communication server address using the option GZ Cloud Custom Address. This issue affects only the new GravityZone Cloud instance introduced with this release.

The feedback form is now enriched with more details to streamline the way you share your thoughts with us. Your insights, suggestions, and experiences with Health Dashboard play an important role in helping us enhance and refine the feature.

The Asset Inventory page is now available in the GravityZone Cloud Security Posture Management console.

You can use the feature to access an overview of your inventory list across your cloud resources, different cloud providers and accounts that you have onboarded.

The page consists of two sections:

API Integration is now available for GravityZone Cloud Security Posture Management. You can set up the new feature from the Integrations page in the  GravityZone Cloud Security Posture Management console.

A new remediation option is now available for supported findings detected on AWS cloud resources. This is available in the Posture Management > Rules page: One-click Remediate. The option is represented by a new icon in the rules table.

To allow GravityZone Cloud Security Posture Management to make changes to your selected AWS cloud account, an additional setup is required for this capability.

The new functionality is available for all license and company types and for endpoints with Windows operating systems.

You require Manage Networks and Manage Company rights to use the feature.

Child companies can allow their direct partner to retrieve and download files by enabling the option Your Bitdefender partner can download your quarantined files from the My company section. The Partner download permission changed notification is sent whenever this option is enabled or disabled.

The retrieved file is available for download within 24 hours after which it is automatically deleted and requires a new retrieve action.

The File size column was added to provide details about the size of the quarantined files.

New descriptions are available for locations and exclusions when defining negative conditions for location rules.

Bitdefender enforces in GravityZone the use of the HTTPS protocol for Bitdefender Endpoint Security Tools updates to enhance security. For more information, refer to this article.

New values are now available for the Field of activity option when creating or editing a company.

The detections calendar failed to display weekdays in the proper order after changing the language from the My account section.

Fixed an issue that caused inconsistencies in the count of unmanaged endpoints between Health Dashboard and the Network Protection Status report.

Fixed an issue that caused inconsistencies between the number of open incidents shown in the EDR - Incidents Status portlet and the Incidents view.

In some cases, expired Reconfigure agent tasks ran on endpoints after they came back online.

In some cases, users were unable to view scan logs from the Network inventory > Endpoint details > Scan Logs tab.

Fixed an issue causing incorrect search results to be returned in the name filter in the Risk Management > Security Risks > Misconfigurations page.

Security Server status is now enriched with new information and a structure that improves readability. The widget includes the total number of Security Servers in your company and a new category for underloaded Security Servers.

The new structure emphasizes three main categories: Total, Underloaded, Overloaded.

Endpoint update status is now available as two separate widgets to enhance flexibility and ease of use:

The Endpoint patch management widget now includes the total number of endpoints that have the Patch Management module installed.

Advanced Threat Intelligence

Managed Detection & Response

Cloud Security Posture Management

XDR

The name of the sensor is now displayed in the title setup window during integration.

Node details panel

Alert details panel opened from a node

Alert details panel opened from the Alerts/Events section

Security fixes.

Early Access enrollment is now available for GravityZone Cloud Security Posture Management.

With this feature, you can quickly onboard your cloud inventory, identify risky misconfigurations, and report on your adherence to renowned compliance frameworks.

You can now enroll your company in the Early Access program and use Health Dashboard regardless of the number of seats covered by your license.

You can now access and use Health Dashboard without any restrictions based on the network groups assigned to your account. You need to have visibility over at least one endpoint in your company.

Incidents generated by the EDR or Prevention Modules now display the name of the endpoint in the Entities column.

You can now click on the number of alerts in the Incident details panel to display the Alerts tab.

The new Smart views filtering feature allows you to customize the information that is displayed by the feature, including switching between Organizational and Endpoint incidents Smart views.

You can now use the Change Status button from the top of the Incidents grid to change the status of multiple incidents.

You can now perform bulk actions on all incident types.

New columns and filters are available in the Incidents page:

You can now suspend a user account from an integrated Google Workspace tenant.

You can now delete an email resource from a Google Workspace tenant user mailbox.

The Sensor Setup page now displays what license each type of sensor requires.

Changed the requirements for Azure AD sensor integration: You now require User Administrator and Global Administrator roles for your O365 application.

You can now save up to 50 queries in the Advanced search panel.

GravityZone sections such as Dashboard, Installation Packages, Network, Tasks, Patch Inventory, Maintenance Windows, and User Activity have been updated to support Patch Management for Mac.

When configuring a maintenance window, macOS applications are displayed separately from the Windows and Linux versions in the Vendors and Products section.

Reports such as Network Patch Status and Network Protection Status and notifications such as Missing patch issue now include information related to Patch Management on macOS endpoints.

Patch Management for Mac is available with existing GravityZone keys and it is licensed per managed endpoint, the same as for Windows and Linux.

This feature is available for macOS Big Sur (11.0) and later and requires Full Disk Access for the Bitdefender agent on endpoints.

There are now two methods of restoring emails from Quarantine:

The following secondary actions are now available when configuring Content filtering rules in GravityZone policies:

Users can now edit and delete all existing predefined rules in the policy.

The Firewall can be enabled on the Windows Server operating systems by performing the Reconfigure Task. The activation of the Firewall module is not automatic, even if Firewall is enabled in the policy.

Before enabling the module on their systems, it is important for users to assess and design their Firewall rules for servers. This is necessary to avoid potential service disruptions caused by the configuration of the ruleset, which may block traffic.

The Firewall icon from Installation Packages was updated, and now includes both Windows servers and workstations.

To find the supported Windows Server operating systems refer to this kb article.

Multiple schedules are now available in Configuration Profiles > Web Access Control Scheduler. This allows users to have more flexibility in setting up different time windows for Web Access Control. The Web rules list found in Content Control > Web Access Control Settings > Web Categories Filter has been moved under Policies > Configuration Profiles > Web Access Control Scheduler > Category Scheduler.

Users can now create new schedules with multiple time window settings and assign categories to each schedule. The categories will be removed from the policy and the new schedule will be mapped to a policy.

You can now exclude from scanning any financial domains from Network Protection > General > Network Protection > Intercept Encrypted Traffic > Exclude financial domains.

Network API

Accounts API

Maintenance Windows API

Quarantine API

Passwords reset links now expire after 24 hours. If the time has passed, you have to repeat the password reset request.

The Manage Networks right for GravityZone user accounts has been replaced by the following options:

Fixed an issue causing Email Security monthly usage to be registered for suspended companies.

Security fixes.

Managed, active, unmanaged, or offline endpoints

Endpoint types in your network inventory

Endpoints update status

Endpoints issues

Endpoints policy status

Modules coverage on your endpoints

Licensing information for your company

Endpoints encryption status

Patch status on your endpoints

Permission issues present on macOS endpoints

Security Server status

The Product Trials feature is now available for all companies that own one of these yearly licenses:

You can now access even more products through the Product Trials feature:

Bitdefender is launching three new MDR products:

The Response flavor is no longer available for the Managed Detection and Response service. The remaining flavor, Foundations, is now the default option. As a result, the service is now called Managed Detection and Response Foundations.

Applied new technology optimizations to improve platform performance.

Implemented internal optimizations for enhanced performance and stability of GravityZone.

Windows: 7.9.5.318 or newer

Linux: 7.0.3.2248 or newer

The grids and rule configuration pages have a new design.

Rule settings now include targets. You can now decide whether to apply the rule to the entire company or to specific groups by endpoint tags.

Clicking a grid entry brings up the details panel of the rule. It contains information about the rule, options for navigating rules and for editing the current rule. For custom detection rules, you can use the View alerts and View incidents buttons to switch to the Search and Incidents sections.

In the Incidents > Search section, you can now look up both custom detection rules and custom exclusion rules by using the other.rule_id field in your search query. You can still use the other.exclusion_id field to identify existing alerts for the next 90 days, after which the field will be deprecated.

The Custom detection rules and the Custom exclusion rules sections are now available to Partners even if they do not have an active EDR license on their account.

Partners can now control rules for their managed companies and can use the Company filter in the grid to view the rules created for each company. Customers can also view the rules Partners have applied on their company.

When switching to a new Partner, all custom rules created by the former Partner are disabled. The new Partner will not be able to view the rules applied by the former Partner.

Companies switching from a trial license to a monthly subscription will automatically have the Email redaction setting disabled.

New BEST for Linux installation packages are now available for systems with ARM architecture (AArch64).

Minor UI changes to the Add company and Edit company windows, including a different order for the Add-ons displayed in the Licensing tab.

Fixed an issue that was affecting the Endpoint Encryption Status report, where endpoints were missing, even if they had encryption module installed and active.

Fixed an issue that was preventing the On-demand Scanning report from correctly opening scan logs.

Full Disk Encryption

Patch Management

Security For Mobile

The Help & Support page has been redesigned and restructured. The page now provides an improved overall user experience.

Companies using the Bitdefender MDR service can no longer disable the Your Bitdefender partner can assist you with security management setting.

Partners can no longer disable the The company's Partner can assist with the security management setting for managed companies that use the Bitdefender MDR service.

You can only enable the Bitdefender MDR service for companies (either for own use, or resell) that have the Your Bitdefender partner can assist you with security management setting enabled.

The Remote Shell feature now supports file upload and download options on Linux endpoints, starting with BEST version 7.0.3.2217.

New Resource types have been added to the XDR Incidents feature.

The Reader role is required for the XDR sensor integration with Azure Cloud. For more information on how to adjust your sensor configuration, refer to Azure Cloud sensor prerequisites.

APIs keys are visible only at the time of creation. This now also includes the ones created prior to March 2023. Make sure you save all API keys in a safe location and do not share it with anyone.

Licensing API

Network API

Companies API

The toggle used for reverting to the previous version of the Installation Packages was removed.

The Reconfigure client task has undergone a redesign and has a new name: Reconfigure agent. It allows for the customization of settings that were initially configured during the installation of the endpoint protection solution.

A new Show all modules option has been added to the Remove menu and allows Admins/Partners to view all modules, regardless of license restrictions. The new option enables them to remove modules that were previously installed but are no longer usable/visible due to license changes or downgrades. This only applies to the Remove option in Reconfigure agent task.

The Scan mode option in Match list becomes available only when the selected endpoints belong to the same company and the Detection and prevention operation mode is chosen. If endpoints from different companies are selected, the Scan Mode section will not be visible.

Deleted virtual machines no longer appear as licensed.

Resolved an issue causing the license usage of a company to remain the same after an endpoint had been moved to another company.

GravityZone eXtended Detection and Response now supports events from Google Cloud Platform through a new sensor integration. The new sensor collects and processes audit information related to Google Cloud resources. The sensor can be configured through the Sensors Management.

A new notification type has been implemented: Sensor integration status. This notification informs you when the status of a sensor integration changes.

Licensing API

Company API

Network API

Packages API

Enabling the option will prompt the Relays to execute the Network Discovery task every 4 hours.

New customers have the option disabled by default, while the option remains enabled for any existing custom policies.

The Antiphishing and Traffic Scan features are now available as separate options under the Network Protection module when creating an installation package.

Renamed Network Protection > Web Protection > Traffic Scan to Web Traffic Scan in both GravityZone new and existing packages.

On the Tasks page, the new default value for the Company filter is All recursively, while for Start period it is Last 7 days.

Protection of corporate-owned or BYOD devices from advanced persistent threats, which includes implementing endpoint protection software, keeping software and firmware up to date, implementing network segmentation, and using multi-factor authentication.

Risk intelligence and forensic data necessary.

Detection across all four threat categories — device compromises, network attacks, phishing attempts and malicious apps.

Visibility for the Incident Response teams into mobile threats and risks through integrations with leading UEM, SIEM, SOAR, and XDR systems.

Application vetting to detect malicious apps (Android and iOS) and out of compliance application detection.

Network Protection by detecting network borne threats, recon attempts, weak security connections, MiTM attacks.

Device Protection by detecting OS vulnerabilities as well as vulnerable devices that cannot be updated, and missing encryption, jailbreak/root, system tampering.

The files are encrypted throughout the upload and download processes.

You can upload no more than 20 files at a time.

You can view and cancel file downloads by accessing the Network inventory > endpoint details > Investigation tab. You can also retrieve the downloaded files from this section.

If you want to be notified when the files are uploaded or downloaded, configure the New Investigation Files Activity notification type.

The Web rules action categories found in Content Control > Web Access Control Settings > Web Categories Filter have been updated with the new Warn action.

The new action type aims to enhance the administrator's comprehension of the report's warnings and blocks.

In the Security Audit Report, the Event Type column was updated to also filter events by Warned Websites, and Warned & Disregarded Websites.

A full installation kit is now available for BEST Windows endpoints that use ARM CPUs.

Search behavior in the company filter is now consistent across multiple pages such as Threats Xplorer, Quarantine, Tasks, Accounts, Installation Packages, Executive Summary, and Tags Management.

This is the expected behavior:

Licensing API

Company API

Network API

Reports API

Unmanaged endpoints discovered more than 30 days ago will be subject to a removal process in this release.

Unmanaged devices can be discovered by using Relays or on-demand Network Discovery tasks.

Failed tasks displayed the same message that they took more than 48 hours to complete, regardless of the actual reason.

Security fixes.

The Network > Tasks page has a new look and new options for a better user experience. Some highlights:

Tasks in the Network page have now more intuitive and consistent names. For example, Scan has become Malware scan, Install is now Install agent, and Reconfigure client has been renamed to Reconfigure agent.

The new names are also reflected in the Network > Tasks page, under the Task type category.

With this update, the User Activity page displays actions on tasks under the new names. Existing records under old names remain unchanged.

For the complete list of renamed tasks, refer to Changes to task names in GravityZone Cloud Control Center.

When you, as a Partner, assign a task to multiple companies in the Network page, GravityZone creates individual tasks for each company in the Network > Tasks page. In such a case, a sub-task includes only endpoints from one company.

When accessing the Network > Tasks page as a Partner, you view by default all managed companies recursively.

When you, as a Partner, assign a task in the Network page to multiple companies, you can no longer select the parent company, but only its child companies of Customer type.

Now you can see the date when a domain controller was last reported to the Active Directory sensor integration. Find the Last reported field in the integration's details panel.

Now you can delete individual domain controllers from an Active Directory sensor integration.

The Accounts page has been redesigned and restructured. The page now provides an improved overall user account management experience.

You can now choose to receive notifications via email in plain text format. The new option is available for all notification types and you can find it on the Notifications Settings page.

The notifications email subject is now editable. You can customize the subject according to your needs using the new option Set custom email subject when configuring the notification. The option is available for most notification types.

The HyperDetect Activity notification is now enriched with details such as the detection type, user, company, and the command line used.

The Login from New Device notification includes the email address of the account used.

In the Policies > Assignment Rules page, you can now apply policies via location rules only to targets you manage.

From now on, the Targets section is always active when you configure a rule. If you do not specify targets, GravityZone automatically selects all the available entities when saving the rule.

Old rules with no targets specified will continue to function as before until you manually save them again.

When you access Policies > Assignment Rules as a Partner, you now view your company rules instead of a blank page with no company selected.

Accounts API

Network API

Companies API

All Partner companies can now use Patch Management for their managed companies, regardless of their own use licensing settings.

Patch Management features are no longer applicable to companies that have the associated license expired.

The Integrity Monitoring grid now provides better visibility of the actions within its columns.

The Add button has become Create.

All other buttons except Download have been moved under More actions.

The package configuration form also has a new look.

Newly added categories:

Updated categories:

Raw Events now offers support for Linux. The OS type column in the Raw Events grid indicates which fields are available for Linux endpoints.

The Gather logs feature from Network > endpoint details > Troubleshooting tab has been enhanced. You can now select between three new types of logs:

The eXtended Detection and Response sensor integration licensing options have been renamed:

Policy changes to content filtering rules now properly save when adding lookaround assertions in the rule settings. The issue occurred for rules containing body content filters of expression type.

Exclusions configured in Configuration Profiles did not propagate to inherited policies.

Fixed an issue that was preventing the Incident history tab from displaying the analyst's name correctly after changing the incident status.

The other.event_id parameter in the Incidents > Search feature of XDR now returns results when using wildcards.

In some cases, users could not delete finished tasks created by accounts no longer active.

Fixed an issue that caused timezone inconsistencies in the Security Audit Report chart.

Fixed an issue that prevented gathering logs from GravityZone using a network share for Linux and macOS endpoints.

User Activity logs for API key creation are now visible to all users with the necessary rights.

Selecting the Download > Security container action in the Packages page no longer causes the Download Security Container window to freeze while loading.

Security fixes.

Partners can now properly use the createRemoveQuarantineItemTask method to remove an item from quarantine for a client company. Previously, the request would return an Invalid params / At least one specified target is invalid. message.

Fixed compatibility issues between the Active Directory and Security for AWS integrations. Starting with this release, Active Directory is going to be prioritized (for inventory, policy assignments, license flow, etc.).

Users who log in with SAML single sign-on can now access the Investigation Package options without any additional steps.

In certain situations, incidents could not be deleted from the Incidents grid when they went past their retention period, resulting in incidents with no details. The issue is now fixed.

Integrity Monitoring did not display some events for Linux endpoints. The issue is now fixed.

You can now filter endpoints by their GravityZone tags by using the Tags filter.

The Reset filters button is now available in the Live Search page.

You can inspect the database schema and search for available tables and fields using the new side panel.

Improved the Metadata window:

Multiple graphical elements have been modified to offer a better user experience.

In the Network page, you can now create custom tags directly in the Assign custom tags window.

In the Unassign custom tags window, you can remove all custom tags from endpoints at once.

As a Partner, you can control endpoint tags on child companies by using new company columns, filters and selectors in the Network and Tags Management pages.

Each tag in the Tags Management page now includes an inline menu to delete it or to easily create copies and apply them in your company or other companies.

You can review actions taken on tags in each company in the User Activity page.

Non-MSP Partners can now manage endpoint tags on child companies that use a compatible GravityZone product, regardless of their own license. However, Partners need a compatible license to manage tags in their own companies.

For existings GravityZone products that support endpoint tags, refer to the list included in GravityZone November 2022 (version 6.34.0-1) release notes.November 2022 (Version 6.34.0-1)

For the first time, endpoints tags are available to GravityZone Cloud Security for MSP users, for both Endpoint Security and Bitdefender EDR product types.

MSP Partners have access to tags in their own companies with either a license key or monthly subscription. They can also manage tags on child companies provided those companies meet the licensing conditions.

To manage endpoint tags, Customer companies need a compatible license key or, if they use monthly subscription, they also must have the Advanced Threat Security add-on, with at least one of its components (HyperDetect or Sandbox Analyzer) active.

APIs keys are now visible only at the time of creation. Make sure you save all API keys in a safe location and do not share it with anyone.

The productOutdated field has been moved under the Details member for getNetworkInventoryItems API responses.

The Company filter now has two new entries: All directly managed and All recursively. You can use them to view quarantined files from all the companies you directly manage or from all companies to which you have access.

The Clear button was renamed to Reset filters and you can use it to readjust filters to their default values.

The Send a Copy To secondary action is now available for the Replace file with text, Delete file, and Reject/Delete email actions. The settings can be found in the Policies > Exchange protection > Content Control page, under the Attachment filtering section.

Security for Amazon Web Services now supports the following optional regions that can be disabled or enabled from AWS: Cape Town, Hong Kong, Hyderabad, Jakarta, Osaka, Spain, Zurich, United Arab Emirates, Milan.

New event types are now available in Configuration > Raw Events grid. Before enabling them, make sure you first check the Requirements column.

Fixed an issue that prevented the directory path validation from working when users added a custom rule.

Fixed an issue that caused Integrity Monitoring to generate empty reports.

Folders indicated issues (red exclamation mark) when endpoints inside them had the Encryption module disabled.

Fixed an issue causing the GravityZone integration with Microsoft Azure Sentinel to fail.

A partner is now able to delete a pre-existing Network sensor integration for a customer even if the customer has the EDR feature disabled.

The GravityZone console displayed a few incorrect translations on French and German interfaces.

You can now perform a search from the Incidents grid to view all events and alerts related to an incident. Click the vertical ellipsis button at the right end of the grid entry and then the View events and alerts option. You will be redirected to the Search page, filled with the requested events.

You can now trigger a search from the side panel of entities or resources to view all related events and alerts. Click the vertical ellipsis button and then the View events and alerts option. You will be redirected to the Search page, filled with the requested events.

The OS filter is now available for Live Search. You can use it to perform a query for specific endpoints based on their operating system.

Live Search queries will no longer wait for unresponsive endpoints before returning results. This significantly improves query wait time.

The Company filter is now only visible to Partner companies.

When searching for a query, both the name and the syntax are now checked for matches.

Multiple graphical elements have been modified to offer a better user experience.

Information about security risks is now available in the incident Overview > Summary > Root cause section. The text includes links to Endpoint Risk Analytics (ERA), where you can view further details.

The incidents Search function has two new fields, which you can use in queries : email.sender_address and email.sender_name.

The field email.sender, which currently contains the same information, will be deprecated in 90 days.

Remote Shell now supports single sign-on authentication. Once single sign-on is configured, you will be redirected to your company's login page whenever you start a remote shell session.

Improved the communication mechanism between the GravityZone console and endpoints in network-restricted environments. This change requires a firewall rule to be created. The rule should whitelist a new set of web addresses that are used to verify the server certificate revocation and enhance security. For more information, refer to GravityZone (cloud) communication ports.

The Partner Changed notification now clearly indicates if a client company has joined or left your management.

You now receive an explanatory message every time you cannot save a policy due to invalid data in the Sandbox Analyzer > Endpoint Sensor and Integrity Monitoring > Real Time sections.

The License Expires notification now includes the name of the Data Retention Add-on that is soon to expire.

XDR trial users who installed Network sensor will no longer encounter the "Not licensed" error message when switching to a full license.

Security Containers and Security Container hosts no longer incorrectly appear in the Network page as having issues.

Security fixes.

Partners can view their company's incidents and receive incident notifications only if they have manage rights over the company's network.

Partners can view the Custom Rules page of their company only if they have manage rights over the company's network.

Partners can view incidents and receive incident notifications only from the child companies they have access to.

EDR portlets count incidents only from the companies the partners have access to.

In some cases, users could not change the incident Status, Assignee or Priority values. The issue has been fixed, but the fix does not apply retroactively.