Skip to main content

Best practices

Creating custom MAC address pools in Hyper-V

This section describes how to create custom MAC address pools in Hyper-V.

Using Hyper-V Dynamic MAC Address Regeneration can change the MAC address of a virtual machine which can lead to duplicate machines in the Control Center.

To avoid this issue, a custom MAC address pool can be created by following these steps:

  1. Open the Fabric workspace.

  2. On the Fabric pane, select Networking and click on MAC Address Pools.

  3. On the Home tab, click on Fabric Resources.

  4. On the Home tab, Create group, click on Create MAC Pool.

  5. In Name and Host Group, populate the fields and click Next.

  6. In MAC Address Range, specify the beginning and ending MAC address.

  7. On the Summary page, confirm the settings and click Finish. Close the dialog box, after the status has changed to Completed.

Understanding network discovery

GravityZone uses automatic and manual network discovery to identify endpoints in your network, including those in workgroups or domains, across Windows, Linux, and macOS platforms.

On Windows, network discovery relies on sources such as Function Discovery and Active Directory, when the endpoint is joined to a domain.

On Linux, network discovery relies on the ARP protocol to discover entities in a Local Area Network and on port scanning to reliably identify machines.

Note

Domain-joined Linux systems do not use Active Directory as a source of information.

By contrast, macOS systems do no actively participate in network discovery, but they allow to be identified.

To enable automatic network discovery, Bitdefender Endpoint Security Tools (BEST) Relay must be already installed on at least one Windows or Linux endpoint in the network. That endpoint must have a policy applied with the Automatic discovery of new endpoints option selected under General > Relay > Communication.

This Relay will scan the network every 4 hours.

policy_relay_automatic_network_discovery_68628_en.png

In addition to automatic discovery, you can also perform manual network discovery:

  1. Go to the Network page and select any managed Windows or Linux endpoint in the inventory. In this case, BEST does not necessarily require the Relay role.

  2. Open the Actions menu or right-click the endpoint and select Run network discovery.

    The task may take a few minutes to complete. When finished, any new endpoints will be added to the inventory.

    You can monitor the task's progress on the Network > Tasks page.

network_run_network_discovery_68628_en.png

Note

macOS endpoints cannot act as Relays and do not perform network scanning.

For more information about the network discovery flows and requirements, refer to Install security agents - standard procedure > How network discovery works.

Identifying Linux endpoints joined in Active Directory

This section describes how you can view Linux endpoints joined in Active Directory in the proper domain tree and not in Custom Groups.

Bitdefender GravityZone integrates with multiple Microsoft Active Directory (AD) domains, provided you use this network management system in your network. Through AD integration, the existing AD inventory is imported into Control Center, thus simplifying security deployment, management, monitoring and reporting.

While GravityZone automatically recognizes Windows endpoints in Active Directory, for Linux endpoints you must perform a couple of operations.

Prerequisite

BEST, the Bitdefender security agent, must be installed on endpoints.

Identifying Linux endpoints in Active Directory

To properly identify Linux endpoints that are part of an Active Directory domain, follow these steps:

  1. Download the ldbsearch tool. This tool is used to retrieve accurate domain information.

  2. On each of your Linux endpoints in AD:

    1. Update the repositories.

    2. Install the ldbsearch tool.

    3. Restart BEST services and acquire domain information.

    For example, on Ubuntu run the following commands (via SSH TTY or in a BASH script):

    # sudo apt-get update
    # sudo apt-get install ldb-tools
    # sudo bd restart

    For other Linux distributions, please check the link exposed above.

As a result, BEST sends the information to Control Center and the endpoint will be dispatched as being part of an AD domain.

You can find the Linux endpoints detected in AD under the specific domain tree in the Network page of Control Center, using the Computers and Virtual Machines view.

Managing endpoints outside the company's network

The purpose of this section is to guide GravityZone (On-Premises) administrators to manage endpoints outside the company network.

Configure a port forwarding rule

In the default GravityZone setup, you can manage the endpoints only when they are directly connected to the corporate network.

To manage BEST over the Internet, you need to configure port forwarding on the corporate gateway for the appliance running the Endpoint Communication Server and Endpoint Events Processing Server roles. Consequently translating the public IP address and port 8443 to GravityZone's communication server appliance IP.

Install Bitdefender Endpoint Security Tools (BEST)

You can deploy Bitdefender Endpoint Security Tools on an endpoint:

  • Locally, by running an installation package.

  • Remotely, by running an installation task from the GravityZone Control Center.

For more information, refer to Install security agents - standard procedure.

Create and assign a custom policy

Endpoints are initially assigned with the default policy. You need to create and assign a specific policy for endpoints located outside the corporate network.

To create a custom policy for this scenario follow these steps:

  1. Log in to GravityZone Control Center.

  2. Go to the Policies page from the left side menu.

  3. Click the Add button at the upper side of the table to create a new policy.

  4. Choose a suggestive name for the policy and enter it in the General > Details section of the policy.

  5. Go to General > Communication section.

  6. In the Endpoint Communication Assignment table choose the communication server appliance for which you have configured port forwarding, from the Name drop-down menu.

  7. Replace the value displayed in the Custom Name/IP field with the public IP address of the communication server appliance.

  8. Click the Add button at the right side of the table to assign the communication server appliance.

    11555_1.jpg
  9. In the Update section, check that the check box Use upgrade.bitdefender.com as fallback location is selected.

  10. Configure other policy settings according to your needs. For details, refer to the Policy setup.

  11. Save the policy.

Endpoints inside the company’s network receive updates from the GravityZone Update Server. In the Update policy section, the Use upgrade.bitdefender.com as fallback location check box is selected by default. If the update locations are unavailable, the fallback location will be used.

11555_4.png

If the endpoint is located outside the network, the operation will fail and the endpoint will use the public IP address instead.

To assign the policy:

  1. Log in to GravityZone Control Center.

  2. Go to the Network page from the left side menu.

  3. Select Computers and Virtual Machines from the views selector.

  4. Select the endpoints which go outside the company premises.

  5. Click the Assign Policy button at the upper side of the table. Alternatively, you can right-click the selection and use the contextual menu to assign the policy.

  6. Choose your policy from the drop-down menu.

  7. Click Finish to save and apply changes.

Using smart views in Network

Smart Views allow you to create persistent, filtered views of network inventory data based on selected parameters. These views can be saved for reuse, eliminating the need to manually reapply filters each time.

You can update existing views, save new ones, and organize them for quick access using the Saved and Favorites sections. The search function supports partial name matching to help locate specific views quickly, though wildcard characters are not supported.

This feature is useful for maintaining visibility into specific subsets of endpoints or configurations in complex environments.

Smart views are displayed in the left-side panel on the Network page, under the tree view.

To create a customized smart view, follow these steps:

  1. In the table, select the filters you need, then click Apply on each one to activate them. For example, filter by: Entity type, Security issues, Role, Endpoint type and Management status.

    Network_smart_views_filters.png

    Note

    Any change brought to a specific smart view allows you to save, overwriting the existing view excepting default views, or save as which offers you the possibility to save a new custom view.

  2. To view data based on a specific column, click on open_settings_columns.png  Settings. This will show all the columns available.

    Network_all_columns.png
  3. Once the table updates with the filtered data, click Save as in the top right of the page.

    Network_smart_views_save-as.png
  4. Enter a clear name for the view — e.g., “My smart view”.

    Network_smart_views_save_view.png
  5. Save your view. Your view will be visible on the left side panel, in the Saved category.

    Network_smart_views.png

Note

If you want to overwrite certain settings created on a specific smart view, click Save in the top right of the page.

The search in Smart views is dynamic, meaning that you can search for an item only by typing any string of characters contained in its name. For example, type gen or era to find a smart view named General view.

Network_smart_views_search.png

Note

Search in Smart views does not support wildcards.

Smart views can be found under the Tree view in the Saved section.

Finding endpoints with active security issues using smart views

To identify all endpoints in your network that are currently having security issues and prioritize them for investigation or remediation, follow these steps:

  1. Use the smart views located in the left-side panel under the tree view.

  2. Under Saved, in the Security issues category, select the With security issues smart view.

    smart_views_issues.png

    All entities having security issues are now shown in the network table.

    Note

    Creating a view with the entire root structure is not recommended. The data may be extensive depending on the number of entities, so it might take time to populate the table.

  3. To drill down further, use the filters and select the specific entity type you're interested in, such as "Virtual machines".

    Filters_vm.png
  4. Click Apply to update the table with filtered results.

  5. Once the table updates with the filtered data, click Save as in the top right of the page.

    Network_smart_views_save-as.png
  6. Enter a clear name for the view, for example “Windows machines with security issues”.

    Save_as_smart_view_vm.png