⚠️ GravityZone Data Connector
⚠️ Unpublished: This item is from a solution that is not yet published on Azure Marketplace or not installed in Content Hub.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | GravityZoneDataConnector |
| Publisher | Bitdefender |
| Used in Solutions | GravityZone |
| Collection Method | Unknown (Custom Log) |
| Connector Definition Files | GravityZone_API.json |
This connector enables integration between Bitdefender GravityZone and Microsoft Sentinel through the Event Push Service API. Once configured, it streams all GravityZone event types directly into your Microsoft Sentinel workspace, where they are stored as logs in the GzSecurityEvents_CL table.
Key event categories such as EDR, XDR, ransomware mitigation, network sandboxing, and Exchange malware events can be automatically correlated and generate incidents through the NRT GravityZone Incident Alerts analytics rule.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
GzSecurityEvents_CL |
? | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): read and write permissions on the workspace are required. - Data Collection Rule (ResourceGroup): read and write permissions to create data collection rules are required. - Data Collection Endpoint (ResourceGroup): read and write permissions to create data collection endpoints are required.
Custom Permissions: - Azure App Registration: Microsoft Entra App Registration with the following details retained Directory (Tenant) ID, Application (Client) ID, Managed Service Principal Object ID (from the Enterprise Applications entry of the app), Client Secret (generated under Certificates & secrets). - GravityZone Cloud Account: A GravityZone Cloud account with a generated API key for the Event Push Service endpoint. - Read our guide: Follow this step-by-step article to set up the integration. Customers | Partners
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
- Click the Deploy to Azure button below and fill in the required parameters.
-
Collect the Logs Ingestion URL from
gz-sentinel-dceData Collection Endpoint -
Collect the Immutable ID from
gz-sentinel-dcrData Collection Rule -
Go to your GravityZone Cloud account and navigate to My Account. Create an API key with Event Push Service permissions.
-
Configure your Event Push Service settings using this article. Customers | Partners.
Please note that after the successful deployment of the Data Connector & successful setup of GravityZone's Event Push Service, the system will receive Activity Log data in near-real-time. A short delay may occur between data transmission and its appearance in the Microsoft Sentinel Logs section.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊