Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace
app-360000896749.png

BitDefender

BitDefender normalizes BitDefender events. You can further customize the searches to perform in-depth analysis.
Release Details
Version:5.1.0
Release date: April 26, 2024
Supported On: Logpoint v7.4.0 or later for log source template
SHA 256: a961ae317b4dada8b2ef4de6cf5845746f5a98d4362590564c6651211f8a49b1
Download

Package Details

BitDefender components:

  1. Normalization Package
    • LP_BitDefender
  2. Compiled Normalizer
    • BitDefenderCompiledNormalizer

 

 

 

Enhancement

Description

Issue ID Reference ID
Added Syslog Collector based BitDefender log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template.

KB-23288

-

Installation 

To install BitDefender:

  1. Download the .pak file from the Download link above. 
  2. Go to Settings >> System Settings from the navigation bar and click Applications.
  3. Click Import.
  4. Browse to the downloaded .pak file.
  5. Click Upload.

Supported Devices

  • LP_BitDefender for BitDefender GravityZone 5.1.21-460
  • BitDefender Endpoint Security 5.3.20-6642

Log Format

Expected Log Format

Semi-colon separated

Log Samples

<14>Jun 9 08:38:46 CPHBITxxxxx gravityzone: [modules] {"computer_name":"XXXXXXXXXXXXX", "computer_ip":"1.1.1.1", "computer_id":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "product_installed":"EPS", "malware_status":1, "avc_status":0, "ids_status":0, "module":"modules"}

gravityzone: [av] {"computer_name":"server", "computer_fqdn":"server.abc.com", "computer_ip":"1.1.1.0", "computer_id":"xyzfsjf", "product_installed":"BEST", "user":{"id":"x-x-x-5", "name":"xyz@abc.com"}, "malware_type":"file", "malware_name":"Trojan", "file_path":"C:\\Downloads.lnk", "final_status":"deleted", "timestamp":"2017-04-11T03:31:42.000Z", "module":"av"}

<14>Mar 1 09:19:14 bitdef02 gravityzone: [av] {"computer_name":"SERVER01", "computer_fqdn":"SERVER01.DOMAIN.DK", "computer_ip":"10.10.20.20", "computer_id":"57xxxxxxxxxxxxxxxxxxxxxxxxxxxx", "product_installed":"BEST", "user": {"id":"S-1-5-21-456xxxxxx-456xxxxxxx-7567xxxxxxx-12xxxxxx", "name":"USER@DOMAIN.DK"}, "malware_type":"file", "malware_name":"Trojan.xxx.xxxx", "file_path":"D:Downloads.lnk", "final_status":"deleted", "timestamp":"2017-03-01T09:19:12.000Z", "module":"av"}

<14>Jun 8 12:04:09 CPHBITDEF01 gravityzone: [av] {"computer_name":"XXXXXXXXXXXXXX", "computer_ip":"1.1.1.1", "computer_id":"xxxxxxxxxxxxxxxxxxxx", "product_installed":"EPS", "malware_type":"file", "malware_name":"Gen:xxxxx.xxx.1014xxxx", "file_path":"E:\\OKxxxx Oxxxxxxx Mugaxxxx.exe", "final_status":"blocked", "timestamp":"2015-06-08T12:04:03.000Z", "module":"av"}

<14>Nov 4 14:43:02 i01234 logpoint: message repeated 5 times: [lp] {"module":"lp", "product_installed":"BEST", "user": {"id":null,"name":null}, "VM_NAME":"logpoint", "VM_ID":"vm-4575", "UUID_INSTANCE":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", "UUID_BIOS":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXX", "computer_name":"logpoint", "computer_fqdn":"logpoint.com", "computer_ip":"XXX.XXX.XXX.XX", "computer_id":"XXXXXXXXXXXXXXXXXXX", "malware_type":"file", "malware_name":"Test-File (not a virus)", "hash":"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f", "final_status":"deleted", "file_path":"D:\Cisco.txt", "timestamp":"2019-11-04T14:42:48.000Z"}]

To export data to Logpoint, use Syslog collector on port 514 on the Logpoint server.

Past Releases

BitDefender v5.0.1

General Description

The BitDefender application normalizes BitDefender events. You can further customize the searches to perform in-depth analysis.

Release Details

Fields

Details

Name BitDefender
Version 5.0.1
Supported On LogPoint v6.7.0 and later
Release Date 2020-05-14
Document Date 2020-05-14
Download BitDefender_5.0.1.pak
SHA256 ec38ca60ed4dfc5bf8481fcca7001c5244ba66b17ab55786c251abf7ab0638dd

 

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

Installation 

Follow these steps to install the BitDefender v5.0.1 application:

  1. Download the BitDefender package from the Download section above.
  2. Add BitDefender as the required device in LogPoint.
  3. Create a collection policy with the Syslog collector and appropriate processing policy.
  4. Assign the policy to the device.

Supported Devices

The supported devices of BitDefender with LogPoint in this configuration are:

  • LP_BitDefender for BitDefender GravityZone 5.1.21-460
  • BitDefender Endpoint Security 5.3.20-6642

Log Format

Expected Log Format

Semi-colon separated

Log Samples

<14>Jun 9 08:38:46 CPHBITxxxxx gravityzone: [modules] {"computer_name":"XXXXXXXXXXXXX", "computer_ip":"1.1.1.1", "computer_id":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "product_installed":"EPS", "malware_status":1, "avc_status":0, "ids_status":0, "module":"modules"}

gravityzone: [av] {"computer_name":"server", "computer_fqdn":"server.abc.com", "computer_ip":"1.1.1.0", "computer_id":"xyzfsjf", "product_installed":"BEST", "user":{"id":"x-x-x-5", "name":"xyz@abc.com"}, "malware_type":"file", "malware_name":"Trojan", "file_path":"C:\\Downloads.lnk", "final_status":"deleted", "timestamp":"2017-04-11T03:31:42.000Z", "module":"av"}

<14>Mar 1 09:19:14 bitdef02 gravityzone: [av] {"computer_name":"SERVER01", "computer_fqdn":"SERVER01.DOMAIN.DK", "computer_ip":"10.10.20.20", "computer_id":"57xxxxxxxxxxxxxxxxxxxxxxxxxxxx", "product_installed":"BEST", "user": {"id":"S-1-5-21-456xxxxxx-456xxxxxxx-7567xxxxxxx-12xxxxxx", "name":"USER@DOMAIN.DK"}, "malware_type":"file", "malware_name":"Trojan.xxx.xxxx", "file_path":"D:Downloads.lnk", "final_status":"deleted", "timestamp":"2017-03-01T09:19:12.000Z", "module":"av"}

<14>Jun 8 12:04:09 CPHBITDEF01 gravityzone: [av] {"computer_name":"XXXXXXXXXXXXXX", "computer_ip":"1.1.1.1", "computer_id":"xxxxxxxxxxxxxxxxxxxx", "product_installed":"EPS", "malware_type":"file", "malware_name":"Gen:xxxxx.xxx.1014xxxx", "file_path":"E:\\OKxxxx Oxxxxxxx Mugaxxxx.exe", "final_status":"blocked", "timestamp":"2015-06-08T12:04:03.000Z", "module":"av"}

<14>Nov 4 14:43:02 i01234 logpoint: message repeated 5 times: [lp] {"module":"lp", "product_installed":"BEST", "user": {"id":null,"name":null}, "VM_NAME":"logpoint", "VM_ID":"vm-4575", "UUID_INSTANCE":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", "UUID_BIOS":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXX", "computer_name":"logpoint", "computer_fqdn":"logpoint.com", "computer_ip":"XXX.XXX.XXX.XX", "computer_id":"XXXXXXXXXXXXXXXXXXX", "malware_type":"file", "malware_name":"Test-File (not a virus)", "hash":"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f", "final_status":"deleted", "file_path":"D:\Cisco.txt", "timestamp":"2019-11-04T14:42:48.000Z"}]

To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.

BitDefender v3.3.0

Release Details

Fields

Details

Name BitDefender
Version 3.3.0
Supported On LogPoint v6.0.0 to v6.6.6
Release Date 2020-05-14
Document Date 2020-05-14
Download BitDefender_3.3.0.pak
SHA256 35cf8d93da98b1217b69c25a3099007e276c940537649536c9888e35932316fb

Enhancement

A minor update has been done in the application’s normalizer for better signature handling. 

Installation 

Follow these steps to install the BitDefender v3.3.0 application:

  1. Download the BitDefender package from the Download section above.
  2. Add BitDefender as the required device in LogPoint.
  3. Create a collection policy with the Syslog collector and appropriate processing policy.
  4. Assign the policy to the device.

Supported Devices

The supported devices of BitDefender with LogPoint in this configuration are:

  • LP_BitDefender for BitDefender GravityZone 5.1.21-460
  • BitDefender Endpoint Security 5.3.20-6642

Log Format

Expected Log Format

Semi-colon separated

Log Samples

<14>Jun 9 08:38:46 CPHBITxxxxx gravityzone: [modules] {"computer_name":"XXXXXXXXXXXXX","computer_ip":"1.1.1.1","computer_id":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXX","product_installed":"EPS","malware_status":1,"avc_status":0,"ids_status":0,"module":"modules"}

gravityzone: [av] {"computer_name":"server","computer_fqdn":"server.abc.com","computer_ip":"1.1.1.2","computer_id":"xyzfsjf","product_installed":"BEST","user":{"id":"x-x-x-5","name":"xyz@abc.com"},"malware_type":"file","malware_name":"Trojan","file_path":"C:\\Downloads.lnk","final_status":"deleted","timestamp":"2017-04-11T03:31:42.000Z","module":"av"}

<14>Mar 1 09:19:14 bitdef02 gravityzone: [av] {"computer_name":"ABC","computer_fqdn":"ABC.COM","computer_ip":"1.1.1.1","computer_id":"57xxxxxxxxxxxxxxxxxxxxxxxxxxxx","product_installed":"BEST","user": {"id":"S-1-5-21-456xxxxxx-456xxxxxxx-7567xxxxxxx-12xxxxxx","name":"USER@DOMAIN.DK"},"malware_type":"file","malware_name":"Trojan.xxx.xxxx","file_path":"D:Downloads.lnk","final_status":"deleted","timestamp":"2017-03-01T09:19:12.000Z","module":"av"} <14>Jun 8 12:04:09 CPHBITDEF01 gravityzone: [av] {"computer_name":"XXXXXXXXXXXXXX","computer_ip":"1.1.1.1","computer_id":"xxxxxxxxxxxxxxxxxxxx","product_installed":"EPS","malware_type":"file","malware_name":"Gen:xxxxx.xxx.1014xxxx","file_path":"E:\\OKxxxx Oxxxxxxx Mugaxxxx.exe","final_status":"blocked","timestamp":"2015-06-08T12:04:03.000Z","module":"av"}

<14>Nov 4 14:43:02 i01234 logpoint: message repeated 5 times: [lp] {"module":"lp","product_installed":"BEST","user":

{"id":null,"name":null}

,"VM_NAME":"logpoint","VM_ID":"vm-4575","UUID_INSTANCE":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX","UUID_BIOS":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXX","computer_name":"logpoint","computer_fqdn":"logpoint.com","computer_ip":"XXX.XXX.XXX.XX","computer_id":"XXXXXXXXXXXXXXXXXXX","malware_type":"file","malware_name":"Test-File (not a virus)","hash":"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f","final_status":"deleted","file_path":"D:
Cisco.txt","timestamp":"2019-11-04T14:42:48.000Z"}]

To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.


Support

If you have any questions or require assistance, create a support ticket.

Comments

Article is closed for comments.

Follow

Related articles

  • Microsoft Defender ATP
  • BIG-IP
  • CrowdStrike
  • Universal REST API Fetcher
  • BoxAudit
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.