BitDefender
BitDefender normalizes BitDefender events. You can further customize the searches to perform in-depth analysis.Package Details
BitDefender components:
-
Normalization Package
- LP_BitDefender
-
Compiled Normalizer
- BitDefenderCompiledNormalizer
Enhancement
|
Description |
Issue ID | Reference ID |
|---|---|---|
| Added Syslog Collector based BitDefender log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template. |
KB-23288 |
- |
Installation
To install BitDefender:
- Download the .pak file from the Download link above.
- Go to Settings >> System Settings from the navigation bar and click Applications.
- Click Import.
- Browse to the downloaded .pak file.
- Click Upload.
Supported Devices
- LP_BitDefender for BitDefender GravityZone 5.1.21-460
- BitDefender Endpoint Security 5.3.20-6642
Log Format
Expected Log Format
Semi-colon separated
Log Samples
<14>Jun 9 08:38:46 CPHBITxxxxx gravityzone: [modules] {"computer_name":"XXXXXXXXXXXXX", "computer_ip":"1.1.1.1", "computer_id":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "product_installed":"EPS", "malware_status":1, "avc_status":0, "ids_status":0, "module":"modules"}
gravityzone: [av] {"computer_name":"server", "computer_fqdn":"server.abc.com", "computer_ip":"1.1.1.0", "computer_id":"xyzfsjf", "product_installed":"BEST", "user":{"id":"x-x-x-5", "name":"xyz@abc.com"}, "malware_type":"file", "malware_name":"Trojan", "file_path":"C:\\Downloads.lnk", "final_status":"deleted", "timestamp":"2017-04-11T03:31:42.000Z", "module":"av"}
<14>Mar 1 09:19:14 bitdef02 gravityzone: [av] {"computer_name":"SERVER01", "computer_fqdn":"SERVER01.DOMAIN.DK", "computer_ip":"10.10.20.20", "computer_id":"57xxxxxxxxxxxxxxxxxxxxxxxxxxxx", "product_installed":"BEST", "user": {"id":"S-1-5-21-456xxxxxx-456xxxxxxx-7567xxxxxxx-12xxxxxx", "name":"USER@DOMAIN.DK"}, "malware_type":"file", "malware_name":"Trojan.xxx.xxxx", "file_path":"D:Downloads.lnk", "final_status":"deleted", "timestamp":"2017-03-01T09:19:12.000Z", "module":"av"}
<14>Jun 8 12:04:09 CPHBITDEF01 gravityzone: [av] {"computer_name":"XXXXXXXXXXXXXX", "computer_ip":"1.1.1.1", "computer_id":"xxxxxxxxxxxxxxxxxxxx", "product_installed":"EPS", "malware_type":"file", "malware_name":"Gen:xxxxx.xxx.1014xxxx", "file_path":"E:\\OKxxxx Oxxxxxxx Mugaxxxx.exe", "final_status":"blocked", "timestamp":"2015-06-08T12:04:03.000Z", "module":"av"}
<14>Nov 4 14:43:02 i01234 logpoint: message repeated 5 times: [lp] {"module":"lp", "product_installed":"BEST", "user": {"id":null,"name":null}, "VM_NAME":"logpoint", "VM_ID":"vm-4575", "UUID_INSTANCE":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", "UUID_BIOS":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXX", "computer_name":"logpoint", "computer_fqdn":"logpoint.com", "computer_ip":"XXX.XXX.XXX.XX", "computer_id":"XXXXXXXXXXXXXXXXXXX", "malware_type":"file", "malware_name":"Test-File (not a virus)", "hash":"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f", "final_status":"deleted", "file_path":"D:\Cisco.txt", "timestamp":"2019-11-04T14:42:48.000Z"}]
To export data to Logpoint, use Syslog collector on port 514 on the Logpoint server.
Past Releases
BitDefender v5.0.1
General Description
The BitDefender application normalizes BitDefender events. You can further customize the searches to perform in-depth analysis.
Release Details
|
Fields |
Details |
|---|---|
| Name | BitDefender |
| Version | 5.0.1 |
| Supported On | LogPoint v6.7.0 and later |
| Release Date | 2020-05-14 |
| Document Date | 2020-05-14 |
| Download | BitDefender_5.0.1.pak |
| SHA256 | ec38ca60ed4dfc5bf8481fcca7001c5244ba66b17ab55786c251abf7ab0638dd |
Enhancement
A minor update has been done in the application’s normalizer for better signature handling.
Installation
Follow these steps to install the BitDefender v5.0.1 application:
- Download the BitDefender package from the Download section above.
- Add BitDefender as the required device in LogPoint.
- Create a collection policy with the Syslog collector and appropriate processing policy.
- Assign the policy to the device.
Supported Devices
The supported devices of BitDefender with LogPoint in this configuration are:
- LP_BitDefender for BitDefender GravityZone 5.1.21-460
- BitDefender Endpoint Security 5.3.20-6642
Log Format
Expected Log Format
Semi-colon separated
Log Samples
<14>Jun 9 08:38:46 CPHBITxxxxx gravityzone: [modules] {"computer_name":"XXXXXXXXXXXXX", "computer_ip":"1.1.1.1", "computer_id":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "product_installed":"EPS", "malware_status":1, "avc_status":0, "ids_status":0, "module":"modules"}
gravityzone: [av] {"computer_name":"server", "computer_fqdn":"server.abc.com", "computer_ip":"1.1.1.0", "computer_id":"xyzfsjf", "product_installed":"BEST", "user":{"id":"x-x-x-5", "name":"xyz@abc.com"}, "malware_type":"file", "malware_name":"Trojan", "file_path":"C:\\Downloads.lnk", "final_status":"deleted", "timestamp":"2017-04-11T03:31:42.000Z", "module":"av"}
<14>Mar 1 09:19:14 bitdef02 gravityzone: [av] {"computer_name":"SERVER01", "computer_fqdn":"SERVER01.DOMAIN.DK", "computer_ip":"10.10.20.20", "computer_id":"57xxxxxxxxxxxxxxxxxxxxxxxxxxxx", "product_installed":"BEST", "user": {"id":"S-1-5-21-456xxxxxx-456xxxxxxx-7567xxxxxxx-12xxxxxx", "name":"USER@DOMAIN.DK"}, "malware_type":"file", "malware_name":"Trojan.xxx.xxxx", "file_path":"D:Downloads.lnk", "final_status":"deleted", "timestamp":"2017-03-01T09:19:12.000Z", "module":"av"}
<14>Jun 8 12:04:09 CPHBITDEF01 gravityzone: [av] {"computer_name":"XXXXXXXXXXXXXX", "computer_ip":"1.1.1.1", "computer_id":"xxxxxxxxxxxxxxxxxxxx", "product_installed":"EPS", "malware_type":"file", "malware_name":"Gen:xxxxx.xxx.1014xxxx", "file_path":"E:\\OKxxxx Oxxxxxxx Mugaxxxx.exe", "final_status":"blocked", "timestamp":"2015-06-08T12:04:03.000Z", "module":"av"}
<14>Nov 4 14:43:02 i01234 logpoint: message repeated 5 times: [lp] {"module":"lp", "product_installed":"BEST", "user": {"id":null,"name":null}, "VM_NAME":"logpoint", "VM_ID":"vm-4575", "UUID_INSTANCE":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", "UUID_BIOS":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXX", "computer_name":"logpoint", "computer_fqdn":"logpoint.com", "computer_ip":"XXX.XXX.XXX.XX", "computer_id":"XXXXXXXXXXXXXXXXXXX", "malware_type":"file", "malware_name":"Test-File (not a virus)", "hash":"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f", "final_status":"deleted", "file_path":"D:\Cisco.txt", "timestamp":"2019-11-04T14:42:48.000Z"}]
To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.
BitDefender v3.3.0
Release Details
|
Fields |
Details |
|---|---|
| Name | BitDefender |
| Version | 3.3.0 |
| Supported On | LogPoint v6.0.0 to v6.6.6 |
| Release Date | 2020-05-14 |
| Document Date | 2020-05-14 |
| Download | BitDefender_3.3.0.pak |
| SHA256 | 35cf8d93da98b1217b69c25a3099007e276c940537649536c9888e35932316fb |
Enhancement
A minor update has been done in the application’s normalizer for better signature handling.
Installation
Follow these steps to install the BitDefender v3.3.0 application:
- Download the BitDefender package from the Download section above.
- Add BitDefender as the required device in LogPoint.
- Create a collection policy with the Syslog collector and appropriate processing policy.
- Assign the policy to the device.
Supported Devices
The supported devices of BitDefender with LogPoint in this configuration are:
- LP_BitDefender for BitDefender GravityZone 5.1.21-460
- BitDefender Endpoint Security 5.3.20-6642
Log Format
Expected Log Format
Semi-colon separated
Log Samples
<14>Jun 9 08:38:46 CPHBITxxxxx gravityzone: [modules] {"computer_name":"XXXXXXXXXXXXX","computer_ip":"1.1.1.1","computer_id":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXX","product_installed":"EPS","malware_status":1,"avc_status":0,"ids_status":0,"module":"modules"}
gravityzone: [av] {"computer_name":"server","computer_fqdn":"server.abc.com","computer_ip":"1.1.1.2","computer_id":"xyzfsjf","product_installed":"BEST","user":{"id":"x-x-x-5","name":"xyz@abc.com"},"malware_type":"file","malware_name":"Trojan","file_path":"C:\\Downloads.lnk","final_status":"deleted","timestamp":"2017-04-11T03:31:42.000Z","module":"av"}
<14>Mar 1 09:19:14 bitdef02 gravityzone: [av] {"computer_name":"ABC","computer_fqdn":"ABC.COM","computer_ip":"1.1.1.1","computer_id":"57xxxxxxxxxxxxxxxxxxxxxxxxxxxx","product_installed":"BEST","user": {"id":"S-1-5-21-456xxxxxx-456xxxxxxx-7567xxxxxxx-12xxxxxx","name":"USER@DOMAIN.DK"},"malware_type":"file","malware_name":"Trojan.xxx.xxxx","file_path":"D:Downloads.lnk","final_status":"deleted","timestamp":"2017-03-01T09:19:12.000Z","module":"av"} <14>Jun 8 12:04:09 CPHBITDEF01 gravityzone: [av] {"computer_name":"XXXXXXXXXXXXXX","computer_ip":"1.1.1.1","computer_id":"xxxxxxxxxxxxxxxxxxxx","product_installed":"EPS","malware_type":"file","malware_name":"Gen:xxxxx.xxx.1014xxxx","file_path":"E:\\OKxxxx Oxxxxxxx Mugaxxxx.exe","final_status":"blocked","timestamp":"2015-06-08T12:04:03.000Z","module":"av"}
<14>Nov 4 14:43:02 i01234 logpoint: message repeated 5 times: [lp] {"module":"lp","product_installed":"BEST","user":
{"id":null,"name":null}
,"VM_NAME":"logpoint","VM_ID":"vm-4575","UUID_INSTANCE":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX","UUID_BIOS":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXX","computer_name":"logpoint","computer_fqdn":"logpoint.com","computer_ip":"XXX.XXX.XXX.XX","computer_id":"XXXXXXXXXXXXXXXXXXX","malware_type":"file","malware_name":"Test-File (not a virus)","hash":"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f","final_status":"deleted","file_path":"D:
Cisco.txt","timestamp":"2019-11-04T14:42:48.000Z"}]
To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.
Support
If you have any questions or require assistance, create a support ticket.
Comments
Article is closed for comments.