To echo what Comghall was saying - this integration is not tested by IBM, therefore not documented by IBM, and thus not supported.
EDIT: Cleaned up the copy/paste.
Original Message:
Sent: Fri May 24, 2024 12:24 AM
From: ishwor shrestha
Subject: Bit Defender Cloud Integration with Cloud
Hi Comghall Morgan,
We have already gone through the documentation. Within the documentation, under section "Subscribe the HTTP Receiver to the GravityZone Event Push API Service" at the end there is line stating to configure event push "To start sending events using GravityZone Event Push API Service, please refer to Event Push". After redirecting, we need to request the parameter where the registration is required and to do so we need some certain script to register the QRadar to the bitdefender so that bitdefender would push the events to QRadar. Please find the attached screenshot for your reference.
Can you please confirm whether we need script to register or not?
![](https://dw1.s81c.com//IMWUC/MessageImages/76b8cea265f14c91a280cb2f0e959e8d.png)
------------------------------
ishwor shrestha
Original Message:
Sent: Tue May 21, 2024 06:34 AM
From: Comghall Morgan
Subject: Bit Defender Cloud Integration with Cloud
Hello Ishwor,
Apologies, I had made a few assumptions from my 1st post.
Ok, so digging more I see that you are using the BitDefender DSM for QRadar app.
https://exchange.xforce.ibmcloud.com/hub/extension/de133797c363c03147a7acd194bf53e2
That as of version 2.0.0 now has added suppoty for GravityZone.
I would point you to updated Documents from BitDefender for GravityZone:
https://www.bitdefender.com/business/support/en/77209-335051-ibm-qradar.html
Regards,
------------------------------
Comghall Morgan
QRadar Support Architect
IBM
Original Message:
Sent: Sun May 19, 2024 11:59 PM
From: ishwor shrestha
Subject: Bit Defender Cloud Integration with Cloud
Hi Comghall,
In HTTP listener, QRadar listens to the log that is forwarded by bit defender gravity zone and to forward, there should be some script to register the QRadar so that bit defender forwards the logs to the QRadar SIEM. The way of API working is different in bit defender gravity zone. The bit defender push the logs once the SIEM registers on it.
Similar documentation is found on other SIEM as well to register. Please refer the documentation:
https://docs.fortinet.com/document/fortisiem/7.1.5/external-systems-configuration-guide/354631/bitdefender-gravityzone
https://www.bitdefender.com/business/support/en/77211-171475-splunk.html
https://docs.stellarcyber.ai/prod-docs/4.3.x/Configure/LogParser/Bitdefender-Log-Ingestion.htm
Can you please revalidate if the script is required to push bit defender gravity zone logs to QRadar SIEM and the antivirus is bit defender gravity zone, not the Microsoft Defender.
Looking forward to hearing from you.
Best Regards,
Ishwor Shrestha
------------------------------
ishwor shrestha
Original Message:
Sent: Thu May 16, 2024 10:30 AM
From: Comghall Morgan
Subject: Bit Defender Cloud Integration with Cloud
Hello,
I am not aware of any such script.
What I do note is that the documents you are following are for QRadar 7.3.3 Patch 6 which is long since EOL.
Please review the protocl doc for Microdift Defender Endpoint API.
https://www.ibm.com/docs/en/dsm?topic=pco-microsoft-defender-endpoint-siem-rest-api-protocol-configuration-options
Though if you have successful tests completing in the QRadar UI and still no events, then please raise a case direct with QRadar Support to help investigate the logs.
They may be able to increase the debug level of the logs as well to capture more information.
Regards,
------------------------------
Comghall Morgan
QRadar Support Architect
IBM
Original Message:
Sent: Thu May 16, 2024 06:48 AM
From: ishwor shrestha
Subject: Bit Defender Cloud Integration with Cloud
Dear Team,
We have tried integrating Bit defender Cloud with IBM QRadar and configured HTTP Listener and all the tests are successful. Bit defender works on push method via API and we have gone through all the documentation published by Bit Defender (IBM QRadar
Bitdefender |
remove preview |
![](https://www.bitdefender.com/business/support/en/image/uuid-793e16ef-b6c2-8e65-4f8d-8b269e901e8f.PNG) |
IBM QRadar |
The article provides information about the GravityZone Cloud integration with IBM QRadar. For the GravityZone On-premises integration, refer to IBM QRadar. This integration provides you with the possibility to better monitor GravityZone events using IBM QRadar. |
View this on Bitdefender > |
|
|
We have researched other SIEM integrations and found all other SIEM have their own script to tell bit defender to push the logs to SIEM (to register with bit defender). Is there any script published by IBM to push the Bit defender logs to QRadar SIEM.
Any help is appreciated.
Best Regards,
Ishwor Shrestha
------------------------------
ishwor shrestha
------------------------------