...
Update the following command with correct details (i.e., bitdefender-api-host, BitDefenderGZ_Base64_Token, Firewall-Public-IP, and CCE_Authorization_Basic_Token) and execute it on CCE host to configure http listener details from Bitdefender GravityZone side -
Code Block language bash curl -k -X POST \ https://bitdefender-api-host/api/v1.0/jsonrpc/push \ -H 'authorization: Basic BitDefenderGZ_Base64_Token' \ -H 'cache-control: no-cache' \ -H 'content-type: application/json' \ -d '{"params": {"status": 1, "serviceType": "cef", "serviceSettings": {"url": "https://Firewall-Public-IP:63514/api/bitdefender", "authorization": "Basic CCE_Authorization_Basic_Token", "requireValidSslCertificate": false}, "subscribeToEventTypes": {"hwid-change": true, "modules": true, "sva": true, "registration": true, "supa-update-status": true, "av": true, "aph": true, "fw": true, "avc": true, "uc": true, "dp": true, "device-control": true, "sva-load": true, "task-status": true, "exchange-malware": true, "network-sandboxing": true, "malware-outbreak": true, "adcloud": true, "exchange-user-credentials": true, "exchange-organization-info": true, "hd": true, "antiexploit": true} }, "jsonrpc": "2.0", "method": "setPushEventSettings", "id": "1"}' | jq
If configuration done successfully you can get JSON response as example shown in below SS
To view the configuration, update the following command with correct details (i.e., bitdefender-api-host and BitDefenderGZ_Base64_Token) and run the following command you may see details in JSON -
Code Block language bash curl -k -X POST https://bitdefender-api-host/api/v1.0/jsonrpc/push -H 'authorization: Basic BitDefenderGZ_Base64_Token' -H 'cache-control: no-cache' -H 'content-type: application/json' -d '{"params": {}, "jsonrpc": "2.0", "method": "getPushEventSettings", "id": "2"}' | jq
Once configuration done successfully then you may start getting logs.
Verify on Logs/Flow Screen (as
tag: bitdefendergz
) or on Deep Tracker (asSource_data_type: Bitdefender GravityZone
)