What Changed

Microsoft Sentinel now supports direct data ingestion from Bitdefender GravityZone enterprise security platform through a new push-based connector solution. The deployment creates a complete data pipeline using Data Collection Rules (DCR), Data Collection Endpoints (DCE), and a custom table for GravityZone security events.

Data Source

Bitdefender GravityZone is an enterprise security platform providing endpoint detection, network protection, and threat intelligence. The connector ingests security events from GravityZone’s API into the custom table GzSecurityEvents_CL.

Ingestion Mechanism

  • Architecture: DCR-based push connector using Azure Data Collection Rules
  • Authentication: Entra ID App Registration with service principal authentication
  • Destination Table: GzSecurityEvents_CL (custom table with company_id, module, data fields)
  • Data Transformation: KQL transform normalizes timestamp fields and structures dynamic data payload

Security Impact (Visibility & Fidelity)

This connector enables direct visibility into GravityZone-protected environments for organizations using Bitdefender’s enterprise security platform. The push-based approach provides real-time security event ingestion without polling delays.

Note: This solution ships without pre-built Analytic Rules or Hunting Queries — detection engineering teams will need to develop custom KQL queries against the GzSecurityEvents_CL table to operationalize this data source.

Detection Surface Unlocked

With GravityZone data now available in Sentinel, SOC teams can correlate Bitdefender endpoint security events with other enterprise security data sources. The dynamic data field contains GravityZone’s native event structure, enabling detection logic around endpoint threats, compliance violations, and security policy enforcement events.

Affected Files

.script/tests/KqlvalidationsTests/CustomTables/GzSecurityEvents_CL.json
.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
Logos/Bitdefender.svg
Solutions/GravityZone/Data Connectors/GravityZone_API.json
Solutions/GravityZone/Data Connectors/azuredeploy_GravityZone_API.json
Solutions/GravityZone/Package/testParameters.json
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_GravityZone.json, createUiDefinition.json, mainTemplate.json)