What Changed
Fixed a KQL type conversion error in the Bitdefender GravityZone ASIM AlertEvent parser that was preventing query execution in Log Analytics workspaces.
Parser Impact
The DvcHostname field mapping for network-sandboxing events lacked an explicit tostring() cast, causing the parser function to fail during execution. This is a critical data fidelity gap:
- Before: Parser execution failed completely for network-sandboxing module events — zero data ingested
- After: Network sandboxing events now parse correctly with proper string-typed device hostname field
Per PR discussion: “asim function failing in log analytics workspace query” — affected deployments had complete ingestion failure for this event type since installation.
The fix aligns the network-sandboxing event type with other event types in the same parser (new-incident, ransomware-mitigation, exchange-malware) which already used proper type casting.
Security Impact
Network sandboxing events provide visibility into suspicious file submissions and threat analysis results from Bitdefender’‘’s cloud sandbox. Without this data:
- No visibility into potentially malicious files being analyzed
- Missing threat intelligence from sandboxing verdicts and remediation actions
- Gap in endpoint detection coverage for sandbox-detected threats
This parser handles multiple Bitdefender GravityZone event types including incident alerts, ransomware mitigation, and network sandboxing — the fix specifically restores the network sandboxing event stream.
Affected Files
Parsers/ASimAlertEvent/ARM/ASimAlertEventBitdefenderGravityZone/ASimAlertEventBitdefenderGravityZone.json
Parsers/ASimAlertEvent/Parsers/ASimAlertEventBitdefenderGravityZone.yaml