This guide walks you through creating a Bitdefender GravityZone integration for use with Synqly's EDR Connector.
- Access to a Bitdefender GravityZone Control Center instance.
- An administrator account with permissions to create API keys.
Navigate to your GravityZone Control Center URL (e.g., https://cloud.gravityzone.bitdefender.com) and log in with an administrator account.
- Navigate to My Account → API Keys.
- Click Add to create a new API key.
- Ensure the key has access to the following areas:
| Permission | Purpose |
|---|---|
| Network | Query endpoints, get endpoint details, check task status |
| Incidents / EDR | Query incidents, alerts, manage blocklist, isolate/restore endpoints, update incident notes |
- Copy the generated API key and store it securely. It will not be shown again.
Your Control Center URL is the base address you use to access the GravityZone console. For example:
- Cloud:
https://cloud.gravityzone.bitdefender.com - On-premise:
https://your-gravityzone-server.example.com
Provide the base URL only — do not append /api or any path suffix.
To configure a new Bitdefender GravityZone integration in the Synqly system, provide each of the values as defined below:
| Integration Parameter | Description |
|---|---|
| URL | The base URL of your GravityZone Control Center |
| API Key | The API key generated in Step 2 |
| Operation | Description |
|---|---|
| Query Endpoints | List and search managed endpoints |
| Get Endpoint | Retrieve detailed information for a specific endpoint |
| Query Threat Events | Query endpoint-level EDR incidents |
| Query Alerts | Query organization-level XDR extended incidents |
| Query IOCs | List blocklist entries |
| Create IOCs | Add hash-based entries to the blocklist |
| Delete IOCs | Remove entries from the blocklist |
| Network Quarantine | Isolate or restore endpoints from network isolation |
| Create Threat Note | Add or replace a note on an incident |
- Threat notes replace existing content — the
create_threat_noteoperation replaces the entire incident note rather than appending. - Network quarantine is asynchronous — isolation and restore operations submit tasks that are polled for completion.
- IOC creation is hash-only — only SHA-256 and MD5 hash IOCs are supported via the v1.0 API.
- Limited server-side filtering — Bitdefender supports fewer filter fields than some other EDR providers; additional filtering may be applied client-side.