Skip to content

Bitdefender GravityZone EDR Provider Configuration Guide

1. Introduction

This guide walks you through creating a Bitdefender GravityZone integration for use with Synqly's EDR Connector.

2. Prerequisites

  • Access to a Bitdefender GravityZone Control Center instance.
  • An administrator account with permissions to create API keys.

3. Create API credentials

Step 1: Log in to GravityZone Control Center

Navigate to your GravityZone Control Center URL (e.g., https://cloud.gravityzone.bitdefender.com) and log in with an administrator account.

Step 2: Generate an API Key

  • Navigate to My AccountAPI Keys.
  • Click Add to create a new API key.
  • Ensure the key has access to the following areas:
PermissionPurpose
NetworkQuery endpoints, get endpoint details, check task status
Incidents / EDRQuery incidents, alerts, manage blocklist, isolate/restore endpoints, update incident notes
  • Copy the generated API key and store it securely. It will not be shown again.

4. Identify your Control Center URL

Your Control Center URL is the base address you use to access the GravityZone console. For example:

  • Cloud: https://cloud.gravityzone.bitdefender.com
  • On-premise: https://your-gravityzone-server.example.com

Provide the base URL only — do not append /api or any path suffix.

5. Configure the integration

To configure a new Bitdefender GravityZone integration in the Synqly system, provide each of the values as defined below:

Integration ParameterDescription
URLThe base URL of your GravityZone Control Center
API KeyThe API key generated in Step 2

6. Supported Operations

OperationDescription
Query EndpointsList and search managed endpoints
Get EndpointRetrieve detailed information for a specific endpoint
Query Threat EventsQuery endpoint-level EDR incidents
Query AlertsQuery organization-level XDR extended incidents
Query IOCsList blocklist entries
Create IOCsAdd hash-based entries to the blocklist
Delete IOCsRemove entries from the blocklist
Network QuarantineIsolate or restore endpoints from network isolation
Create Threat NoteAdd or replace a note on an incident

7. Known Limitations

  • Threat notes replace existing content — the create_threat_note operation replaces the entire incident note rather than appending.
  • Network quarantine is asynchronous — isolation and restore operations submit tasks that are polled for completion.
  • IOC creation is hash-only — only SHA-256 and MD5 hash IOCs are supported via the v1.0 API.
  • Limited server-side filtering — Bitdefender supports fewer filter fields than some other EDR providers; additional filtering may be applied client-side.