# Bitdefender GravityZone EDR Provider Configuration Guide

## 1. Introduction

This guide walks you through creating a Bitdefender GravityZone integration for use with Synqly's EDR Connector.

## 2. Prerequisites

- Access to a Bitdefender GravityZone Control Center instance.
- An administrator account with permissions to create API keys.


## 3. Create API credentials

### Step 1: Log in to GravityZone Control Center

Navigate to your GravityZone Control Center URL (e.g., `https://cloud.gravityzone.bitdefender.com`) and log in with an administrator account.

### Step 2: Generate an API Key

- Navigate to **My Account** → **API Keys**.
- Click **Add** to create a new API key.
- Ensure the key has access to the following areas:


| Permission | Purpose |
|  --- | --- |
| **Network** | Query endpoints, get endpoint details, check task status |
| **Incidents / EDR** | Query incidents, alerts, manage blocklist, isolate/restore endpoints, update incident notes |


- Copy the generated API key and store it securely. It will not be shown again.


## 4. Identify your Control Center URL

Your Control Center URL is the base address you use to access the GravityZone console. For example:

- Cloud: `https://cloud.gravityzone.bitdefender.com`
- On-premise: `https://your-gravityzone-server.example.com`


Provide the base URL only — do not append `/api` or any path suffix.

## 5. Configure the integration

To configure a new Bitdefender GravityZone integration in the Synqly system, provide each of the values as defined below:

| Integration Parameter | Description |
|  --- | --- |
| URL | The base URL of your GravityZone Control Center |
| API Key | The API key generated in Step 2 |


## 6. Supported Operations

| Operation | Description |
|  --- | --- |
| Query Endpoints | List and search managed endpoints |
| Get Endpoint | Retrieve detailed information for a specific endpoint |
| Query Threat Events | Query endpoint-level EDR incidents |
| Query Alerts | Query organization-level XDR extended incidents |
| Query IOCs | List blocklist entries |
| Create IOCs | Add hash-based entries to the blocklist |
| Delete IOCs | Remove entries from the blocklist |
| Network Quarantine | Isolate or restore endpoints from network isolation |
| Create Threat Note | Add or replace a note on an incident |


## 7. Known Limitations

- **Threat notes replace existing content** — the `create_threat_note` operation replaces the entire incident note rather than appending.
- **Network quarantine is asynchronous** — isolation and restore operations submit tasks that are polled for completion.
- **IOC creation is hash-only** — only SHA-256 and MD5 hash IOCs are supported via the v1.0 API.
- **Limited server-side filtering** — Bitdefender supports fewer filter fields than some other EDR providers; additional filtering may be applied client-side.