Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Bitdefender provides anti-virus software, internet security software, endpoint security software, and other cyber security products and services.

Connect with Bitdefender with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for Bitdefender.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. URL: The URL to connect to the Bitdefender.

  9. API Key: The API Key to connect to the Bitdefender.

  10. After you've entered all the details, click Connect.

Actions for Bitdefender

Get Reports List

Retrieves the list of scheduled reports.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Report Name

Enter the value for name of report.

Optional

Report Type

Select the type of report (Default is All).

Optional

Maximum Results

Maximum number of events to return as response to this call (default is 100,000).

Optional

Output

A JSON object containing following items:

...

Code Block
## Download Report by ID

Downloads the report by ID.

### Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

| Input Name                                           | Description                                                                                                                                                | Required |
| :--------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------- | :------- |
| Report Name                                          | [Jinja-templated](doc:jinja-template) text containing the id of report.                                                                                    | Required |
| Instance URL Type                                    | Select type of instance url (Default is `Last Instance URL`).                                                                                              | Optional |
| File Type                                            | Select type of file to download (Default is both CSV and PDF).                                                                                             | Optional |
| Automatically Parse CSV Files                        | Select the value to automatically parse CSV files (Default is True).                                                                                       | Optional |
| Header Names                                         | If a CSV file will not have headers, provide a comma-separated list of headers to use (Default is File Headers).                                           | Optional |
| Columns to Keep                                      | If you only need specific columns, provide a comma-separated list of column names, and the rest will be dropped from the results (Default is All Columns). | Optional |
| Automatically Stripping Out All Non-ascii Characters | Select the value to automatically stripping out all non-ascii characters (Default is False).                                                               | Optional |

### Output

JSON containing following items:

- has_error: True/False
- error: message/null
- result: File Details.


``` {json}{
  "result": {
    "csv": {
      "lhub_file_id": "8e7902669baa74c5435ea9e68.csv",
      "original_file_name": "Activity Report-2020-02-04 02-09-08.csv"
    },
    "pdf": {
      "lhub_file_id": "85cb9f94fefbe96a7a52d7b7a15.pdf",
      "original_file_name": " Activity Report-2020-02-04 02-09-08.pdf"
    }
  },
  "error": null,
  "has_error": false
}

Download Report by Name

Downloads the report by name.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Report Name

Jinja-templated text containing the name of report.

Required

Instance URL Type

Select type of instance url (Default is Last Instance URL).

Optional

File Type

Select type of file to download (Default is both CSV and PDF).

Optional

Automatically Parse CSV Files

Select the value to automatically parse CSV files (Default is True).

Optional

Header Names

If a CSV file will not have headers, provide a comma-separated list of headers to use (Default is File Headers).

Optional

Columns to Keep

If you only need specific columns, provide a comma-separated list of column names, and the rest will be dropped from the results (Default is All Columns).

Optional

Automatically Stripping Out All Non-ascii Characters

Select the value to automatically stripping out all non-ascii characters (Default is False).

Optional

Output

A JSON object containing multiple rows of result:

...

Code Block
## Get Quarantine List

Retrieves the quarantine list from the instance.

### Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

| Input Name      | Description                                                                                                                                                                             | Required |
| :-------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------- |
| Service Name    | Select the name of the service (Default is `Computers and Virtual Machines`).                                                                                                           | Optional |
| Endpoint ID     | Select column that contains the ID of the computer for which you want to retrieve the quarantined items. If not passed, the action returns the items quarantined in the entire network. | Optional |
| Filters         | Jinja Template for filters to be used when querying the quarantine items list. Example `{"threatName":"{{threat_column_name}}"}`.                                                       | Optional |
| Maximum Results | Maximum number of events to return as a response to this call (default is 100,000).                                                                                                     | Optional |

### Output

A JSON object containing multiple rows of result:

- has_error: True/False
- error: message/null
- result: Quarantine List


``` {json}{
  "actionStatus": 0,
  "canBeRemoved": true,
  "canBeRestored": true,
  "companyId": "5ca593a8765368039301e156",
  "details": {
    "filePath": "/samples/classic/c100.php"
  },
  "endpointIP": "192.168.2.34",
  "endpointId": "",
  "endpointName": "ep_OS",
  "error": null,
  "has_error": false,
  "id": "5cb4ff789817c004cf6e3df3",
  "quarantinedOn": "2019-04-19T03:36:45",
  "threatName": "Backdoor.PHP.AMB"
}

Create Scan Task

This method creates a new scan task.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

...

Info

To get Target ID and Mac ID please use inspect element feature of google chrome.

...

Output

A JSON object containing multiple rows of result:

...

Code Block
## Create Scan Task By MAC

Use this method to generate a scan task for managed endpoints identified by their MAC address.

### Input Field

| Input Name           | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | Required |
| :------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------- |
| MAC Addresses        | Jinja-templated query containing comma separated list of MAC addresses of the endpoints to be scanned. You can specify at most 100 MAC addresses at once.                                                                                                                                                                                                                                                                                                                                                                            | Required |
| Name                 | Jinja-templated text for name of the task.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | Optional |
| Type                 | Select option for type. (Default is Full Scan).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | Optional |
| Custom Scan Settings | Jinja-templated query containing custom scan settings containing information such as scan depth and scan path(s). This should be set only when 'Type' parameter has value '4 - Custom Scan'. When set for other types, the values will be ignored. Parameter $customScanSettings must contain the following properties: int $scanDepth The scan profile. Available options: 1- aggressive; 2-normal; 3- permissive;, and array $scanPath The list of target paths to be scanned. Example: {"scanDepth":1,"scanPath":["LocalDrives"]} | Required |

### Output

A JSON object containing multiple rows of result:

- has_error: True/False
- error: message/null
- result: True/False


``` {json}{
  "result": {
    "id": "787b5e36-89a8-4353-88b9-6b7a32e9c87g",
    "jsonrpc": "2.0",
    "result": true
  },
  "error": null,
  "has_error": false
}

Get Scan Tasks List

This method returns the list of scan tasks.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Name

Jinja-templated query containing name of the task. Filter the list of tasks by task name. Use the asterisk symbol(*) in front of the keyword to search its appearance anywhere in the name. If omitted, only results where the name starts with the keyword will be returned.

Required

Status

Select option for status. (Default is All).

Optional

Maximum Results

Maximum number of events to return as response to this call (default is 100,000).

Optional

Output

A JSON object containing multiple rows of result:

...

{json}{ "error": null, "has_error": false, "id": "601ad4557481acf63696a", "name": "Task1", "startDate": "2020-02-03T10:50:29", "status": 1 }

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem

...