Page Comparison

Table of Contents

maxLevel	2
type	flat

Introduction

The tags beginning with endpoint.bitdefender identify events generated by Bitdefender.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed asendpoint.bitdefender. The third level identifies the type of events sent, and the fourth level indicates the event subtype.

...

Technology

...

Brand

...

Type

...

Subtype

...

endpoint

...

bitdefender

agent

...

alert

...

detection

...

modify_value

...

network_connection

...

file_modify

...

log_out

...

log_on

...

rca_insight_event

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag

Data table
Product / Service
Tags
Data tables
Bitdefender
endpoint.bitdefender.agent
endpoint.bitdefender.agent
endpoint.bitdefender.agent.active_host
endpoint.bitdefender.agent.active_host
endpoint.bitdefender.agent.alert
endpoint.bitdefender.agent.alert
endpoint.bitdefender.agent.connection_connect
endpoint.bitdefender.agent.connection_connect
endpoint.bitdefender.agent.ctc_raw_process_create
process_create
rca_insight
filescan_detection
terminate_process
file_delete
file_read
file_create
file_move
connection_connec
tinterface_change
user_logout
process_signa
linterface_added
process_create_fork
reg_delete_key
service_added
user_session_list
process_create_execve
user_account_settings_change
reg_delete_value
reg_modify_value
network_interfaces
gravityzone
product_modules_status

These are the valid tags and corresponding data tables that will receive the parsers' data:

`endpoint.bitdefender.agent.ctc_raw_process_create`
`endpoint.bitdefender.detection`	`endpoint.bitdefender.detection`
`endpoint.bitdefender.agent.external_notification_on_process`	`endpoint.bitdefender.agent.external_notification_on_process`
`endpoint.bitdefender.agent.`

alert
file_create
endpoint.bitdefender.agent.
alert
file_create
endpoint.bitdefender.agent.
detection
file_delete
endpoint.bitdefender.agent.
detection
file_delete
endpoint.bitdefender.modify_value
endpoint.bitdefender.modify_value
endpoint.bitdefender.agent.
network
file_
connection
modify
endpoint.bitdefender.agent.
network
file_
connection
modify
endpoint.bitdefender.agent.file_
modify
move
endpoint.bitdefender.agent.file_
modify
move
endpoint.bitdefender.agent.
log
file_
out
read
endpoint.bitdefender.agent.
log
file_
out
read
endpoint.bitdefender.agent.
log
filescan_
on
detection
endpoint.bitdefender.agent.
log
filescan_
on
detection
endpoint.bitdefender.agent.
rca_insight_event
generic_logging
endpoint.bitdefender.agent.generic_logging
endpoint.bitdefender.agent.
rca
interface_
insight_event
added
endpoint.bitdefender.agent.
ctc_raw_process_create
interface_added
endpoint.bitdefender.agent.
ctc_raw_process_create
interface_change
endpoint.bitdefender.agent.
process
interface_
create
change
endpoint.bitdefender.agent.
process
log_
create
on
endpoint.bitdefender.agent.
rca
log_
insight
on
endpoint.bitdefender.agent.
rca
log_
insight
out
endpoint.bitdefender.agent.
filescan
log_
detection
out
endpoint.bitdefender.agent.
filescan
logon_
detection
failed
endpoint.bitdefender.agent.
terminate
logon_
process
failed
endpoint.bitdefender.agent.
terminate
network_
process
connection
endpoint.bitdefender.agent.
file
network_
delete
connection
endpoint.bitdefender.agent.
file
network_
delete
interfaces
endpoint.bitdefender.agent.
file
network_
read
interfaces
endpoint.bitdefender.agent.
file
process_
read
create
endpoint.bitdefender.agent.
file
process_create
endpoint.bitdefender.agent.
file
process_create_execve
endpoint.bitdefender.agent.
file
process_create_
move
execve
endpoint.bitdefender.agent.
file
process_create_
move
fork
endpoint.bitdefender.agent.
connection
process_create_
connect
fork
endpoint.bitdefender.agent.
connection
process_
connect
signal
endpoint.bitdefender.agent.
interface
process_
change
signal
endpoint.bitdefender.agent.
interface
rca_
change
insight
endpoint.bitdefender.agent.
user
rca_
logout
insight
endpoint.bitdefender.agent.
user
rca_insight_
logout
event
endpoint.bitdefender.agent.
process
rca_insight_
signal
event
endpoint.bitdefender.agent.
process
reg_delete_
signal
key
endpoint.bitdefender.agent.
interface
reg_delete_
added
key
endpoint.bitdefender.agent.
interface
reg_delete_
added
value
endpoint.bitdefender.agent.
process
reg_
create
delete_
fork
value
endpoint.bitdefender.agent.
process
reg_
create
modify_
fork
value
endpoint.bitdefender.agent.reg_
delete
modify_
key
value
endpoint.bitdefender.agent.
reg
scheduled_
delete
task_
key
create
endpoint.bitdefender.agent.
service
scheduled_task_
added
create
endpoint.bitdefender.agent.service_added
endpoint.bitdefender.agent.
user
service_
session_list
added
endpoint.bitdefender.agent.
user
terminate_
session_list
process
endpoint.bitdefender.agent.terminate_process
_create_execve
endpoint.bitdefender.agent.
process
user_account_
create
settings_
execve
change
endpoint.bitdefender.agent.user_account_settings_change
endpoint.bitdefender.agent.user_
account_settings_change
logout
endpoint.bitdefender.agent.user_logout
endpoint.bitdefender.agent.user_session_list
endpoint.bitdefender.agent.
reg
user_
delete
session_
value
list
endpoint.bitdefender.agent.
reg
user_
delete
specific_
value
logging
endpoint.bitdefender.agent.
reg
user_
modify_value
specific_logging
endpoint.bitdefender.agent.xrca
endpoint.bitdefender.agent.xrca
endpoint.bitdefender.agent.
reg_modify_value
xrca_event
endpoint.bitdefender.agent.xrca_event
endpoint.bitdefender.agent.
network
modify_
interfaces
value
endpoint.bitdefender.agent.
network
modify_
interfaces
value
endpoint.bitdefender.gravityzone.product_modules_status
endpoint.bitdefender.gravityzone.product_modules_status

Versions Compared

Old Version 3

New Version Current

Key

Introduction

Valid tags and data tables

Product / Service	Tags	Data tables
Bitdefender	`endpoint.bitdefender.agent`	`endpoint.bitdefender.agent`
	`endpoint.bitdefender.agent.active_host`	`endpoint.bitdefender.agent.active_host`
	`endpoint.bitdefender.agent.alert`	`endpoint.bitdefender.agent.alert`
	`endpoint.bitdefender.agent.connection_connect`	`endpoint.bitdefender.agent.connection_connect`
	`endpoint.bitdefender.agent.ctc_raw_process_create`

`file_delete`
`endpoint.bitdefender.modify_value`	`endpoint.bitdefender.modify_value`
`endpoint.bitdefender.agent.`

`generic_logging`	`endpoint.bitdefender.agent.generic_logging`
`endpoint.bitdefender.agent.`

`create`
`endpoint.bitdefender.agent.service_added`	`endpoint.bitdefender.agent.`

`change`	`endpoint.bitdefender.agent.user_account_settings_change`
`endpoint.bitdefender.agent.user_`

`logout`	`endpoint.bitdefender.agent.user_logout`
`endpoint.bitdefender.agent.user_session_list`	`endpoint.bitdefender.agent.`

`specific_logging`
`endpoint.bitdefender.agent.xrca`	`endpoint.bitdefender.agent.xrca`
`endpoint.bitdefender.agent.`

`xrca_event`	`endpoint.bitdefender.agent.xrca_event`
`endpoint.bitdefender.agent.`

`value`
`endpoint.bitdefender.gravityzone.product_modules_status`	`endpoint.bitdefender.gravityzone.product_modules_status`