endpoint.bitdefender

Introduction

The tags beginning with endpoint.bitdefender identify events generated by Bitdefender.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as endpoint.bitdefender. The third level identifies the type of events sent, and the fourth level indicates the event subtype.

Technology

Brand

Type

Subtype

endpoint

bitdefender

agent

alert
detection
modify_value
network_connection
file_modify
log_out
log_on
rca_insight_event
ctc_raw_process_create
process_create
rca_insight
filescan_detection
terminate_process
file_delete
file_read
file_create
file_move
connection_connec
tinterface_change
user_logout
process_signa
linterface_added
process_create_fork
reg_delete_key
service_added
user_session_list
process_create_execve
user_account_settings_change
reg_delete_value
reg_modify_value
network_interfaces

gravityzone

product_modules_status

These are the valid tags and corresponding data tables that will receive the parsers' data:

Log samples

The following are sample logs sent to each of the endpoint.bitdefender data tables. Also, find how the information will be parsed in your data table under each sample log.

Extra columns

Fields marked as Extra in the table below are not shown by default in data tables and need to be explicitly requested in the query. You can find them marked as Extra when you perform a query so they can be easily identified. Learn more about this in Selecting unrevealed columns.

Tag	Data table
endpoint.bitdefender.agent.alert	endpoint.bitdefender.agent.alert
endpoint.bitdefender.detection	endpoint.bitdefender.detection
endpoint.bitdefender.modify_value	endpoint.bitdefender.modify_value
endpoint.bitdefender.agent.network_connection	endpoint.bitdefender.agent.network_connection
endpoint.bitdefender.agent.file_modify	endpoint.bitdefender.agent.file_modify
endpoint.bitdefender.agent.log_out	endpoint.bitdefender.agent.log_out
endpoint.bitdefender.agent.log_on	endpoint.bitdefender.agent.log_on
endpoint.bitdefender.agent.rca_insight_event	endpoint.bitdefender.agent.rca_insight_event
endpoint.bitdefender.agent.ctc_raw_process_create	endpoint.bitdefender.agent.ctc_raw_process_create
endpoint.bitdefender.agent.process_create	endpoint.bitdefender.agent.process_create
endpoint.bitdefender.agent.rca_insight	endpoint.bitdefender.agent.rca_insight
endpoint.bitdefender.agent.filescan_detection	endpoint.bitdefender.agent.filescan_detection
endpoint.bitdefender.agent.terminate_process	endpoint.bitdefender.agent.terminate_process
endpoint.bitdefender.agent.file_delete	endpoint.bitdefender.agent.file_delete
endpoint.bitdefender.agent.file_read	endpoint.bitdefender.agent.file_read
endpoint.bitdefender.agent.file_create	endpoint.bitdefender.agent.file_create
endpoint.bitdefender.agent.file_move	endpoint.bitdefender.agent.file_move
endpoint.bitdefender.agent.connection_connect	endpoint.bitdefender.agent.connection_connect
endpoint.bitdefender.agent.interface_change	endpoint.bitdefender.agent.interface_change
endpoint.bitdefender.agent.user_logout	endpoint.bitdefender.agent.user_logout
endpoint.bitdefender.agent.process_signal	endpoint.bitdefender.agent.process_signal
endpoint.bitdefender.agent.interface_added	endpoint.bitdefender.agent.interface_added
endpoint.bitdefender.agent.process_create_fork	endpoint.bitdefender.agent.process_create_fork
endpoint.bitdefender.agent.reg_delete_key	endpoint.bitdefender.agent.reg_delete_key
endpoint.bitdefender.agent.service_added	endpoint.bitdefender.agent.service_added
endpoint.bitdefender.agent.user_session_list	endpoint.bitdefender.agent.user_session_list
endpoint.bitdefender.agent.process_create_execve	endpoint.bitdefender.agent.process_create_execve
endpoint.bitdefender.agent.user_account_settings_change	endpoint.bitdefender.agent.user_account_settings_change
endpoint.bitdefender.agent.reg_delete_value	endpoint.bitdefender.agent.reg_delete_value
endpoint.bitdefender.agent.reg_modify_value	endpoint.bitdefender.agent.reg_modify_value
endpoint.bitdefender.agent.network_interfaces	endpoint.bitdefender.agent.network_interfaces
endpoint.bitdefender.gravityzone.product_modules_status	endpoint.bitdefender.gravityzone.product_modules_status