Skip to main content

Control Center at a glance

This section serves as orientation through the GravityZone Control Center console and provides a quick description of all first level pages available in GravityZone. The pages are presented in the order that they appear in the console, from top to bottom.

Main Pages

Dashboard
  1. Toggle menu view

    Use the View Menu button to view, hide, or expand the menu options. Click the button to run though the options sequentially, or double-click to skip.

  2. Main menu options

    The menu contains links to all the main Control Console pages.

  3. Pagination Toolbar

    Depending on the page that is displayed, the Page Toolbar contains buttons or drop-down menus that allow you to interact directly with the information being displayed on the page.

  4. Account Menu

    The Account Menu provides several account and company management options:

    • My Account. Click this option to manage your user account details and preferences.

    • My Company. Click this option to manage your company account details and preferences.

    • Integrations. Click this option to manage GravityZone integration with other management platforms.

    • Credentials Manager. Click this option to add and manage the authentication credentials required for remote installation tasks.

    • Help & Support. Click this option to find help and support information.

    • Feedback. Click this option to display a form allowing you to edit and send your feedback messages regarding your experience with GravityZone.

    • Logout. Click this option to log out of your account.

  5. What's New

    For important Control Center updates, we add a short description of changes and additions in the What's New section. For all updates, we also include in the section a link to the more detailed Release Notes.

  6. Help Mode

    Help Mode enables expandable tooltip boxes placed on Control Center items. You can easily find out useful information regarding the Control Center features.

  7. Notifications

    Notifications provide easy access to notification messages and also to the Notifications page.

  8. Page Content

    Displays and allows you to interact with information relevant to the page that is currently selected.

Control Center Pages

Monitoring

Dashboard

gz_cl_op_pt_walkthrough_cc_dashboard.png

The Dashboard consists of a series of portlets that provide you with security event information from your environment. You can customize the portlets and create your own, specifying the protection mechanism you would like the monitor and the time interval you would like to see in the data.

Portlets are interactive; if you wish to display further information on any event you can click on the datapoint in the portlet representing said event. Doing so will display a report that is representative of the time interval in which the event occurred and provides more in-depth information.

Executive Summary

The Executive Summary page presents a high-level, endpoint-focused version of the Dashboard, providing a series of widgets displaying details about endpoint modules, detections and taken actions, threat types and techniques, your company risk score, threat breakdowns, statistics and many more.

Note

As opposed to Dashboard portlets, the widgets in the Executive Summary screen are static and read-only.

Incidents

gz_cl_op_pt_walkthrough_cc_incidents.png

The Incidents screen provides you with a list of recent security incidents going back 90 days, and the ability to search for security incidents in all your managed companies or using a variety of filters and search criteria.

Clicking any incident will display additional information about the event.

You can search for three types of incidents:

  • Extended Incidents

    Note

    Available in Ultra Plus.

    The Extended Incidents tab displays all organization-wide incidents which require further investigation.

  • Endpoint Incidents

    Note

    Available in GravityZone Business Security Enterprise, Ultra Plus and EDR companion standalone.

    The Endpoint Incidents tab displays all endpoint-related incidents detected by the BEST Cross-Technology Correlations module which require further investigation.

  • Detected Threats

    Note

    Available in GravityZone Business Security Enterprise, Ultra Plus and GravityZone Business Security Premium.

    The Detected Threats tab displays a list of threats that have been identified and stopped (or reported, depending on your policies) by GravityZone prevention technologies.

Blocklist

Blocklists stop the spread of malware detected by EDR to other endpoints. To be able to identify these threats, they are given a hash value.

The Blocklist screen displays incidents related to a specific hash value and manage the hashes you are currently tracking.

Search

The search page provides you a complex search engine to locate incidents based on a high number of criteria and parameters. It also provides several predefined search options and the ability to save your preferred search criteria.

Custom Rules

The Custom Rules page allows you to create and manage rules that block or whitelist specific behavior or events.

  • Detections - They mark specific behavior that might occur in your environment as a valid detection. Any event matching this behavior will generate an appropriate incident.

  • Exclusions - They mark specific behavior that might occur in your environment as safe. Any event matching this behavior, even if it would normally be flagged, will not generate any event.

Network

gz_cl_op_pt_walkthrough_cc_network.png

In the Network page you can display, search for, and manage your companies, networks and endpoints. For each entity you can perform various operations such as display additional information, create tasks and reports, assign policies, troubleshoot and more.

Patch Inventory

The Patch Inventory page displays all patches discovered for the software installed on your Windows and Linux endpoints and provides several actions you can take on these patches.

Packages

The Packages page allows you to manage, create, download and send installation kits.

You can customize an installation package to specify the language, modules, roles, scan mode and method of installation.

Tasks

The tasks page displays a list of all the tasks that were initiated inside your managed companies. Each task provides additional information. You can narrow down the list of displayed tasks by using several filters.

Risk Management

gz_cl_op_pt_walkthrough_cc_riskmanagement.png

The Risk Management page provides you with a network and operating system risk overview and with the capability of creating and managing scan tasks. You can set the tasks to run recurrently on specific endpoints and choose from a large number of indicators of risk to search for to locate any vulnerabilities.

Security Risks

The Security Risks page displays the results of the scan tasks created in the Risk Management page. The results contain information on possible risks, affected devices and vulnerable users in a fully customizable grid formation with complex filtering options.

Companies View

As a partner, in the Companies View page you can display a high level overview of risk management applied over all your companies. You can view each company's risk score, search or filter out results and export lists as .csv files.

Policies

gz_cl_op_pt_walkthrough_cc_policies.png

In the Policies page you can create, customize and assign your company's security policies.

A policy specifies the security settings to be applied on target network inventory objects (computers, virtual machines or mobile devices). You can create as many policies as you need based on security requirements, for each type of managed network object.

Configuration Profiles

In the Configuration Profiles page, you can create and manage collections of settings outside policies so that you apply them in your network in an efficient manner. Configuration profiles refer to exclusions for the entire GravityZone environment and to maintenance windows for the Patch Management module.

Integrity Monitoring Rules

In the Integrity Monitoring Rules page you can set up rules that allows the Integrity Monitoring feature to take action when events are generated for files, folders, registry entries, users, services and installed software.

Assignment rules

In the Assignment Rules page you can define user and location-aware policies. For example, you can apply more restrictive firewall rules when users connect to the internet from outside the company or you can enable Web Access Control for users that are not part of the administrators group.

Reports

gz_cl_op_pt_walkthrough_cc_reports.png

The Reports page allows you to create and view the results of multiple types of reports reports on the security status of your managed network objects. Reports can consolidate data from the entire network of managed network objects or from specific groups only can be used for multiple purposes.

Several different report types are available so that you can easily get the information you need. The information is presented as easy-to-read interactive charts and tables, allowing you to quickly check the network security status and identify security issues.

Ransomware Activity

The Ransomware Activity page provides information on the ransomware attacks that GravityZone has detected on the endpoints you manage, and provides you with the necessary tools to recover the files affected during the attacks.

Integrity Monitoring Events

The Integrity Monitoring Events page contains all the detected events which have been triggered by on default and/or custom rules.

Quarantine

Computers and Virtual Machines

gz_cl_op_pt_walkthrough_cc_quarantine.png

The Quarantine page provides on overview on all malicious files, such as malware-suspected, malware-infected or other unwanted files that have been detected by GravityZone protection. You can search or filter through the list of files, display additional information on each of them and decides on whether to restore, download or delete the files.

When a virus or other form of malware is in quarantine, it cannot do any harm because it cannot be executed or read. GravityZone moves files to quarantine according to the policies assigned to endpoints.

Exchange Protection

The Exchange quarantine contains emails and attachments. The Antimalware module quarantines email attachments, whereas Antispam, Content and Attachment Filtering quarantine the whole email.

Accounts

gz_cl_op_pt_walkthrough_cc_accounts.png

In the Accounts page you can create and manage all your company user accounts. For each user you can add personal information, modify login security settings and assign a default language, timezone and user role.

User Activity

You can use the User Activity page to search for any actions taken by a specific user on a specific company and logged by Control Center.

Sandbox Analyzer

gz_cl_op_pt_walkthrough_cc_sandbox.png

In the Sandbox Analyzer page you can configure the Sandbox Analyzer settings for automatic submission via Bitdefender Endpoint Security Tools.

Sandbox Analyzer provides a powerful layer of analysis by performing automatic detonation of suspicious content in a secure cloud environment, for files not yet signed by Bitdefender antimalware engines.

Manual Submission

In the Manual Submission page you can send samples of suspicious objects to Sandbox Analyzer, to determine whether they are threats or harmless files.

Email Security

gz_cl_op_pt_walkthrough_cc_emailsec.png

In the Email Security page you can access the Email Security console and create accounts for your managed companies.

BitdefenderGravityZoneEmail Security is a cloud-driven email security gateway able to protect any type of email service against various types of email-centric threat vectors.

Configuration

gz_cl_op_pt_walkthrough_cc_configuration.png

In the Configuration page, you can configure settings related to Network Inventory, Offline Machine Cleanup, Login Security, Single Sign-on and Security Server.