Skip to main content

Integrity Monitoring

Integrity Monitoring reviews and validates changes made on Windows and Linux endpoints to assess the integrity of multiple entities.

Integrity Monitoring operates based on default rules, provided by Bitdefender, and custom rules. These rules are available in the Policies > Integrity Monitoring Rules page of the Control Center .

Based on these rules, Integrity Monitoring takes action when events are generated for files, folders, registry entries, users, services and installed software. These events are displayed on the Reports > Integrity Monitoring Events page of the Control Center.

The product is available as an add-on, which, when added to your company is listed next to your main license:

Companies_Licensing_product_and_addon_integrity_monitoring_398417_en.png

The product gives your company access to the following benefits:

  • Monitor Beyond Files - Monitor beyond files and gain additional insights of multiple entities such as directories, registries, installed apps and user escalation of privilege.

  • Change & Risk Management - Identify meaningful configuration changes in real time which might indicate an integrity incident or event.

  • Operational Efficiency - Actionable recommendations tied to rules allowing teams to act to events reduce time and effort in identifying anomalies.

Start the trial

To start the trial, follow the steps below:

  1. Log in to GravityZone with your administrator account.

  2. Click the product_trials_icon_262792_en.png button on the upper right side of the console to access the In Product Trials page.

  3. Select Learn more under the Integrity Monitoring section.

  4. Select Start free trial.

The add-on will be added to your company's list of licenses as a separate product. You will be redirected the home page where you will see the new sections in GravityZone available to you.

Note

To remove the Integrity Monitoring license key, you can use the Stop Trial button. Learn more

Configure and install the new feature

Important

We recommend trying out the new feature on a limited set of endpoints. This is most easily done by creating a new policy and applying it to the endpoints selected for testing.

To start using this feature, follow the steps below:

Preparing and deploying policies
  1. Go to the Policies page.

  2. You can either:

    • Create a new policy.

    • Edit one of your existing policies.

  3. Under Integrity monitoring enable and configure the module.

  4. Save your policy.

  5. If you created a new policy, apply it to the endpoints you want to test it on.

    If you edited an existing policy, the changes will take place on all endpoints it was applied to.

This will allow you to enable the newly available features on all selected enpdoints.

Deploy the module using a Reconfigure agent task
  1. Go to the Network page and select the endpoints you wish to deploy the module on.

  2. Click the Tasks button and select Reconfigure agent.

  3. Under Modules select Add and enable the Integrity Monitoring module.

    Note

    For more information on using the Reconfigure client task refer to Reconfigure agent.

  4. Click Save.

    The task will now deploy the Integrity Monitoring module on all selected endpoints.

Test out the feature

Create and test the activation of a set rule
  1. Use the steps provided under Preparing and deploying policies to create a new rule that performs a specific action.

    For example, you can create a specific rule, for a specific path on your endpoint, that quarantines all new files with the .exe extension:

    1. Go to Integrity Monitoring Rules > Custom rules > Actions > New rule.

    2. Apply the following settings:

      integrity_monitoring_create_rule_263348_en.png
    3. Under OS applicability, select an applicable Operating System.

    4. Under Keys. add a file path and the extension of the files you want your rule to apply to.

    5. Click the Add button:

      integrity_monitoring_create_rule2_263348_en.png
    6. Under Monitoring scope, select File was created and select the Move to quarantine action from the drop down menu on the right.

    7. Click Save.

  2. Simulate the circumstances that you designed the rule to trigger for.

    For the above example, create a .exe file under the C:\Testing Integrity Monitoring file path. This will cause the file to be moved under quarantine.

Check quarantined files

You can find all the files that were sent into quarantine by going to the Quarantine page.

  1. Go to the Quarantine page.

  2. Apply the filters required for the files and period you are looking for.

  3. Explore the results.

Stop the trial

To stop the trial, follow the steps below:

  1. Log in to GravityZone with your administrator account.

  2. Click the product_trials_icon_262792_en.png button on the upper right side of the console to access the In Product Trials page.

  3. Select Learn more under the Integrity Monitoring section.

  4. Select Stop trial.

The product will be removed from your company and all additional features will be disabled.