eXtended Detection and Response (XDR)
The eXtended Detection and Response (XDR) feature is a cross-company event correlation component, capable of detecting advanced attacks across multiple endpoints in hybrid infrastructures (workstations, servers or containers, running various OS). As part of our comprehensive and integrated Environment Protection Platform, XDR brings together device intelligence across your enterprise network. This solution comes in aid of your incident response teams' effort to investigate and respond to advanced threats.
To access the XDR feature, if your company is not already using it, your main license is changed to GravityZone Business Security Enterprise during the course of the trial.
You can add sensors to XDR to enrich incident data and get better data correlation. Separate licenses are required for adding sensors related to network, identity providers, cloud workloads and productivity apps.
During the trial, additional licenses are added automatically so you can integrate all available sensors. They are grouped by the type of data they process: network, identity providers, cloud workloads, and productivity apps. There are four types of licenses available:
Bitdefender XDR Sensor - Cloud: this license allows integration with the AWS sensor and the Azure Cloud sensor.
Bitdefender XDR Sensor - Identity: this license allows integration with the Active Directory sensor, the Azure AD sensor, and the Microsoft Intune sensor.
Bitdefender XDR Sensor - Network: this license allows integration with the Network sensor.
Bitdefender XDR Sensor - Productivity: this license allows integration with the Office 365 sensors and the Google Workspace sensor.
Each sensor type is available as an add-on, which, when added to your company is listed next to your main license:
Note
Any sensor licenses previously not available to your company are added for the duration of the trial.
Start the trial
To start the trial, follow the steps below:
Log in to GravityZone with your administrator account.
Click the button on the upper right side of the console to access the In Product Trials page.
Select Learn more under the GravityZone XDR section.
Select Start free trial.
Your company's licensing status will be updated to match your new product. You will be redirected the home page where you will see the new sections in GravityZone available to you.
Note
To revert to your previous license key, you can use the Stop Trial button. Learn more.
Configure and install XDR (if not previously available)
Important
We recommend trying out the new features on a limited set of endpoints. This is most easily done by creating a new policy and applying it to the endpoints selected for testing.
To start using these new features, follow the steps below:
Go to the Policies page.
You can either:
Under Incident Sensor, enable the module.
Save your policy.
If you created a new policy, apply it to the endpoints you want to test it on.
If you edited an existing policy, the changes will take place on all endpoints it was applied to.
This will allow you to enable the newly available features on all selected endpoints.
Go to the Network page and select the endpoints you wish to deploy the module on.
Click the Tasks button and select Reconfigure client.
Under Modules select Add and enable EDR Sensor.
Note
For more information on using the Reconfigure client task refer to Reconfigure agent.
Click Save.
The task will now deploy the EDR sensor on all selected endpoints.
Add sensors to XDR to enrich incident data and get better data correlation.
To fully benefit from all possible sources of data, you will have to integrate all available sensor types. To set up your sensors, follow the steps below:
Read the information in this article to better familiarize yourself with the available sensor types and what types of integration your require for your network.
Follow the steps in this article to integrate your sensors.
Test out the new features
Viewing and interpreting detections
You can view the detected threats and more information about them in one of these two sections:
Incidents - this page helps you filter, investigate and take actions on all security events detected by Incidents Sensor over a specific time interval. Learn more
Search - this page allows you to browse for past security events by using complex search criteria. You can choose which events GravityZone processes by going to Configuration > Raw Events. Learn more
Note
For more testing scenarios please refer to our XDR onboarding guide.
Tip
Read more about detections and EDR/XDR technology in our TechZone article.
Stop the trial
To stop the trial, follow the steps below:
Log in to GravityZone with your administrator account.
Click the button on the upper right side of the console to access the In Product Trials page.
Select Learn more under the GravityZone Business Security Enterprise section.
Select Stop trial.
Your company's licensing will revert to the previous state and all additional features will be disabled.