Notification types
This is the list of available notification types:
Malware Outbreak
This notification is sent to the users that have at least 5% of all their managed network objects infected by the same malware.
You can configure the malware outbreak threshold according to your needs in the Notifications Settings window. For more information, refer to Configuring Notification Settings.
License Expires
A notification is sent 90, 30, 7 days, and also one day before the license expires. The notifications will include company information, product name, the expired license keys and useful URLs.
Note
You must have Manage Company right to view this notification.
License Usage Limit Has Been Reached or Exceeded
The notification informs you which of your managed companies has used all available licenses. In case the number of installations exceeds the license limit, the notification shows the unlicensed endpoints within the past 24 hours.
Note
You must have Manage Company right to view this notification.
Servers License Limit is About to Be Reached
This notification is sent when 90% of the available license seats for servers have been used.
Note
You must have Manage Company right to view this notification.
Exchange License Usage Limit Has Been Reached
This notification is triggered each time the number of protected mailboxes from your Exchange servers reaches the limit specified on your license key.
Advanced Anti-Exploit
This notification informs you when Advanced Anti-Exploit has detected exploit attempts in your network.
Antiphishing event
This notification informs you each time the endpoint agent blocks a known phishing web page from being accessed. This notification also provides details such as the endpoint that attempted to access the unsafe website (name and IP), installed agent or blocked URL.
Firewall event
With this notification you are informed each time the firewall module of an installed agent has blocked a port scan or an application from accessing the network, according to applied policy.
ATC/IDS event
This notification is sent each time a potentially dangerous application is detected on an endpoint in your network. You will find details about the application type, name, and path as well as the parent process ID and path and the command line that started the process if the case.
User Control event
This notification is triggered each time a user activity such as web browsing or software application is blocked by the endpoint client according to applied policy.
Note
User Control event notifications cannot be sent through email. Due to performance reasons, these notifications can only be sent via API to a SIEM platform.
Data Protection event
This notification is sent each time data traffic is blocked on an endpoint according to data protection rules.
Product Modules event
This notification is sent each time a security module of an installed agent gets enabled or disabled.
Security Server Status event
This type of notification provides information about the status changes of a certain Security Server installed in your network. The Security Server status changes refer to the following events: powered off / powered on, product update, security content update and reboot required.
Overloaded Security Server event
This notification is sent when the scan load on a Security Server in your network exceeds the defined threshold.
Product Registration event
This notification informs you when the registration status of an agent installed in your network has changed.
Authentication Audit
This notification informs you when another GravityZone account from your company, except your own, was used to log in to Control Center from an unrecognized device. If you select the Receive notification for child companies check box, notifications will be sent also for GravityZone accounts belonging to your managed companies.
Login from New Device
This notification informs you that your GravityZone account was used to log in to Control Center from a device you have not used for this purpose before. The notification is automatically configured to be visible both in Control Center and on email and you can only view it. This notification also includes the email address of the account used.
Task Status
This notification informs you either each time a task status changes, or only when a task finishes, according to your preferences.
Outdated Update Server
This notification is sent when an Update Serverr in your network has outdated security content.
Network Incidents event
This notification is sent each time the Network Attack Defense module detects an attack attempt on your network. This notification also informs you if the attack attempt was conducted either from outside the network or from a compromised endpoint inside the network. Other details include data about the endpoint, attack technique, attacker’s IP, and the action taken by Network Attack Defense.
Sensor integration status
This notification informs you when the status of a sensor integration changes. You can configure this notification to alert you in the GravityZoneControl Center, via email, or both.
By default, the notification is sent out every 2 hours if a sensor integration issue persists. But you can customize this time interval.
Sandbox Analyzer Detection
This notification alerts you every time Sandbox Analyzer detects a new threat among the automatically submitted samples. You are presented with details such as company name, hostname or IP of the endpoint, time and date of the detection, threat type, path, name, size of the files and the remediation action taken on each one.
This notification is not sent for manual submissions.
Note
You will not receive notifications for clean analyzed samples. Information on samples submitted by your company and, if configured, by your child companies is available in the Sandbox Analyzer Results report. Information on samples submitted by your company is also available in the Sandbox Analyzer section, in the main menu of Control Center.
HyperDetect Activity
This notification informs you when HyperDetect finds any antimalware or unblocked events in the network. This notification is sent for each HyperDetect event and provides the following details:
Affected endpoint information (name, IP, installed agent)
Malware type and name
Infected file path and parent process path. For file-less attacks it is provided the name of the executable used in the attack.
Infection status
The SHA256 hash of the malware executable
The type of the intended attack (targeted attack, grayware, exploits, ransomware, suspicious files and network traffic)
Detection level (Permissive, Normal, Aggressive)
Detection time and date
Detection type
Logged user
Company name
Command line used
You can view details about the infection and further investigate the issues by generating a HyperDetect Activity report right from the Notifications page. To do so:
In Control Center, click the Notification button to display the Notification Area.
Click the Show more link at the end of the notification to open the Notifications page.
Click the View report button in the notification details. This opens the report configuration window.
Configure the report if needed. For more information, refer to Creating Reports.
Click Generate.
Note
To avoid spamming, you will receive maximum one notification per hour.
Active Directory Integration Issue
This notification informs you of issues that affect the synchronization with Active Directory.
Missing Patch Issue
This notification occurs when endpoints in your network are missing one or more available patches.
GravityZone automatically sends a notification containing all findings within the last 24 hours to the notification date. The notification is sent to all your user accounts.
You can view which endpoints are in this situation by clicking the View report button in notification details.
By default, the notification refers to security patches, but you may configure it to inform you of non-security patches as well.
New Incident
This notification informs you when a new incident occurs. Once enabled, the notification is generated every time a new incident is displayed under the Incidents section of Control Center.
Note
In order to get notifications for new incidents, the minimum value for the Severity Score field is
10
. However, you can adjust by entering any value between10
and100
.New incident assigned to you
This notification informs you when a new incident has been assigned to you. The notification contains the incident number and additional relevant details.
Correlated incident
This notification informs you that an incident assigned to you is correlated with another incident. The notification includes the incident number assigned to you and correlated parent incident number.
Ransomware detection
This notification informs you when GravityZone detects a ransomware attack within your network. You are provided with details regarding the targeted endpoint, the user that was logged in, the source of the attack, the number of encrypted files, and the time and date of the attack.
At the time you receive the notification the attack is already blocked.
The link in the notification will redirect you to the Ransomware Activity page, where you can view the list of encrypted files and restore them if needed.
Storage Antimalware
This notification is sent when malware is detected on an ICAP-compliant storage device. This notification is created for each malware detection, providing details about the infected storage device (name, IP, type), detected malware and detection time.
Troubleshooting activity
This notification informs you when a troubleshooting event in your network ends. You can view details about the event type and status, the troubleshooting target, the storage location where you can find the logs archive, and others.
New Investigation Files Activity
This notification is triggered when there are new requests related to forensic data gathering.
Security Container Status Update
The notification informs you when the product update status changes for a Security Container installed in your network.
Monthly Subscription Expires
This notification is sent 30 days, seven days, and also one day before the monthly subscription expires.
Note
You must have Manage Company right to view this notification.
Partner Changed
This notification informs you when a client company joins or leaves your management. Details include license type, subscription end date, auto-renewal (if activated), minimum usage, and enabled services for that company.
Note
You must have Manage Company right to view this notification.
Partner download permission changed
This notification informs you whenever your direct Bitdefender partner is granted or revoked access to retrieve and download quarantined files from your company.
Note
You must have Manage Company right to view this notification.
Password Expiration Enabled
This notification informs you when the password expiration is enabled on your account.
Password Expiration Reminder
This notification is sent daily, starting 10 days before your GravityZone password expires, to remind you that you need to change it.
To quickly update the password, click the My Account button from the notification in Control Center.
Account Lockout Enabled
This notification informs you when the account lockout is enabled on your account.
Account Locked Out
This notification is sent via email to inform you that your account was locked out due to repeated login attempts with invalid passwords.