OR

1. GravityZone Cloud MSP Security, Cloud version

The company to be integrated must have Endpoint Security with the Endpoint Detection and Response add-on or Bitdefender EDR license.

• Lumu License
  
  • An active Lumu Defender or Lumu for MSP subscription

Preliminary Setup - Bitdefender GravityZone

In order to set up the integration, you will need to prepare Bitdefender GravityZone to communicate with the Lumu integration. To do this, you will need to have the following:

• API Key
  
  • This API Key must have the Companies, Incidents, and Network permissions.

In the following steps, you will find how to obtain this requirement.

Generate API Key

Before you start, verify that the account that you are going to use has enough privileges to create an API key for the integration. The account needs the role of Company Administrator or related permissions.

1. Log in on the GravityZone cloud page.

2. On the main window, click on the dropdown menu on the upper right corner and click on My account

3. Scroll down until you locate the ‘Control Center API’ and the ‘API keys’ section. Then, click on the 'Add' icon to create a new API key

4. The API Key Configuration window will open. Enter a meaningful API Key Description and enable the following permissions:

• Companies.
• Incidents.
• Network.

Once you’re done, click on the blue Generate button.

5. The API Key window will open with the generated key. Make sure you store it in a safe place.

You won’t be able to see your API Key again after this. If you lose the API Key, you will need to repeat this process from the beginning.

6. Once you’ve stored the API key, close the window and store the Access URL found under the Control Center API section. You will need it later for the setup.

Lumu encrypts this information both in transit and at rest to ensure token confidentiality is maintained. This will remove API Key updating concerns from the integration maintenance process.

Integration Setup - Lumu Portal

This section of the article describes the steps that must be completed on the Lumu Portal to properly set up the Bitdefender GravityZone Integration. To start, log into your Lumu account through the Lumu Portal.

Integrations are also available for Lumu MSP accounts. To access them, log into the Lumu MSP Portal.

1. In the Lumu Portal, head to the panel on the left and open the Integrations drop-down menu. Then,click on Apps. Click on the Response tab on the right to filter the available integrations accordingly.

2. Locate the Bitdefender GravityZone integration. The list is organized in alphabetical order from A to Z.

Click on the Add button.

3. Familiarize yourself with the integration details in the app description and click the Activate button to activate the integration.

4. Provide a meaningful Name (1). Under Threat Types (2), choose the specific threat mappings you want to push to Bitdefender GravityZone. When done, click on the orange Next button.

Please note that you cannot modify the information on this screen. Exercise caution when selecting Threat Types, as changes cannot be made later.

5. In the next window you will need to fill the following:

• Access URL, which is found in Step 6 of the Generate API key section. (1)
• API Key, which is found in Step 5 of the Generate API key section. (2)

6. Select the company where you plan to apply the modifications.

• If you have a GravityZone Business Security Enterprise license, select the company shown in the dropdown menu.
• If you have a GravityZone Cloud MSP Security license, you will see all managed customer companies listed in the dropdown menu. Select the company you want to integrate with.

7. The integration is now created and active. The Lumu Portal will display the details of the created integration:

Final Steps - Validate the Integration on the Bitdefender Web Console

In order to verify that the integration is activated, log in to your Bitdefender Web Console. In the panel on the left, under the Incidents sub-category, click on Blocklist. If the integration is properly set up, you will see SHA256 hashes with “Detected by Lumu Technologies” under the Source Info column.

Once the integration is activated, the Incidents/Blocklist section will be updated with confirmed compromises found by Lumu within the preceding 3 days.