Bitdefender GravityZone AI alert triage with GenticFlow
Bitdefender endpoint sync, push events, quarantine alerts, and scan actions
GenticFlow connects to Bitdefender GravityZone to sync endpoints, enriched endpoint details, malware status, risk score, modules, group data, optional quarantine items, and Push Event Service security events. It exposes quick scan and full scan commands for Bitdefender endpoints.
What You Get
Endpoint and Detail Sync
- GravityZone endpoints sync into GenticFlow with online and managed state
- Endpoint details enrich records with agent, malware status, risk score, modules, and group data
- Operating system strings map endpoints to Windows, macOS, or Linux categories
- Unmanaged endpoints are clearly marked
Security Events and Quarantine
- Push Event Service can send antivirus, advanced threat control, ransomware, anti-exploit, network attack, and EDR incident events
- Push events are validated and converted into GenticFlow alerts
- Quarantine items can sync as alerts when quarantine sync is enabled
- Events are deduplicated and linked back to endpoint records where possible
Endpoint Scan Commands
- Quick Scan is exposed as a non-destructive endpoint command
- Full Scan is exposed as a non-destructive endpoint command
- Scan tasks are created through the GravityZone API
- Command outcomes are returned to the service desk workflow
How It Works
Connect GravityZone
Enter the GravityZone API URL and API key in GenticFlow.
Sync endpoints and configure push events
GenticFlow imports endpoints and configures the Push Event Service when infection events are enabled.
Process security signals
Security events and quarantine items become alerts with severity, module, endpoint, and malware context.
Run scans when appropriate
Quick or full scans can be launched through the connector for supported endpoint resources.
Security alerts with investigation context.
Bitdefender GravityZone remains the security control plane. GenticFlow brings endpoint and alert details into the service desk workflow so security tickets arrive with severity, affected asset context, and the next action clearly documented.
See It In Action