Bitdefender

Bitdefender provides anti-virus software, internet security software, endpoint security software, and other cyber security products and services.

Integration with LogicHub

Connecting with Bitdefender

To connect to Bitdefender following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • URL: The URL to connect to the Bitdefender.
  • API Key: The API Key to connect to the Bitdefender.

Actions with Bitdefender

Get Reports List

Retrieves the list of scheduled reports.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Report Name (Optional): Enter the value for name of report.
  • Report Type (Optional): Select the type of report (Default is All).
  • Maximum Results (Optional): Maximum number of events to return as response to this call (default is 100,000).

Output of Action
JSON containing following items:

  • has_error: True/False
  • error: message/null
  • result: List of reports
{
  "error": null,
  "has_error": false,
  "id": "5ea7217a7289817dd601c44",
  "name": "Audit Report",
  "occurrence": 6,
  "type": 67
}

Download Report by ID

Downloads the report by ID.

Inputs to this Action

  • Connection: Choose connection that you have created.
  • Jinja Template Report Name: Jinja-templated text containing the id of report.
    • Instance URL Type (Optional): Select type of instance url (Default is Last Instance URL).
    • File Type (Optional): Select type of file to download (Default is both CSV and PDF).
    • Automatically Parse CSV Files (Optional): Select the value to automatically parse CSV files (Default is True).
    • Header Names (Optional): If a CSV file will not have headers, provide a comma-separated list of headers to use (Default is File Headers).
    • Columns to Keep (Optional): If you only need specific columns, provide a comma-separated list of column names, and the rest will be dropped from the results (Default is All Columns).
    • Automatically Stripping Out All Non-ascii Characters (Optional): Select the value to automatically stripping out all non-ascii characters (Default is False).

Output of Action
JSON containing following items:

  • has_error: True/False
  • error: message/null
  • result: File Details.
{
  "result": {
    "csv": {
      "lhub_file_id": "8e7902669baa74c5435ea9e68.csv",
      "original_file_name": "Activity Report-2020-02-04 02-09-08.csv"
    },
    "pdf": {
      "lhub_file_id": "85cb9f94fefbe96a7a52d7b7a15.pdf",
      "original_file_name": " Activity Report-2020-02-04 02-09-08.pdf"
    }
  },
  "error": null,
  "has_error": false
}

Download Report by Name

Downloads the report by name.

Inputs to this Action

  • Connection: Choose connection that you have created.
  • Jinja Template Report Name: Jinja-templated text containing the name of report.
  • Instance URL Type (Optional): Select type of instance url (Default is Last Instance URL).
  • File Type (Optional): Select type of file to download (Default is both CSV and PDF).
  • Automatically Parse CSV Files (Optional): Select the value to automatically parse CSV files (Default is True).
  • Header Names (Optional): If a CSV file will not have headers, provide a comma-separated list of headers to use (Default is File Headers).
  • Columns to Keep (Optional): If you only need specific columns, provide a comma-separated list of column names, and the rest will be dropped from the results (Default is All Columns).
  • Automatically Stripping Out All Non-ascii Characters (Optional): Select the value to automatically stripping out all non-ascii characters (Default is False).

Output of Action
JSON containing following items:

  • has_error: True/False
  • error: message/null
  • result: File Details.
{
  "result": {
    "csv": {
      "lhub_file_id": "8e7902669baa74c5435ea9e68.csv",
      "original_file_name": "Activity Report-2020-02-04 02-09-08.csv"
    },
    "pdf": {
      "lhub_file_id": "85cb9f94fefbe96a7a52d7b7a15.pdf",
      "original_file_name": " Activity Report-2020-02-04 02-09-08.pdf"
    }
  },
  "error": null,
  "has_error": false
}

Get Quarantine List

Retrieves the quarantine list from the instance.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Service Name (Optional): Select the name of the service (Default is Computers and Virtual Machines).
  • Endpoint ID (Optional): Select column that contains the ID of the computer for which you want to retrieve the quarantined items. If not passed, the action returns the items quarantined in the entire network.
  • Jinja Template Filters (Optional): Jinja Template for filters to be used when querying the quarantine items list. Example {"threatName":"{{threat_column_name}}"}.
  • Maximum Results (Optional): Maximum number of events to return as a response to this call (default is 100,000).

Output of Action
JSON containing following items:

  • has_error: True/False
  • error: message/null
  • result: Quarantine List
{
  "actionStatus": 0,
  "canBeRemoved": true,
  "canBeRestored": true,
  "companyId": "5ca593a8765368039301e156",
  "details": {
    "filePath": "/samples/classic/c100.php"
  },
  "endpointIP": "192.168.2.34",
  "endpointId": "",
  "endpointName": "ep_OS",
  "error": null,
  "has_error": false,
  "id": "5cb4ff789817c004cf6e3df3",
  "quarantinedOn": "2019-04-19T03:36:45",
  "threatName": "Backdoor.PHP.AMB"
}

Create Scan Task

This method creates a new scan task.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja Template Target IDs: Jinja-templated query containing comma separated list with the IDs of the targets to scan. The target ID can designate an endpoint or a container.

Note: To get Target ID and Mac ID please use inspect element feature of google chrome:

  • Jinja Template Name: Jinja-templated text for name of the task.
  • Type (Optional): Select option for type. (Default is Full Scan).
  • Jinja Template Custom Scan Settings: Jinja-templated query containing custom scan settings containing information such as scan depth and scan path(s). This should be set only when 'Type' parameter has value '4 - Custom Scan'. When set for other types, the values will be ignored. Parameter $customScanSettings must contain the following properties: int $scanDepth The scan profile. Available options: 1- aggressive; 2-normal; 3- permissive;, and array $scanPath The list of target paths to be scanned. Example: {"scanDepth":1,"scanPath":["LocalDrives"]}

Output of Action
JSON containing following items:

  • has_error: True/False
  • error: message/null
  • result: True/False
{
  "result": {
    "id": "787b5e36-89a8-4353-88b9-6b7a32e9c87g",
    "jsonrpc": "2.0",
    "result": true
  },
  "error": null,
  "has_error": false
}

Create Scan Task By MAC

Use this method to generate a scan task for managed endpoints identified by their MAC address.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja Template MAC Addresses: Jinja-templated query containing comma separated list of MAC addresses of the endpoints to be scanned. You can specify at most 100 MAC addresses at once.
  • Jinja Template Name: Jinja-templated text for name of the task.
  • Type (Optional): Select option for type. (Default is Full Scan).
  • Jinja Template Custom Scan Settings: Jinja-templated query containing custom scan settings containing information such as scan depth and scan path(s). This should be set only when 'Type' parameter has value '4 - Custom Scan'. When set for other types, the values will be ignored. Parameter $customScanSettings must contain the following properties: int $scanDepth The scan profile. Available options: 1- aggressive; 2-normal; 3- permissive;, and array $scanPath The list of target paths to be scanned. Example: {"scanDepth":1,"scanPath":["LocalDrives"]}

Output of Action
JSON containing following items:

  • has_error: True/False
  • error: message/null
  • result: True/False
{
  "result": {
    "id": "787b5e36-89a8-4353-88b9-6b7a32e9c87g",
    "jsonrpc": "2.0",
    "result": true
  },
  "error": null,
  "has_error": false
}

Get Scan Tasks List

This method returns the list of scan tasks.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja Template Name: Jinja-templated query containing name of the task. Filter the list of tasks by task name. Use the asterisk symbol(*) in front of the keyword to search its appearance anywhere in the name. If omitted, only results where the name starts with the keyword will be returned.
  • Status (Optional): Select option for status. (Default is All).
  • Maximum Results (Optional): Maximum number of events to return as response to this call (default is 100,000).

Output of Action
JSON containing following items:

  • has_error: True/False
  • error: message/null
  • result: Tasks List
{
  "error": null,
  "has_error": false,
  "id": "601ad4557481acf63696a",
  "name": "Task1",
  "startDate": "2020-02-03T10:50:29",
  "status": 1
}

Did this page help you?