I want to integrate Bitdefender into ELK

Hello,

I am trying to integrate Bitdefender into ELK. I have generated the API key and added the Bitdefender integration to the Fleet Server policy with the required details. However, I am still not receiving any logs in Kibana, and the pre-built dashboards remain empty. Can you please assist me with this issue, as I couldn’t find much documentation on this?

Thank you.

hi @AB9494,

Is there any information in the agent logs (you can enable debug logs and view them in the Logs UI or download the elastic agent diagnostics) Monitor Elastic Agents | Fleet and Elastic Agent Guide [8.15] | Elastic?

Hi @AB9494,

Welcome! I assume you are using the Bitdefender integration for the Elastic agent and have followed the setup instructions in the documentation including creating the push notification configuration?

If you don't see anything in the pre-build dashboards or logs, and have confirmed that notifications are being send on the Bitdefender side, I would recommend checking the Fleet Server and Elastic Agent logs to see if there are any errors.

Can you check and share if there are any errors or warnings in the logs?

Let us know!

Hello @MarianaD & @carly.richmond

Thank you for your reply, I want to tell you that I have enabled Event Push Service API in Bitdefender cloud portal and generated the API key which I have pasted in the integration. I have also configured as shown the documentation of ELK Bitdefender integration. However, I am unable to get the logs, I am attaching my configuration kindly check and let me know what should I do, I think I am missing something that's why I am facing issue. I have ubuntu server in which I have installed Elastic and Kibana also I have setup Fleet server in the same server I don't use Logstash. I think I am missing something at server level also kindly assist me in this.

Thank you for your support.

hi @AB9494 , did you install a Fleet managed elastic agent to collect the logs guide here Install Fleet-managed Elastic Agents | Fleet and Elastic Agent Guide [8.15] | Elastic?

Hii @MarianaD,

Yes, I’ve added the fleet agent to my server, and my SIEM is fully operational. I’ve integrated all assets of my organization, including firewalls, switches, routers, servers, and endpoints, over the past six months. Using the fleet server integration, I’ve configured Cisco integration for switches and firewalls, and all logs are showing up correctly. However, I’m facing an issue with Bitdefender—I’m not receiving any logs from it.

I’ve generated the API key and followed the configuration method as per the instructions, but I haven’t set up anything specific on the server for Bitdefender yet. Do I need to configure anything on the server side for Bitdefender to forward logs to my SIEM or for collection?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.