Newly Setup of XDR, how to?

johnDexplorer · 2024-09-18T10:06:56+00:00

There was an error rendering this rich post.

I have my Gravityzone and assigned license to 1 client with XDR - productivity apps (office 365).
I can only manage to connect the Email Sensor and not Audit Sensor.

Questions:

Their license is MS Biz Standard only, do they need E5 license to activate the Audit subscriptions required for Audit sensor ?
My Email sensor is connected, will I see already its Graph view or only once detected an incident? So there is no way for me to monitor real-time, just when suspicious activity happens - it will be recorded to incident page of GravityZone and examine from there?

Find more posts tagged with

bitdefender

gravityzone

Accepted answers

All comments

Andrei_S Enterprise

Hello @johnDexplorer ,

We do not do validation based on Microsoft licensing, the integration checks if API endpoints and resources are accessible from the Microsoft side. In your case the 365 MS Biz Standard should be ok, except for the Risky Users APIs, which require an Entra ID P2 subscription.
For this issue you will need to ensure that Audit Recording is enabled for your company as per https://learn.microsoft.com/en-us/purview/audit-log-enable-disable?tabs=microsoft-purview-portal

Note: After enabling audit recording, it can take a few hours or more (up to 24h in our tests) before activity events feeds can be successfully subscribed to.

Also, if the above documentation does not help to resolve the issue we would need more information so we can troubleshoot it with our Enterprise Support team.

Such as:

Do you have access to Audit recording?
Do you encounter issues with enabling the subscription to the audit feeds? What is the error?

2. You will only see information in the Incidents section from the GravityZone, and as you mentioned it will highlight incidents when they occur. There is no graph for real-time traffic scanning to monitor.

You can always reach out to our support team through this web form:

https://www.bitdefender.com/support/contact-us.html?last_page=BusinessCategory

Kind Regards,

Andrei