Bitdefender GravityZone
LAST UPDATED: APRIL 28, 2025
Overview
Bitdefender Control Center APIs allow developers to automate business workflows. D3's integration with Bitdefender provides the ability to manage groups and endpoints, create scan tasks, quarantine items and retrieve report results for each predefined report.
D3 SOAR is providing REST operations to function with Bitdefender GravityZone.
Bitdefender GravityZone is available for use in:
Known Limitations
The API enforces a fixed number of requests per second per API key. When the limit is exceeded, further requests are denied with an HTTP 429 status code. Below are the applicable rate limits:
30 requests per minute per API Key
Create Scan Task
Delete Endpoints
Quarantine Files
Remove Quarantine Files
5 requests per minute per API Key
Add to Blocklist
Remove From Block List
10 requests per second per API Key
All other commands not mentioned above
Refer to API rate limits for detailed information.
Connection
To connect to Bitdefender GravityZone from D3 SOAR, follow this part to collect the required information below:
Parameter | Description | Example |
Server URL | The URL of the Bitdefender server. | https://cloud.gravityzone.bitdefender.com |
API Key | The API key used to authenticate the connection. | ***** |
API Version | The API version to use for the connection. | v1.0 |
Configuring Bitdefender GravityZone to Work with D3 SOAR
Log into Bitdefender GravityZone using an administrator account.
The account must have the following rights: Manage Networks, Manage Users, Manage Company, and View and analyze data.
Click the
icon, then select the My account option.
Scroll down to the API keys section, then click the + Add button.
Configure the API key.
Enter a name for the key.
Select the APIs to use with the key.
Click the Generate button to retrieve the API key.
Copy the API key to be used for the connection. Refer to step 3i sub-step 2 in Configuring D3 SOAR to Work with Bitdefender GravityZone.
The API key will not be visible after this point.
Configuring D3 SOAR to Work with Bitdefender GravityZone
Log in to D3 SOAR.
Find the Bitdefender GravityZone integration.
Navigate to Configuration on the top header menu.
Click on the Integration icon on the left sidebar.
Type Bitdefender GravityZone in the search box to find the integration, then click it to select it.
Click on the + Connection button on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to Bitdefender GravityZone.
Connection Name: The desired name for the connection.
Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
Recipient site for events from connections Shared to Internal Sites: This field is displayed when Share to Internal Sites is selected for the Site field, allowing selection of the internal site for deploying the integration connection.
Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
Description (Optional): Add a description for the connection.
Tenant (Optional): When configuring the connection from a master tenant site, users have the option to choose the specific tenant sites to share the connection with. Once this setting is enabled, users can filter and select the desired tenant sites from the dropdowns to share the connection.
Active: Check the checkbox to ensure the connection is available for use.
Configure User Permissions: Defines which users have access to the connection.
System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
1. Input the Server URL. The default value is https://cloud.gravityzone.bitdefender.com.
2. Copy the API Key from the Bitdefender GravityZone platform. Refer to Configuring Bitdefender GravityZone to Work with D3 SOAR.
3. Input the API Version. The default value is v1.0.
Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Refer to the password vault connection guide if needed.
Connection Health Check: Periodically checks the connection status by scheduling the Test Connection command at the specified interval (in minutes). Available only for active connections, this feature also allows configuring email notifications for failed attempts.
Test the connection.
Click on the Test Connection button to verify credentials and connectivity. A success alert displays Passed with a green checkmark. If the connection fails, review the parameters and retry.
Click OK to close the alert window.
Click + Add to create and add the configured connection.
Commands
Bitdefender GravityZone includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command function, users can execute these commands independently for playbook troubleshooting.
Integration API Note
For more information about the Bitdefender GravityZone API, refer to the Bitdefender GravityZone API reference.
Note for Time-related parameters
The input format of time-related parameters may vary based on user account settings, which may cause the sample data in commands to differ from what is displayed. To adjust the time format, follow these steps:
Navigate to Configuration > Application Settings. Select Date/Time Format.
Choose the desired date and time format, then click on the Save button.
The selected time format will now be visible when configuring Date/Time command input parameters.
Add to Blocklist
Adds new hashes to the blocklist.
Input
Input Parameter | Required/Optional | Description | Example |
Hashes | Required | The list of hash values to add to the blocklist. |
JSON
|
Hash Type | Required | The hash type for the provided hash values. Available options are:
| SHA256 - 1 |
Description | Required | The description for the action. | Added a hash of 'atomic-red-team-master.zip' from public API |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Add to Blocklist failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Not enough rights for this companyId to add a hash to blocklist. |
Error Sample Data Add to Blocklist failed. Status Code: 403. Message: Not enough rights for this companyId to add a hash to blocklist. |
Create Group
Creates a new custom group of endpoints.
READER NOTE
Parent ID is an optional parameter to run this command.
Run the List Groups command with the Parent ID parameter filled to obtain the Parent ID. Parent IDs can be found in the raw data at the path $.result[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Group Name | Required | The name of the group. | Group 1-1 |
Parent ID | Optional | The ID of the parent group under which to nest the target group. The ID can be a company ID or group ID. Parent ID can be obtained using the List Groups command with the Parent ID parameter filled. By default, the group will be created under the Computers and Groups group of the current user. | ***** |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Create Group failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 409. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Group name already exists. |
Error Sample Data Create Group failed. Status Code: 409. Message: Group name already exists. |
Create Scan Task
Creates a new scan task.
READER NOTE
Endpoint IDs and Mac Addresses are optional parameters to run this command.
Run the List Endpoints command to obtain the Endpoint IDs. Endpoint IDs can be found in the raw data at the path $.result.items[*].id.
Run the List Endpoints command to obtain the Mac Addresses. Mac Addresses can be found in the raw data at the paths:
$.result.items[*].macs (if Endpoint Type is set to Endpoints)
$.result.items[*].details.macs (if Endpoint Type is set to Active Directory Endpoints).
Input
Input Parameter | Required/Optional | Description | Example |
Scan Name | Optional | The name of the scan. If left blank, the scan name will be generated automatically. | my scan 1 |
Endpoint IDs | Optional | The list of endpoint IDs to scan. The IDs can designate endpoints or containers. Endpoint IDs can be obtained using the List Endpoints command. Endpoint IDs and Mac Addresses cannot both be empty. |
JSON
|
Mac Addresses | Optional | The list of MAC addresses of the endpoints to scan. A maximum of 100 MAC addresses is allowed. MAC addresses can be obtained using the List Endpoints command. Endpoint IDs and Mac Addresses cannot both be empty. |
JSON
|
Scan Type | Required | The scan type to perform. Available options are:
By default, the value is set to Quick Scan - 1. | Quick Scan - 1 |
Custom Scan Depth | Optional | The depth for a custom scan. This is only applicable and required when the Scan Type is set to Custom Scan - 4. Available options are:
By default, the value is set to Aggressive - 1. | Aggressive - 1 |
Custom Scan Paths | Optional | The paths to include for a custom scan. This is only applicable and required when the Scan Type is set to Custom Scan - 4. |
JSON
|
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Create Scan Task failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: The input parameters 'Endpoint IDs' & 'Mac Addresses' cannot be empty at the same time. |
Error Sample Data Create Scan Task failed. Status Code: 400. Message: The input parameters 'Endpoint IDs' & 'Mac Addresses' cannot be empty at the same time. |
Delete Endpoints
Deletes endpoints under Custom Groups by moving them to the Deleted group. Re-running this command on the same endpoints will permanently delete them.
READER NOTE
Endpoint IDs is a required parameter to run this command.
Run the List Endpoints command to obtain the Endpoint IDs. Endpoint IDs can be found in the raw data at the path $.result.items[*].id.
Entries with "networkItemTypeName": "Group" cannot be used as values for Endpoint IDs.
Input
Input Parameter | Required/Optional | Description | Example |
Endpoint IDs | Required | The IDs of the endpoints to delete. Endpoint IDs can be obtained using the List Endpoints command. Entries with "networkItemTypeName": "Group" cannot be used as values for Endpoint IDs. |
JSON
|
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Delete Endpoints failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Invalid value for 'endpointId' parameter. |
Error Sample Data Delete Endpoints failed. Status Code: 400. Message: Invalid value for 'endpointId' parameter. |
Download Reports
Downloads report files.
READER NOTE
Report IDs is a required parameter to run this command.
Run the List Reports command to obtain the Report IDs. Report IDs can be found in the raw data at the path $result.items[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Report IDs | Required | The IDs of the reports to download. Report IDs can be obtained using the List Reports command. |
JSON
|
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Download Reports failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: "Invalid value for 'reportId' parameter. |
Error Sample Data Download Reports failed. Status Code: 400. Message: "Invalid value for 'reportId' parameter. |
Get Managed Endpoint Details
Retrieves detailed information for the specified managed endpoints.
READER NOTE
Managed Endpoint IDs is a required parameter to run this command.
Run the List Endpoints command to obtain the Managed Endpoint IDs. Managed Endpoint IDs can be found in the raw data at the path $.result.items[*].id.
Entries with "networkItemTypeName": "Group" cannot be used as values for Endpoint IDs.
Input
Input Parameter | Required/Optional | Description | Example |
Managed Endpoint IDs | Required | The IDs of the managed endpoints for which to retrieve details. Managed Endpoint IDs can be obtained using the List Endpoints command. Providing an unmanaged endpoint ID or an entry with "networkItemTypeName": "Group" will result in an error. |
JSON
|
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Managed Endpoint Details failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: This endpoint cannot be queried. |
Error Sample Data Get Managed Endpoint Details failed. Status Code: 403. Message: This endpoint cannot be queried. |
Isolate Endpoints
Creates tasks to isolate the specified managed endpoints.
READER NOTE
Endpoint IDs is a required parameter to run this command.
Run the List Endpoints command to obtain the Endpoint IDs. Endpoint IDs can be found in the raw data at the path $.result.items[*].id.
Entries with "networkItemTypeName": "Group" cannot be used as values for Endpoint IDs.
Input
Input Parameter | Required/Optional | Description | Example |
Endpoint IDs | Required | The IDs of the endpoints to isolate. Endpoint IDs can be obtained using the List Endpoints command. Entries with "networkItemTypeName": "Group" cannot be used as values for Endpoint IDs. |
JSON
|
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Isolate Endpoints failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 422. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Invalid value for this 'endpointId'. The endpoint is not managed. |
Error Sample Data Isolate Endpoints failed. Status Code: 422. Message: Invalid value for this 'endpointId'. The endpoint is not managed. |
List Block List
Retrieves all existing items from the blocklist.
Input
Input Parameter | Required/Optional | Description | Example |
Page | Optional | The results page number. | 1 |
Page Size | Optional | The maximum number of items to display per page. The allowed range is 1 to 100. | 5 |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Block List failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: The value for parameter (Page Size) is invalid. |
Error Sample Data List Block List failed. Status Code: 400. Message: The value for parameter (Page Size) is invalid. |
List Endpoints
Retrieves available endpoints.
READER NOTE
Company or Group ID is an optional parameter to run this command.
Run the List Endpoints command with Endpoint Type set to Active Directory Endpoints to obtain the Company or Group ID. Company or Group IDs can be found in the raw data at the path $.result.items[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Company or Group ID | Optional | The ID of the company or group for which to retrieve endpoints. Company or Group ID can be obtained using the List Endpoints command with the Endpoint Type set to Active Directory Endpoints. Leave this parameter blank and the End Type set to Endpoints to return only endpoints under the Computers and Groups group. | ***** |
Page | Optional | The results page number. | 1 |
Page Size | Optional | The number of items per page. The allowed range is 1 to 100. | 10 |
Endpoint Type | Required | The type of endpoints to retrieve. Available options are:
| Endpoints |
Is Managed | Optional | Whether to return only managed endpoints. When True, unmanaged endpoints are excluded. This parameter is only applicable if Endpoint Type is set to Endpoints. By default, the value is set to False. | True |
Filters | Optional | The Apache Lucene syntax string to filter endpoints. Each field is joined with the AND operator. Available Shared Fields These fields apply across all endpoint types:
Active Directory Endpoint Only Fields These fields apply only when Endpoint Type is Active Directory:
Refer to the sample data for the syntax. | security.management.managedWithBest:True AND security.management.managedRelays:True AND details.name:*PC1 AND details.macs in (123456, 1234456) |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Endpoints failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Wrong syntax string provided in parameter 'Filters', please refer to the parameter description and sample data. |
Error Sample Data List Endpoints failed. Status Code: 400. Message: Wrong syntax string provided in parameter 'Filters', please refer to the parameter description and sample data. |
List Groups
Retrieves the list of groups under a specified parent group.
READER NOTE
Parent ID is an optional parameter to run this command.
Run the List Groups command with the Parent ID filled to obtain the Parent ID. Parent IDs can be found in the raw data at the path $.result[*].id.
Users must fill the Parent ID parameter to retrieve custom groups using the List Groups command. Refer to the following section for details.
Bitdefender GravityZone does not provide a native method to retrieve all custom groups in a single call using the List Groups command. One approach to retrieve all custom groups is as follows:
Run the List Groups command without specifying a Parent ID.
This will return the system-defined groups, such as Computers and Groups and Deleted.Run the List Groups command again using the ID of each returned system group as the Parent ID.
This retrieves any custom groups that are directly nested under those system folders.For each custom group retrieved, run the command again using its ID as the Parent ID.
This step is necessary to identify additional custom groups nested under those groups.Repeat step 3 until no further subgroups are returned.
Input
Input Parameter | Required/Optional | Description | Example |
Parent ID | Optional | The ID of the parent group for which to retrieve subgroups. By default, the Computers and Groups and Deleted system groups of the current user will be returned when no Parent ID is provided. Bitdefender GravityZone does not support retrieving all custom groups in a single call. A workaround is to run the List Groups command multiple times. Begin by running it without a Parent ID to retrieve the top-level system groups. Then, use the ID of each returned group as the Parent ID in subsequent calls. Repeat this process recursively for each nested group until all levels of custom groups have been discovered. | ***** |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Groups failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Invalid value for 'parentId' parameter. |
Error Sample Data List Groups failed. Status Code: 400. Message: Invalid value for 'parentId' parameter. |
List Quarantine Items
Retrieves a list of quarantined items from the endpoints.
READER NOTE
Endpoint IDs is an optional parameter to run this command.
Run the List Endpoints command to obtain the Endpoint ID. Endpoint IDs can be found in the raw data at the path $.result.items[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Endpoint ID | Optional | The ID of the endpoint for which to filter quarantined items. Endpoint ID can be obtained using the List Endpoints command. | ***** |
Start Date | Optional | The earliest quarantined date to include. | 05/19/2022 02:00 AM |
End Date | Optional | The latest quarantined date to include. | 05/31/2022 02:00 AM |
Quarantine Item Service | Required | The service from which to retrieve quarantine items. Available options are:
| Computers and Virtual Machines |
Threat Name | Optional | The full or partial threat name to filter results. | Trojan |
Action Status | Optional | The action status to filter results. Applicable values depend on the selected Quarantine Item Service. Available options are:
| Pending remove - 1 |
Page | Optional | The results page number. | 1 |
Page Size | Optional | The maximum number of items displayed per page. The allowed range is 1 to 100. | 5 |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Quarantine Items failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Start Time cannot be greater than End Time. |
Error Sample Data List Quarantine Items failed. Status Code: 400. Message: Start Time cannot be greater than End Time. |
List Reports
Retrieves a list of reports.
Input
Input Parameter | Required/Optional | Description | Example |
Report Name | Optional | The full name of the report to retrieve. | Report1-Type_Antiphishing Activity |
Report Type | Optional | The type of report by which to filter the results. Available options are:
| Antiphishing Activity - 1 |
Page | Optional | The results page number. | 1 |
Page Size | Optional | The maximum number of items displayed per page. The allowed range is 1 to 100. | 5 |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Reports failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: The value for parameter (Page Size) is invalid. |
Error Sample Data List Reports failed. Status Code: 400. Message: The value for parameter (Page Size) is invalid. |
List Scan Tasks
Retrieves a list of current scan tasks.
Input
Input Parameter | Required/Optional | Description | Example |
Scan Name | Optional | The name used to filter the scan tasks. | Scan 2022 |
Status | Optional | The status used to filter the scan tasks. | Finished - 3 |
Page | Optional | The results page number. | 1 |
Page Size | Optional | The number of items to return per page. The allowed range is 1 to 100. | 10 |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Scan Tasks failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: The value for parameter (Page) is invalid. |
Error Sample Data List Scan Tasks failed. Status Code: 400. Message: The value for parameter (Page) is invalid. |
Move Endpoints
Moves endpoints to a specified custom group.
READER NOTE
Endpoint IDs and Group ID are required parameters to run this command.
Run the List Endpoints command to obtain the Endpoint IDs. Endpoint IDs can be found in the raw data at the path $.result.items[*].id.
Entries with "networkItemTypeName": "Group" cannot be used as values for Endpoint IDs.
Run the List Groups command with the Parent ID parameter filled to obtain the Group ID. Group IDs can be found in the raw data at the path $.result[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Endpoint IDs | Required | The IDs of the endpoints to move. Endpoint IDs can be obtained using the List Endpoints command. Entries with "networkItemTypeName": "Group" cannot be used as values for Endpoint IDs. |
JSON
|
Group ID | Required | The ID of the custom group to which the endpoints will be moved. Group ID can be obtained using the List Groups command with the Parent ID parameter filled. | ***** |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Move Endpoints failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 409. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: One or more endpoints do not belong to the same company with the target custom group. |
Error Sample Data Move Endpoints failed. Status Code: 409. Message: One or more endpoints do not belong to the same company with the target custom group. |
Quarantine Files
Creates tasks to quarantine specified files on selected endpoints.
READER NOTE
Endpoint IDs is a required parameter to run this command.
Run the List Endpoints command to obtain the Endpoint IDs. Endpoint IDs can be found in the raw data at the path $.result.items[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Endpoint IDs | Required | The IDs of the endpoints on which to quarantine the file. Endpoint IDs can be obtained using the List Endpoints command. |
JSON
|
File Path | Required | The full path of the file to be quarantined including the file name. | d:\taskSample\sample.dll |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Quarantine Files failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: No valid target provided. |
Error Sample Data Quarantine Files failed. Status Code: 400. Message: No valid target provided. |
Remove From Block List
Removes specified items from the blocklist.
READER NOTE
Hash Item IDs is a required parameter to run this command.
Run the List Block List command to obtain the Hash Item IDs. Hash Item IDs can be found in the raw data at the path $result.items[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Hash Item IDs | Required | The IDs of the hash entries to remove from the blocklist. Hash Item IDs can be obtained using the List Block List command. |
JSON
|
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Remove From Block List failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: The blocklisted file does not exist or you do not have enough rights to access this item. |
Error Sample Data Remove From Block List failed. Status Code: 403. Message: The blocklisted file does not exist or you do not have enough rights to access this item. |
Remove Quarantine Files
Creates tasks to remove quarantined files from specified endpoints.
READER NOTE
Quarantine Item IDs is a required parameter to run this command.
Run the List Quarantine Items command to obtain the Quarantine Item IDs. Quarantine Item IDs can be found in the raw data at the path $.result.items[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Quarantine Item IDs | Required | The IDs of the quarantine items to remove. Quarantine item IDs can be obtained using the List Quarantine Items command. |
JSON
|
Quarantine Item Service | Required | The service from which to remove the quarantine items. Available options are:
| Computers and Virtual Machines |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Remove Quarantine Files failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: At least one specified target is invalid. |
Error Sample Data Remove Quarantine Files failed. Status Code: 400. Message: At least one specified target is invalid. |
Restore Endpoints
Creates tasks to restore the specified managed endpoints from isolation.
READER NOTE
Endpoint IDs is a required parameter to run this command.
Run the List Endpoints command to obtain the Endpoint IDs. Endpoint IDs can be found in the raw data at the path $.result.items[*].id.
Entries with "networkItemTypeName": "Group" cannot be used as values for Endpoint IDs.
Input
Input Parameter | Required/Optional | Description | Example |
Endpoint IDs | Required | The IDs of the endpoints to restore. Endpoint IDs can be obtained using the List Endpoints command. Entries with "networkItemTypeName": "Group" cannot be used as values for Endpoint IDs. |
JSON
|
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Restore Endpoints failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 409. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: This endpoint cannot be restored from isolation. It is either not isolated, cannot be isolated or a isolation task is already in progress. |
Error Sample Data Restore Endpoints failed. Status Code: 409. Message: This endpoint cannot be restored from isolation. It is either not isolated, cannot be isolated or a isolation task is already in progress. |
Update Endpoint Labels
Sets or clears labels on the specified endpoints.
READER NOTE
Endpoint IDs is a required parameter to run this command.
Run the List Endpoints command to obtain the Endpoint IDs. Endpoint IDs can be found in the raw data at the path $.result.items[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Endpoint IDs | Required | The IDs of the endpoints for which to update labels. The IDs can designate endpoints or containers. Endpoint IDs can be obtained using the List Endpoints command. |
JSON
|
Label | Optional | The label to apply to the endpoints. If this parameter is left blank, the existing label will be removed. The maximum length for a label is 64 characters. Characters beyond the limit will be removed. | Custom label. |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Update Endpoint Labels failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Endpoint not found or not enough privileges to access this resource. |
Error Sample Data Update Endpoint Labels failed. Status Code: 403. Message: Endpoint not found or not enough privileges to access this resource. |
Update Groups
Moves the specified custom groups to a new custom group parent or deletes them.
READER NOTE
Group IDs is a required parameter to run this command.
Run the List Groups command with the Parent ID parameter filled to obtain the Group IDs. Group IDs can be found in the raw data at the path $.result[*].id.
Parent ID is an optional parameter to run this command.
Run the List Groups command with the Parent ID parameter filled to obtain the Parent ID. Parent IDs can be found in the raw data at the path $.result[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Group IDs | Required | The IDs of the custom groups to update. Group IDs can be obtained using the List Groups command with the Parent ID parameter filled. |
JSON
|
Parent ID | Optional | The ID of the destination custom group. This parameter is required when the Update Method is set to Move. Parent ID can be obtained using the List Groups command with the Parent ID parameter filled. | ***** |
Update Method | Required | The type of update action to perform. Available options are:
By default, the value is set to Move. | Move |
Force Delete | Optional | Whether to force delete groups that are not empty. This parameter is only applicable when the update method is Delete. If set to True, non-empty groups will be removed. By default, the value is set to False. | False |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Update Groups failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Incorrect custom group specified through the 'groupId' parameter. Please provide the id of a custom group. |
Error Sample Data Update Groups failed. Status Code: 400. Message: Incorrect custom group specified through the 'groupId' parameter. Please provide the id of a custom group. |
Test Connection
Allows users to perform a health check on an integration connection. Users can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.
Input
N/A
Output
Output Type | Description | Return Data Type |
Return Data | Indicates one of the possible command execution states: Successful or Failed. The Failed state can be triggered by any of the following errors:
More details about an error can be viewed in the Error tab. | String |
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Test Connection failed. Failed to check the connector. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Bitdefender GravityZone portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Test Connection failed. Failed to check the connector. Status Code: 403. Message: Unauthorized. |