Gravityzone ASim parsers

[gbarbieru]

Required items, please complete

Change(s):

• Added support for Bitdefender GravityZone events in ASim parsers (ASim Alert Events)

Reason for Change(s):

• Support for upcoming Bitdefender GravityZone solution Gravityzone Solution v3.0.0 #13299

Version Updated:

• No

Testing Completed:

• Yes

Checked that the validations are passing and have addressed any issues that are present:

Before going into this topic I want to disclose that development in my team is done on Linux workstations and the available tooling and guides offered by Microsoft kinda lack in this department. Due to time constraints additional effort in making them work on Linux environments was abandoned and testing was eventually done on Microsoft Sentinel accounts via end-to-end testing.

• KQL: Tested using smoke tests directly on a Microsoft Sentinel account. No issues so far. Failed to test locally.
• YAML: Failed to test locally. We hope they can be tested by the github actions.

[github-actions]

🔒 Security Approval Required

This fork PR requires manual approval before automated testing can run.

For security, a maintainer must:

1. 📝 Review the code changes carefully
2. ✅ Verify file types - This PR should only contain .yml, .yaml, or .json files. Check for any executable scripts (.ps1, .py, .sh, .exe, etc.) which are not allowed in this context.
3. 🏷️ Add the SafeToRun label if the changes are safe to execute

Note: If new commits are added later, simply remove and re-add the SafeToRun label.

---

🤖 Automated security check • Created: 2025-12-16T13:18:38.466Z
Learn more: GitHub Security Lab - Preventing PWN Requests

[github-actions]

🔒 Security Approval Required

This fork PR requires manual approval before automated testing can run.

For security, a maintainer must:

1. 📝 Review the code changes carefully
2. ✅ Verify file types - This PR should only contain .yml, .yaml, or .json files. Check for any executable scripts (.ps1, .py, .sh, .exe, etc.) which are not allowed in this context.
3. 🏷️ Add the SafeToRun label if the changes are safe to execute

Note: If new commits are added later, simply remove and re-add the SafeToRun label.

---

🤖 Automated security check • Created: 2025-12-16T13:22:46.444Z
Learn more: GitHub Security Lab - Preventing PWN Requests

[github-actions]

🔒 Security Approval Required

This fork PR requires manual approval before automated testing can run.

For security, a maintainer must:

1. 📝 Review the code changes carefully
2. ✅ Verify file types - This PR should only contain .yml, .yaml, or .json files. Check for any executable scripts (.ps1, .py, .sh, .exe, etc.) which are not allowed in this context.
3. 🏷️ Add the SafeToRun label if the changes are safe to execute

Note: If new commits are added later, simply remove and re-add the SafeToRun label.

---

🤖 Automated security check • Created: 2025-12-16T13:57:55.516Z
Learn more: GitHub Security Lab - Preventing PWN Requests

[github-actions]

🔒 Security Approval Required

This fork PR requires manual approval before automated testing can run.

For security, a maintainer must:

1. 📝 Review the code changes carefully
2. ✅ Verify file types - This PR should only contain .yml, .yaml, or .json files. Check for any executable scripts (.ps1, .py, .sh, .exe, etc.) which are not allowed in this context.
3. 🏷️ Add the SafeToRun label if the changes are safe to execute

Note: If new commits are added later, simply remove and re-add the SafeToRun label.

---

🤖 Automated security check • Created: 2025-12-19T11:45:44.889Z
Learn more: GitHub Security Lab - Preventing PWN Requests

[gbarbieru]

hello. any updates on this one?
i see that the checks fail with "System.IO.IOException: No space left on device" which seem to be more a test / env error than 'my code' error

[v-atulyadav]

Hi @gbarbieru,
Could you please pull the latest changes from the master branch and push the updated branch again? Thanks

[gbarbieru]

hi @v-atulyadav . done!

[gbarbieru]

hi @v-atulyadav !
there seems to be some problems with the checks that i'm not sure they have to do anything with my code

[rvirjoghe-bd]

The task "Run ASim Template Validation tests" seems stuck and fails

[github-actions]

🔒 Security Re-approval Required

⚠️ New commits detected: This fork PR has been updated with new commits while the SafeToRun label was present.

For security, a maintainer must:

1. 📝 Review the latest commits carefully for any security concerns
2. ✅ Verify file types - Ensure new commits only contain .yml, .yaml, or .json files. Reject if any executable scripts (.ps1, .py, .sh, .exe, etc.) are included.
3. 🏷️ Remove the SafeToRun label
4. 🏷️ Re-add the SafeToRun label if the new commits are safe

This simple process ensures that all commits have been properly reviewed before testing with repository secrets.

---

🤖 Automated security check • Updated: 2026-04-07T13:54:39.859Z
Learn more: GitHub Security Lab - Preventing PWN Requests

[github-actions]

🔒 Security Re-approval Required

⚠️ New commits detected: This fork PR has been updated with new commits while the SafeToRun label was present.

For security, a maintainer must:

1. 📝 Review the latest commits carefully for any security concerns
2. ✅ Verify file types - Ensure new commits only contain .yml, .yaml, or .json files. Reject if any executable scripts (.ps1, .py, .sh, .exe, etc.) are included.
3. 🏷️ Remove the SafeToRun label
4. 🏷️ Re-add the SafeToRun label if the new commits are safe

This simple process ensures that all commits have been properly reviewed before testing with repository secrets.

---

🤖 Automated security check • Updated: 2026-04-08T13:35:56.338Z
Learn more: GitHub Security Lab - Preventing PWN Requests

[github-actions]

🔒 Security Approval Required

This fork PR requires manual approval before automated testing can run.

For security, a maintainer must:

1. 📝 Review the code changes carefully
2. ✅ Verify file types - This PR should only contain .yml, .yaml, or .json files. Check for any executable scripts (.ps1, .py, .sh, .exe, etc.) which are not allowed in this context.
3. 🏷️ Add the SafeToRun label if the changes are safe to execute

Note: If new commits are added later, simply remove and re-add the SafeToRun label.

---

🤖 Automated security check • Created: 2026-04-09T06:34:26.235Z
Learn more: GitHub Security Lab - Preventing PWN Requests

[github-actions]

🔒 Security Approval Required

This fork PR requires manual approval before automated testing can run.

For security, a maintainer must:

1. 📝 Review the code changes carefully
2. ✅ Verify file types - This PR should only contain .yml, .yaml, or .json files. Check for any executable scripts (.ps1, .py, .sh, .exe, etc.) which are not allowed in this context.
3. 🏷️ Add the SafeToRun label if the changes are safe to execute

Note: If new commits are added later, simply remove and re-add the SafeToRun label.

---

🤖 Automated security check • Created: 2026-04-09T10:41:26.890Z
Learn more: GitHub Security Lab - Preventing PWN Requests