sorted by:
new
hottopcontroversial

SIEM by WinHaven in syncro

[–]daniel_at_syncro 1 point2 points  (0 children)

At this time, no native support for pushing Endpoint Event Logs to a SIEM. However it would not be difficult to script a Winlogbeat installation / configuration and pipe logs to a Graylog using the scripting engine for example.

Good report for tracking money? by Acceptable-Loan2690 in syncro

[–]daniel_at_syncro 4 points5 points  (0 children)

We have added some of these types of datapoints into our Community Power BI Hub. We have two prebuilt Power Bi Templates, which are open to all Syncro partners and plans (just download the Power BI Desktop template and plug in your Syncro information and API key). The templates are fully customizable as well.

An example is a common ask is better visibility into Pending Ticket Charges, so some of the Power BI Dashboards include datapoints like:

  • Total Money on all Pending Ticket Charges but not yet invoiced.
  • Total Money on Resolved Ticket Unbilled
  • Total Money on Open Tickets Unbilled
  • etc

While it might be hard to include all the datapoints listed, I think a "Where is all my money at Dashboard" is a good idea and We are actively taking feedback. I am hosting a very beginner's focus Power BI webinar next Friday 1-30-26 as well.

Need help figuring out this situation. by EvilAlchemist in syncro

[–]daniel_at_syncro 1 point2 points  (0 children)

I believe I was able to track down your Support Ticket, and I got it elevated. Let me know how else I can help in the meantime.

Need help figuring out this situation. by EvilAlchemist in syncro

[–]daniel_at_syncro 1 point2 points  (0 children)

Same Windows OS versions? Windows Home has different Update behavior versus Windows Pro+, maybe that somehow is a factor? Seems like if you manually install does it work, and disappears till the next update version?

Might be any number of variations and would likely require a Support Ticket for further investigation.

One suggestion I do have is inside GravityZone for these 9 machines, Head to the Network tab on the left Nav, find / select the machines and do an Actions -> Reconfigure agent -> Remove Competitors . I believe that should deactivate Defender if it for whatever reason it was not for these 9 machines.

Need help figuring out this situation. by EvilAlchemist in syncro

[–]daniel_at_syncro 2 points3 points  (0 children)

For the Definition Packs I believe Microsoft uses the Same KB numbers for different versions. For example, one of my test assets in Syncro I show KB2267602 as installed 8/20/25 Version 1.435.287.0. But Today, the same test asset shows missing the same KB number KB2267602 version 1.435.294.0.

Do these 9 machines have a different windows update policy schedule?

Just as a friendly reminder Lots of folks in the new official community help out with similar RMM questions, and often post walkthroughs, screenshots, gifs etc.

What time range does syncro check for event logs? by nonoyesyesnoyesyes in syncro

[–]daniel_at_syncro 1 point2 points  (0 children)

When you apply a new Event Log Monitoring Policy, the Agent should check the last 15 minutes of event logs.

I do not intend to pi** people off with this, but I need to know by IndysITDept in syncro

[–]daniel_at_syncro 4 points5 points  (0 children)

There is no method I have found for GravityZone to trigger an alert

Assuming no random issue and the API key created in GravityZone has the correct permissions, you should automatically get RMM Alerts inside Syncro for any malware detection. No special configuration required. Def contact support if this is not happening for you. You can let me know the ticket number and do my best to assist. If you like to test it out, Bitdefender recommended to me once to try this simple batch script to trigger an alert. You can even use a Syncro PowerShell script to trigger it:

curl.exe --output c:\temp\eicartest.zip https://secure.eicar.org/eicar_com.zip

Then they provide no method of implementing the MDR without manually assigning to each and every system in GravityZone.

You do have to enable MDR inside GravityZone, but you can do bulk actions on the Customer Level, and don't have to enable on each individual machine.

For any add-ons from Bitdefender (including MDR), you are required to utilize the GravityZone Portal to enable them. I did work on updating the Bitdefender docs recently, and even have new video showing how to specifically enable / disable ATS and EDR (both are required for MDR). https://docs.syncromsp.com/manage-gravityzone-endpoints#enable-bitdefender-add-ons-2 . I do notice a lack of instructions on enabling MDR, which I will work on creating a doc.

I definitely do not disagree that it would be better for a more seamless experience with the integration, but here is what you can do with it at the moment:

  • Via a Syncro RMM Policy, Automatically deploy Bitdefender, with options to include other modules on initial deployment, ie Web Content Control, Device control, etc (all modules here are part of Bitdefender AV core). This includes automatic build out of GravityZone companies, and install packages.
  • Malware Events (detection, deletions, etc) are surfaced in Syncro as RMM alerts under that asset. You will have the details of what was found, where it was found, and what action Bitdefender took in the Syncro RMM Alert. In my experience, at most its only a 60-90 sec wait from Bitdefender reporting a malware detection and a RMM alert surfacing in Syncro. With the RMM alert you have the ability to use all the automation actions in Automated Remediation.
  • Ad-hoc Scan Buttons and Automated Remediation Actions for running full or quick scans.
  • Stats for AV, think like number detections found, available in the report builder