Server Settings

These options are available here:

Database retention—to prevent a database overload, you can use these options to clean logs regularly. The database cleanup process runs every night at midnight. If there is a problem with a cleanup process, a warning is displayed in the questions view, and failed purge is displayed in the events load view. There are two options available:

oStore low-level data for—as the title say you can choose the interval of cleaning up (Purge) the database from events and processes records

note

Note

A low-level event is something a process does. So, write a file, do a DNS lookup, create a registry entry, etc. These can be seen in the Events view.

oStore detections for—as the title say you can choose the interval of cleaning up (Purge) the database from detections and executables records

 

Database collection—provides the same options as during the EEI Server instalation process on Data Collection window. Use predefined options or use Advanced button to choose which data you want to store

 

Database performance:

oNumber of threads writing to database—we recommend setting this number to 1.5x, where x is the number of cores on the database machine

 

Search engines integration—you can add your favorite search engine for executable hashes by filling the name how you want to see it in console and by filling its URL address and press ADD button

 

Rule learning mode—enables a new learning mode when EEI learns how the environment is used and prepares exclusions based on it. After the midnight of the Ending period, which can be seen by hovering the mouse over the Learning mode enabled blue icon at the top of the screen, proposed exclusions appear in the Questions tab and Exclusions tab. Review the proposed exclusions and accept or reject them. Run the learning mode periodically (once in six months, once a year) as the environment is changing over the time

Web console certificate—here you can change the certificate used for web console communication with EEI Server

oClick Change button if you want to change already used certificate and fill the password for this certificate

Server certificate—here you can change the certificate used for communication between EEI Agent and EEI Server

oClick Change button if you want to change already used communication certificate and fill the password for this certificate

oClick Add button if you want to add new certification authority(CA)/leave it empty if the CA is already present in the systems certificates store on the computers that connect to the Enterprise Inspector Server

oClick the Reset button to remove all CAs

HTTP Proxy—if needed you can set the proxy settings here

Miscellaneous:

oInstance name—set EEI instance name to be displayed in a page title (requires page reload)

Remote Access Connector—used to provide remote access to the Web Console for ESET Support team if necessary. Click the Enable button. Click the Save button at the bottom. Copy the link provided and send it to the ESET team. Keep the link safe from misuse by an unauthorized person

important

Important

On the EEI Server side, enable the tcp outbound connection on port 5671 to make the remote access connector work.

Logging—server depending on its configuration, may write some messages about what is happening to a log file. These messages vary in their level of importance:

odebug—detailed, minor information. Usually used only by the product developer

oinfo—reporting about the occurrence of some event. They don't represent an error, just saying what a program currently does

oerror—reporting that something bad happened, and the program got into a situation when it can't continue working on the last task

ocritical—reporting that something bad happened that is crushing programs functionality and making it unable to proceed with its actions

oSame logging for EEI agent can be achieved through ESET PROTECT policy (by default the info level is set):

Create new policy in ESET PROTECT

In Settings choose ESET Enterprise Inspector Agent

In Advanced Settings change the logging as desired

Product Improvement Program—select the check box if you want to automatically send crash reports and Telemetry data to ESET