The ESET PROTECT Permission Settings
In the ESET PROTECT, it is necessary to create a Static Group, where security engineers have access and full permission rights.
We recommend using pre-defined permission sets in the ESET PROTECT.
Refer to the ESET PROTECT documentation for more details on adding a mapped account.
Custom permission sets
You can create custom permission sets (see the Permission Sets Online Help topic).
A given permissions set enables Read, Use or Write access. In general:
•Read permissions are good for auditing users. They can view data but cannot make changes.
•Use permissions allow users to use objects and run tasks but not modify or delete them.
•Write permissions allow users to either modify respective objects and/or duplicate them.
Certain permissions (listed below) control a process, not an object. That is why they work globally, so it does not matter which static group the permission is applied to. It will work regardless. If the process is allowed to a user, it can use it only over objects with sufficient permissions.
Functionality types:
Show incidents
•Read—Allows displaying the incident report in the ESET Inspect and in the ESET PROTECT.
Create incident & Edit incident properties
•Write—Allows creating and editing incidents in the ESET Inspect and in the ESET PROTECT.
Add & remove objects in incidents
•Write—Allows working with objects within in the ESET Inspect and in the ESET PROTECT incidents.
Change status & assignee
•Write—Allows to change the progress status and assignee of the ESET Inspect and the ESET PROTECT incidents.
Access to ESET Inspect
•Read—Allows logging into ESET Inspect Web Console.
Change Server Settings
•Write—Allows changing ESET Inspect Server Settings in More > Admin > Settings.
Edit Notes/Comments
•Write—Allows editing notes and comments through whole ESET Inspect.
Edit Tags
•Write—Allows creating and editing tags in the ESET Inspect.
Block Modules
•Write—Allows blocking executables based on the SHA-1 hash. The blocked executable will appear in the blocked hashes section. It also allows using the remediation option in detection details.
Clean Modules
•Write—Allows to delete the executable file and add it to the blocked hashes section to prevent future occurrences. It also allows using the remediation option in detection details.
Kill Process
•Use—Allows to kill the running process that triggered the detection.
Terminal
•Use—Allows connecting to the Computer via remote Terminal.
Resolve Detection
•Write—Allows changing the detection status.
Change Detection Priority
•Write—Allows changing the detection priority levels.
Mark as Safe/Unsafe
•Write—Allows marking executables as Safe/Unsafe.
Mark as Inspected
•Write—Allows marking executables as Inspected.
Mark as Safe/Unsafe
•Write—Allows marking scripts as Safe/Unsafe.
Create and Manage Rules
•Write—Allows allows to create, save and manage rules.
Enable/Disable Rules
•Write—Allows enabling or disabling rules.
Import/Export Rules
•Read—Allows exporting the rule from ESET Inspect.
•Write—Allows importing the rule into ESET Inspect.
Create and Manage Exclusions
•Write—Allows creating, saving and managing exclusions.
Enable/Disable Exclusions
•Write—Allows enabling or disabling exclusions.
Import/Export Exclusions
•Read—Allows exporting the exclusion from ESET Inspect.
•Write—Allows importing the exclusion into ESET Inspect.
Resolve Questions
•Write—Allows resolving the notifications.
Create and Manage Tasks
•Write—Allows to create and manage tasks.
Pause/Resume Tasks
•Write—Allows to pause and resume tasks.
Download Executable Files
•Use—Allows to download the executable file for further diagnostics.
Download Scripts
•Use—Allows to download the script file for further diagnostics.
Audit Log
•Read—Allows reading the audit log.