ESET Inspect – Table of Contents

The ESET PROTECT Permission Settings

In the ESET PROTECT, it is necessary to create a Static Group, where security engineers have access and full permission rights.

We recommend using pre-defined permission sets in the ESET PROTECT.

Refer to the ESET PROTECT documentation for more details on adding a mapped account.

Custom permission sets

You can create custom permission sets (see the Permission Sets Online Help topic).

A given permissions set enables Read, Use or Write access. In general:

Read permissions are good for auditing users. They can view data but cannot make changes.

Use permissions allow users to use objects and run tasks but not modify or delete them.

Write permissions allow users to either modify respective objects and/or duplicate them.

Certain permissions (listed below) control a process, not an object. That is why they work globally, so it does not matter which static group the permission is applied to. It will work regardless. If the process is allowed to a user, it can use it only over objects with sufficient permissions.

Functionality types:

Show incidents

Read—Allows displaying the incident report in the ESET Inspect and in the ESET PROTECT.

Create incident & Edit incident properties

Write—Allows creating and editing incidents in the ESET Inspect and in the ESET PROTECT.

Add & remove objects in incidents

Write—Allows working with objects within in the ESET Inspect and in the ESET PROTECT incidents.

Change status & assignee

Write—Allows to change the progress status and assignee of the ESET Inspect and the ESET PROTECT incidents.

Access to ESET Inspect

Read—Allows logging into ESET Inspect Web Console.

Change Server Settings

Write—Allows changing ESET Inspect Server Settings in More > Admin > Settings.

Edit Notes/Comments

Write—Allows editing notes and comments through whole ESET Inspect.

Edit Tags

Write—Allows creating and editing tags in the ESET Inspect.

Block Modules

Write—Allows blocking executables based on the SHA-1 hash. The blocked executable will appear in the blocked hashes section. It also allows using the remediation option in detection details.

Clean Modules

Write—Allows to delete the executable file and add it to the blocked hashes section to prevent future occurrences. It also allows using the remediation option in detection details.

Kill Process

Use—Allows to kill the running process that triggered the detection.

Terminal

Use—Allows connecting to the Computer via remote Terminal.

Resolve Detection

Write—Allows changing the detection status.

Change Detection Priority

Write—Allows changing the detection priority levels.

Mark as Safe/Unsafe

Write—Allows marking executables as Safe/Unsafe.

Mark as Inspected

Write—Allows marking executables as Inspected.

Mark as Safe/Unsafe

Write—Allows marking scripts as Safe/Unsafe.

Create and Manage Rules

Write—Allows allows to create, save and manage rules.

Enable/Disable Rules

Write—Allows enabling or disabling rules.

Import/Export Rules

Read—Allows exporting the rule from ESET Inspect.

Write—Allows importing the rule into ESET Inspect.

Create and Manage Exclusions

Write—Allows creating, saving and managing exclusions.

Enable/Disable Exclusions

Write—Allows enabling or disabling exclusions.

Import/Export Exclusions

Read—Allows exporting the exclusion from ESET Inspect.

Write—Allows importing the exclusion into ESET Inspect.

Resolve Questions

Write—Allows resolving the notifications.

Create and Manage Tasks

Write—Allows to create and manage tasks.

Pause/Resume Tasks

Write—Allows to pause and resume tasks.

Download Executable Files

Use—Allows to download the executable file for further diagnostics.

Download Scripts

Use—Allows to download the script file for further diagnostics.

Audit Log

Read—Allows reading the audit log.