ESET PROTECT Deployment


important

Make sure that you fulfilled the requirements before proceeding with the ESET Inspect Server installation. We recommend that you do not install the ESET PROTECT Server and ESET Inspect Server on the same machine. We do not recommend using this process. Instead, use the GUI installation process.


warning

For installation purposes, use only the user that is created without the Two Factor Authentication option enabled.

1.Log in to the ESET PROTECT with proper rights (ESET PROTECT Admin rights or ask ESET PROTECT Admin to create and deploy connectors for you if you don't have sufficient rights).

2.Make sure that the computer for installing ESET Inspect Server has an ESET Management Agent installed.

3.Click the desired computer and choose New Task...

4.Fill in the desired Name, Description, in Task Category, you can keep All Tasks, in Task select Software Install. Click Settings in the left menu or the Continue button at the bottom of the window.

5.Choose whether you want to install ESET Inspect Server from the repository or specify the URL path to the installer.

6.Fill in the Installation parameters field. Use the parameters from the table, or you can leave it blank (if it is an upgrade from the existing installation). Click Finish.

7.If the task is already created, you can rerun it on another computer or group of computers. See Client Tasks executions.

ESET Inspect Communication Scheme

EEI Schema


note

SIEM is an acronym for Security Information and Event Management.

Attribute

Description

Required

Default value

APPDIR

Used to set directory under which application should be installed.

-

By default, the path is "C:\Program Files (x86)\ESET\ESET Inspect Server\" for 32-bit OS and "C:\Program Files\ESET\ESET Inspect Server" for 64-bit

P_DATABASEHOST

Set the hostname of Database Server.

-

"localhost"

P_DATABASEPORT

Set the port number Database Server operates on.

-

"3306"

P_DATABASEUSER

The user that should be used to modify the database.

-

"root"

P_DATABASEPASSWORD

Password to be used to connect to the database. Even if the database allows users not to use a password, the ESET Inspect installer does not allow users without passwords due to security reasons.

yes

-

P_PORTFORSECUREWEB

The port is used for a secure connection to the ESET Inspect Server frontend.

-

"443"

P_PORTFORWEB

The port is used for standard connection to the ESET Inspect Server frontend.

-

"80"

P_PORTFORAGENTS

The port on which the ESET Inspect Server is supposed to listen for events reported by Agents.

-

"8093"

P_DATABASENAME

Name of the database which is created for the ESET Inspect Server by the installer.

-

"enterpriseinspectordb"

P_ERAHOST

Hostname of ESET PROTECT.

-

"localhost

P_ERAPORT

The port on which ESET PROTECT is configured to listen.

-

"2223"

P_ERAUSER

Name of the user used to connect to ESET PROTECT.

-

"Administrator"

P_ERAPASSWORD

The password of the user used to connect to ESET PROTECT

yes

-

P_PATH_OF_CERT_FOR_AGENT

An absolute path, on target PC, as for now, we don't support URLs. Mounted remote drives like \\store03 should work

yes

-

P_PATH_OF_CERT_FOR_WEB

An absolute path, on target PC, as for now, we don't support URLs. Mounted remote drives like \\store03 should work

yes

-

P_PATH_OF_CERT_AUTH

An absolute path, on target PC, as for now, we don't support URLs. Mounted remote drives like \\store03 should work for the user connected to ESET PROTECT. It's required to install a Connector with Server assisted certification installation.

-

-

P_PASSWORD_OF_CERT_FOR_AGENT

The certificate's password, if it was entered during the creation process.

-

-

P_PASSWORD_OF_CERT_FOR_WEB

The certificate's password, if it was entered during the creation process.

-

-

P_DELETE_EXISTING_DB

In the case of installation: If set to "1", and the database of a provided name already exists, then this database is deleted and recreated.

In the case of uninstalling: If set to "1", deletes existing application database after removing all files. It does not require providing the database name.

Do not use with reinstall and update.

-

"0"

P_ISTELEMETRYACCEPTED

It is used to enable ESET Inspect to send systems telemetry to ESET. It is enabled if different than 0.

-

"1"

P_IS_SERVER_ASSISTED_ERA_CERT_AUTH

It causes the installer to download the ESET PROTECT certificate from ERA Server. It is enabled if different than 0.

-

-

P_PATH_OF_ERA_CERT_AUTH

An absolute path, on target PC, as for now, we don't support URLs. Mounted remote drives works. The server-assisted option can be used when ESET PROTECT certificate authority cannot be downloaded from ESET PROTECT

-

-

P_DATABASETYPE

Choose what type of SQL database you want to use. MySQL or MSSQL

-

MySQL

P_ENABLE_RULES_WITH_SEVERITY_ABOVE

Built-in rules will be marked as disabled if their severity score is not at least given value.

-

39

P_DETECTIONS_STORAGE_DAYS

Number of days after which detections will be removed from a database

-

93

P_EVENT_STORAGE_DAYS

Number of days after which events will be removed from a database

-

7

P_DATA_COLLECTION_LEVEL

Level of data collection allows set type of data stored in a database.

0(Detections only): This mode saves only detections. events and processes not related with detection are discard

1(Most data): This mode saves detections and all processes.

2(All data): This mode saves detections, events, and processes.

-

0