ESET PROTECT On-Prem Deployment
|
Ensure you fulfilled the requirements before proceeding with the ESET Inspect Server installation. We recommend not installing the ESET PROTECT Server and ESET Inspect Server on the same machine. We do not recommend using this process. Instead, use the GUI installation process. |
|
For installation purposes, use only the user with the Two Factor Authentication option disabled. |
1.Log in to the ESET PROTECT On-Prem with proper rights (ESET PROTECT On-Prem Admin rights or ask ESET PROTECT On-Prem Admin to create and deploy connectors for you if you do not have sufficient rights).
2.Ensue the computer for installing ESET Inspect Server has an ESET Management Agent installed.
3.Click the desired computer and choose New Task.
4.Fill in the desired Name, Description, in Task Category, you can keep All Tasks, in Task select Software Install. Click Settings in the left menu or the Continue button at the bottom of the window.
5.Choose whether you want to install ESET Inspect Server from the repository or specify the URL path to the installer.
6.Fill in the Installation parameters field. Use the parameters from the table, or you can leave them blank (if it is an upgrade from the existing installation). Click Finish.
7.If the task is already created, you can rerun it on another computer or group of computers. See Client Tasks executions.
ESET Inspect On-Prem Communication Scheme
|
SIEM is an acronym for Security Information and Event Management. |
Attribute |
Description |
Required |
Default value |
|---|---|---|---|
APPDIR |
Used to set the directory under which application should be installed. |
- |
By default, the path is "C:\Program Files (x86)\ESET\ESET Inspect Server\" for 32-bit OS and "C:\Program Files\ESET\ESET Inspect Server" for 64-bit |
P_DATABASEHOST |
Set the hostname of the Database Server. |
- |
"localhost" |
P_DATABASEPORT |
Set the port number the Database Server operates on. |
- |
"3306" |
P_DATABASEUSER |
The user that should be used to modify the database. |
- |
"root" |
P_DATABASEPASSWORD |
Password to be used to connect to the database. Even if the database allows users not to use a password, the ESET Inspect On-Prem installer does not allow users without passwords for security reasons. |
yes |
- |
P_PORTFORSECUREWEB |
The port is used for a secure connection to the ESET Inspect Server frontend. |
- |
"443" |
P_PORTFORWEB |
The port is used for standard connection to the ESET Inspect Server frontend. |
- |
"80" |
P_PORTFORAGENTS |
The port on which the ESET Inspect Server is supposed to listen for events reported by Agents. |
- |
"8093" |
P_DATABASENAME |
Name of the database which is created for the ESET Inspect Server by the installer. |
- |
"enterpriseinspectordb" |
P_ERAHOST |
Hostname of ESET PROTECT On-Prem. |
- |
"localhost |
P_ERAPORT |
The port on which ESET PROTECT On-Prem is configured to listen. |
- |
"2223" |
P_ERAUSER |
Name of the user used to connect to ESET PROTECT On-Prem. |
- |
"Administrator" |
P_ERAPASSWORD |
The password of the user used to connect to ESET PROTECT On-Prem. |
yes |
- |
P_PATH_OF_CERT_FOR_AGENT |
An absolute path, on target PC, as for now, we do not support URLs. Mounted remote drives works. |
yes |
- |
P_PATH_OF_CERT_FOR_WEB |
An absolute path, on target PC, as for now, we do not support URLs. Mounted remote drives works. |
yes |
- |
P_PATH_OF_CERT_AUTH |
An absolute path, on target PC, as for now, we do not support URLs. Mounted remote drives works. It is required to install a Connector with Server assisted certification installation. |
- |
- |
P_PASSWORD_OF_CERT_FOR_AGENT |
The certificate's password, if it was typed during the creation process. |
- |
- |
P_PASSWORD_OF_CERT_FOR_WEB |
The certificate's password, if it was typed during the creation process. |
- |
- |
P_DELETE_EXISTING_DB |
In the case of installation: If set to "1", and the database of a provided name already exists, then this database is deleted and recreated. In the case of uninstalling: If set to "1", deletes existing application database after removing all files. It does not require providing the database name. Do not use with reinstall and update. |
- |
"0" |
P_ISTELEMETRYACCEPTED |
It enables ESET Inspect On-Prem to send systems telemetry to ESET. It is enabled if different than 0. |
- |
"1" |
P_IS_SERVER_ASSISTED_ERA_CERT_AUTH |
It causes the installer to download the ESET PROTECT On-Prem certificate from ERA Server. It is enabled if different than 0. |
- |
- |
P_PATH_OF_ERA_CERT_AUTH |
An absolute path, on target PC, as for now, we do not support URLs. Mounted remote drives works. The server-assisted option can be used when ESET PROTECT On-Prem certificate authority cannot be downloaded from ESET PROTECT On-Prem |
- |
- |
P_DATABASETYPE |
Choose what type of SQL database you want to use. MySQL or MSSQL |
- |
MySQL |
P_ENABLE_RULES_WITH_SEVERITY_ABOVE |
Built-in rules will be marked as disabled if their severity score is not at least the given value. |
- |
39 |
P_DETECTIONS_STORAGE_DAYS |
Number of days after which detections will be removed from a database |
- |
93 |
P_EVENT_STORAGE_DAYS |
Number of days after which events will be removed from a database |
- |
7 |
P_DATA_COLLECTION_LEVEL |
The level of data collection allows to set a type of data to be stored in a database. 0(Detections only): This mode saves only detections. events and processes not related to detection are discard 1(Most data): This mode saves detections and all processes. 2(All data): This mode saves detections, events, and processes. |
- |
0 |