BlockAPT

The added value

BlockAPT is a centralized SOAR (Security Orchestration, Automation, and Response) platform that also integrates SIEM (Security Information and Event Management), XDR (Extended Detection and Response), and IRM (Information Risk Management) capabilities into a single interface. It provides a security management platform with advanced technology for seamless IT infrastructure management, enhanced cyber protection, and minimized potential risk exposure.

Integrating ESET PROTECT Platform and BlockAPT delivers a comprehensive cybersecurity solution that provides the following benefits:

•Accelerated threat detection—Leverage advanced correlation and automated analysis to identify threats in real time, reducing Mean-Time-To-Detect (MTTD) times across your environment.

•Enhanced incident response—Streamline remediation workflows through orchestrated actions and automated playbooks, significantly decreasing security incidents' Mean-Time-To-Respond (MTTR) times.

•Optimized security operations—Eliminate manual tasks through intelligent automation, enabling security teams to focus on strategic initiatives rather than routine operations.

•Comprehensive risk reduction—Strengthen the security posture through unified visibility, centralized management, automated controls and advanced defense mechanisms that minimize exposure to cyber threats.

The integration enables users to create a Network Access Protection policy and then update it through the ESET Pubic API.

Integration type

•API-based integration

How to enable the integration

Part I: Create a new Network Access Protection policy

Create a new Network Access Protection policy on your ESET PROTECT instance by following the steps below:

1.Navigate to your ESET PROTECT instance > Policies > New Policy.

2.Type the policy Name, Network Access Protection - BlockAPT. Add the policy Description with the [playbook] tag, and click Continue.

3.In the Select product drop-down menu, select Common features and click Network Access Protection.

4.Click Edit next to IP sets in the Network Access Protection section.

5.Click Add in the IP sets window. Type the IP set Name, BlockAPT - Network Access Protection, and click Save.

6.Click Save in the IP sets window.

7.Click Edit next to Rules in the Firewall section.

8.Click Add in the Rules window. Select Remote Host and click Edit next to IP sets in the Add rule window.

9.Select the IP set created in step five, BlockAPT - Network Access Protection, and click Save.

10.Click Save in the Add rule window.

11.Click Save in the Rules window.

12.Click Continue and click Finish.

Refer to the Policies Online Help pages for more information about ESET PROTECT policies.

Part II: Configure the integration on the BlockAPT side

Ensure you have created a dedicated API user account and proceed with integration configuration on the BlockAPT side using the detailed instructions on the BlockAPT Customer Portal.

˄˅