ESET Cloud Office Security and Stellar Cyber

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

If you are a user of ESET Cloud Office Security, you can ingest the ESET Cloud Office Security logs to the Stellar Cyber Open XDR (Extended Detection and Response) platform.

How to send logs from ESET Cloud Office Security to Stellar Cyber Sensor

To configure ESET Cloud Office Security to send logs to the Stellar Cyber Sensor, follow the steps below:

1.Create and enable Syslog sending on your ESET Cloud Office Security instance > Settings > Syslogs with the following parameters:

•Name—Type the name of your Syslog.

•Enable/Disable toggle—Activate Syslog using the toggle.

•Select Tenants—Click Select to select the tenants for which you want to receive the events.

•Format—Select the JSON (JavaScript Object Notation) format.

•IP/Hostname—Type a publicly reachable IPv4 address or a hostname of Stellar Cyber's Modular Sensor (the log forwarder).

•Port—Type the port 6401.

•Log detections—Select the log events you want to export to your Syslog server. For the best coverage, select the log detections listed below:

oMalware: Mailbox, Drive, SharePoint sites, Team groups

oPhishing: Mailbox

•Optional fields for scan logs—select the fields you want to include in the Syslog messages. Select the fields listed below; all other fields are optional.

oAction

oAnti-Malware

oAnti-Phishing

oAnti-Spam

oMessage-ID

oScan result

oSender's IP address

oUser Principal Name

•Send audit logs toggle—Activate this option if you want to send audit logs as part of the scan logs.

2.Configure Sensors and Log sources on the Stellar Cyber side using the Stellar Cyber's Configuring Sensors and Log Sources documentation.

˄˅