ESET Online Help

Search
Select the category
Select the topic

ESET Cloud Office Security and Stellar Cyber

ESET Cloud Office Security

ESET Cloud Office Security is a multitenant and scalable cloud service in Microsoft Azure. ESET Cloud Office Security is a Software-as-a-Service (SaaS) product that operates entirely in the cloud without the need for your own hardware. It is the ultimate combination of spam filtering, antimalware scanning, and anti-phishing protection that helps protect your company's communications against malware.

Stellar Cyber

Stellar Cyber is a cybersecurity platform that helps organizations detect, investigate, and respond to cyber threats. It enables users to combine data from different security tools into one dashboard, making it easier to see and understand potential threats and quickly identify and respond to attacks.

If you are a user of ESET Cloud Office Security, you can ingest the ESET Cloud Office Security logs to the Stellar Cyber Open XDR (Extended Detection and Response) platform.

How to send logs from ESET Cloud Office Security to Stellar Cyber Sensor

To configure ESET Cloud Office Security to send logs to the Stellar Cyber Sensor, follow the steps below:

1.Create and enable the Syslog sending on your ESET Cloud Office Security instance > Settings > Syslogs with the following parameters:

Name—type the name of your Syslog.

Enable/Disable toggle—activate the Syslog using the toggle.

Select Tenants—click Select to select the tenants for which you want to receive the events.

Format—select the JSON (JavaScript Object Notation) format.

IP/Hostname—type a publicly reachable IPv4 address or a hostname of Stellar Cyber's Modular Sensor (the log forwarder).

Port—type the port 6401.

Log detections—select the log events you want to export to your Syslog server. For the best coverage, select the log detections listed below:

oMalware: Mailbox, Drive, SharePoint sites, Team groups

oPhishing: Mailbox

Optional fields for scan logs—select the fields you want to include in the Syslog messages. Select the fields listed below; all other fields are optional.

oAction

oAnti-Malware

oAnti-Phishing

oAnti-Spam

oMessage-ID

oScan result

oSender's IP address

oUser Principal Name

Send audit logs toggle—activate this option if you want to send audit logs as part of the scan logs.

2.Configure Sensors and Log sources on the Stellar Cyber side using the Stellar Cyber's Configuring Sensors and Log Sources documentation.