Stellar Cyber

The added value

Integrating ESET PROTECT and Stellar Cyber Open XDR (Extended Detection and Response) platform provides a comprehensive, highly effective threat detection and response solution that helps to secure an organization. It simplifies security management while enhancing protection by automating processes and reducing threat detection and response time.

Data from ESET PROTECT is analyzed by Stellar Cyber's advanced Machine learning models to identify potential threats. With response actions powered by the ESET PROTECT, including Stellar Cyber's powerful response capabilities, security analysts can quickly and effectively remediate threats, ensuring the secure organization environment.

Integration type

•Combination of the log-based and API-based integration

How to enable the integration

1.Enable Syslog sending. Stellar Cyber will read the ESET PROTECT alerts and events from the Syslog and enrich them during the data ingestion. See more information about the ESET PROTECT alerts and events integration to Stellar Cyber. Configure the Syslog with the following parameters:

•Format of payload—JSON

•Format of envelope—Syslog

•Minimal log level—Information

•Event types to log—Antivirus, HIPS, Firewall, Web protection, Audit Log, Blocked files, ESET Inspect alerts

•Destination IP or FQDN of TLS-compatible syslog server—A publicly reachable IPv4 address or a hostname of the Stellar Cyber's Modular Sensor and port 6514 TCP/TLS

•Validate CA Root certificates of TLS connections—If you want to enable the certificate validation, upload the trusted certificate to Stellar Cyber and assign it to the Modular Sensor.

2.Use Stellar Cyber's Configuring Sensors and Log Sources documentation to configure the Sensor and log data ingestion.

3.Ensure you have a dedicated API user.

4.Configure and test the ESET Responder Connector by following the steps in Stellar Cyber's Configuring ESET Responder Connector guide.