Stellar Cyber

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

The added value

Stellar Cyber is an Open Extended Detection and Response (XDR) security operations platform that combines Security Information and Event Management (SIEM), Network Detection and Response (NDR), Security Orchestration, Automation, and Response (SOAR), User and Entity Behavior Analytics (UEBA), and threat intelligence into one solution that uses artificial intelligence. It helps security teams detect, investigate, and respond to threats faster by integrating data from various sources into a single interface.

Integrating the ESET PROTECT Platform and Stellar Cyber provides a comprehensive, highly effective threat detection and response solution. It enables users to import data from Syslog into Stellar Cyber and respond to potential threats using response actions through the ESET Responder Connector that uses the ESET Public API. The integration helps security analysts quickly and effectively address threats, ensuring a secure organizational environment.

Integration type

•Combination of the log-based and API-based integration

How to enable the integration

1.Enable Syslog sending. Stellar Cyber reads the ESET PROTECT alerts and events from the Syslog and enriches them during the data ingestion. For more information, refer to ESET PROTECT alerts and events integration to Stellar Cyber. Configure Syslog with the following parameters:

•Format of payload—JSON

•Format of envelope—Syslog

•Minimal log level—Information

•Event types to log—Antivirus, HIPS, Firewall, Web protection, Audit Log, Blocked files, ESET Inspect alerts

•Destination IP or FQDN of TLS-compatible syslog server—A publicly reachable IPv4 address or a hostname of the Stellar Cyber's Modular Sensor and port 6514 TCP/TLS

•Validate CA Root certificates of TLS connections—If you want to enable the certificate validation, upload the trusted certificate to Stellar Cyber and assign it to the Modular Sensor.

Syslog configuration

2.Use Stellar Cyber's Configuring Sensors and Log Sources documentation to configure the Sensor and log data ingestion.

3.Ensure you have a dedicated API user.

4.Configure the ESET Responder Connector by following the steps in Stellar Cyber's Configuring ESET Responder Connector guide.

˄˅