Update ESET PROTECT Platform and Microsoft Sentinel integration

To update to the latest version of the ESET PROTECT Platform integration with Microsoft Sentinel, redeploy the app to modify the existing data connector.

1.Navigate to Azure Portal > Microsoft Sentinel > Log Analytics workspace associated with your Microsoft Sentinel instance, where you installed the ESET PROTECT Platform integration > Configuration > Data Connectors.

2.Search for and select the ESET PROTECT Platform data connector and click Open Connector Page.

3.Deploy the ESET PROTECT Platform data connector using the Azure Resource Manager template; on the ESET PROTECT Platform data connector page, click Deploy to Azure. The system redirects you to the customized template page.

4.Complete the Project details and Instance details fields.

•Subscription—The Azure subscription you used during the initial setup

•Resource group—The Resource group you used during the initial setup; it must be the same as your Log Analytics workspace Resource group.

•Region—The region of the Resource group you used during the initial setup; this field is automatically populated when you select the Resource group.

•Workspace Name—The name of the Log Analytics workspace associated with your Microsoft Sentinel instance that you used during the initial setup

•Location—The location of your Log Analytics workspace associated with your Microsoft Sentinel instance that you used during the initial setup; you can check the location of your Log Analytics workspace at Azure Portal > Log Analytics workspaces > Log Analytics workspace associated with your Microsoft Sentinel instance > Overview > Essentials > Location. For example, if the location is UK West, you can input UK West or ukwest; both variants are applicable.

•Table Name—The name of the table to store the detection log data you used during the initial setup; you can find it in the Environment variables of your Function App created after the initial deployment. The STREAM_NAME variable stores the customTableName value.

•Table Name Incidents—The name of the table to store the incident log data after the deployment; this field is pre-defined for you.

•Data Collection Endpoint Name—The name of the data collection endpoint; this field is pre-defined for you.

•Data Collection Rule Name—The name of the collection rule you used during the initial setup

•Application Name—The name of the Azure Function App you used during the initial setup; if you use a different name, we recommend that you stop the previously created Function App to avoid data duplication, as both Function Apps will pull the same detection data.

•Application Run Interval—The time interval (in minutes) for the application to run and pull the detections; select any option.

•Object ID—The Object ID of the registered application in Microsoft Entra ID you used during the initial setup; you can get the required Object ID value at Azure Portal > Microsoft Entra ID > Manage menu option > Enterprise applications > the value in the Object ID column next to your registered application name. If you created the new Microsoft Entra ID registered application, use the Object ID of the new application.

•Azure Client ID—The Application (client) ID of the registered application in Microsoft Entra ID you used during the initial setup; you can find it in the Environment variables of your Function App created after the initial deployment. If you created the new Microsoft Entra ID registered application, use the Azure Client ID of the new application.

•Azure Client Secret—The Client Secret of the registered application in Microsoft Entra ID you used during the initial setup; you can find it in the Environment variables of your Function App created after the initial deployment. If you created the new Microsoft Entra ID registered application, use the Azure Client Secret of the new application.

•Azure Tenant ID—The Directory (tenant) ID of the registered application in Microsoft Entra ID you used during the initial setup; you can find it in the Environment variables of your Function App created after the initial deployment. If you created the new Microsoft Entra ID registered application, use the Azure Tenant ID of the new application.

•Login—The ESET Connect API user's email; you can find it in the Environment variables of your Function App created after the initial deployment.

•Password—The ESET Connect API user's password; you can find it in the Environment variables of your Function App created after the initial deployment.

•ESET PROTECT instance—The ESET product that Microsoft Sentinel uses to gather detection data; you can find it in the Environment variables of your Function App created after the initial deployment.

•ESET Inspect instance—The ESET product that Microsoft Sentinel uses to gather detection data; you can find it in the Environment variables of your Function App created after the initial deployment.

•ESET Cloud Office Security instance—The ESET product that Microsoft Sentinel uses to gather detection data; you can find it in the Environment variables of your Function App created after the initial deployment.

•Instance Region—The location of your ESET PROTECT/ESET Inspect/ESET Cloud Office Security instance; you can find it in the Environment variables of your Function App created after the initial deployment.

•Key Base—This field is pre-defined for you; do not change it.

5.Click Review + create, then click Create.

After deployment, the application creates an additional table to store incident data.

˄˅