Update ESET PROTECT Platform and Wazuh integration

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

If you have an earlier ESET PROTECT Platform and Wazuh integration app version installed and want to update to the latest one, use the following steps. The latest app version is available for download on GitHub.

1.Log in to the server console where Wazuh and the integration app run and fetch all updates from the remote branch; sudo privileges are required, as they enable you to run commands as the root user:

git fetch --all --tags /var/ossec/integrations/ESET-Integration-Wazuh

2.Specify the version you want to update to, for example, 1.2.1; you can find the latest integration app version under Releases on the GitHub page. Run the following command:

git reset --hard 1.2.1 /var/ossec/integrations/ESET-Integration-Wazuh

3.Copy the eset_local_rules.xml file with the latest contents to the /var/ossec/etc/rules folder:

cp /var/ossec/integrations/ESET-Integration-Wazuh/eset_local_rules.xml /var/ossec/etc/rules/

4.Restart the server to apply the changes:

systemctl restart wazuh-manager

5.Ensure you have set the environment variables. If no, create the .env file or set the required variables in the environment:

•EP_INSTANCE—The ESET product that Wazuh uses to pull detections; the options are yes/no. Set yes if you have an ESET PROTECT instance.

•EI_INSTANCE—The ESET product that Wazuh uses to pull detections; the options are yes/no. Set yes if you have an ESET Inspect instance.

•ECOS_INSTANCE—The ESET product that Wazuh uses to pull detection; the options are yes/no. Set yes if you have an ESET Cloud Office Security instance.

•INTERVAL—The time interval (in minutes) for the app to run and pull detections, the minimum value is three.

•INSTANCE_REGION—The location of your ESET PROTECT/ESET Inspect/ESET Cloud Office Security instance; the options are: ca, de, eu, jpn, us.

•USERNAME_INTEGRATION—The ESET Connect API user's email

•PASSWORD_INTEGRATION—The ESET Connect API user's password

To create the .env file in the /var/ossec/integrations/ESET-Integration-Wazuh folder, use the following command:

touch /var/ossec/integrations/ESET-Integration-Wazuh/.env

To edit the .env file, use an editor of your preference. In the following example, the nano text editor is used:

nano /var/ossec/integrations/ESET-Integration-Wazuh/.env

Refer to the example of the .env file contents:

EP_INSTANCE=yes

EI_INSTANCE=no

ECOS_INSTANCE=yes

INTERVAL=10

INSTANCE_REGION=eu

USERNAME_INTEGRATION=email

PASSWORD_INTEGRATION=password

6.Build and run the ESET PROTECT Platform and Wazuh integration app using the Docker Compose command:

docker compose --file /var/ossec/integrations/ESET-Integration-Wazuh/docker-compose.yml up -d --build --force-recreate

After the update, you can continue using the ESET PROTECT Platform and Wazuh integration.

˄˅