Enterprise Inspector

ESET Enterprise Inspector (EEI)

ESET Enterprise Inspector (EEI) is a comprehensive Endpoint Detection and Response system that includes features such as: incident detection, incident management and response, data collection, indicators of compromise detection, anomaly detection, behavior detection, policy violations. For more information about ESET Enterprise Inspector, its installation and functions, see ESET Enterprise Inspector help.

EEI configuration

EEI requires ESMC to:

Create an EEI user with proper permissions.

Create certificates that are used during EEI Server Installation.

Activate EEI on a device connected to ESMC.

details_hoverNOTE

You need to have EEI license to activate EEI.

Reporting of EEI threats in ESMC

If you add a device that runs ESET Enterprise Inspector Agent (properly configured and connected to ESET Enterprise Inspector Server) to ESMC, EEI reports the discovered threats in ESMC Threats section. You can filter these threats by selecting Enterprise Inspector threat type.

Another threat type reported by Enterprise Inspector are Blocked files. These are the blocked attempts to launch executables set in Enterprise Inspector as blacklisted (blocked by file hash).

Managing EEI threats in ESMC

Integration of EEI threats in ESMC Web Console allows you to manage Enterprise Inspector  threats directly from ESMC Web Console, without the need to open EEI Web Console. For example, if you mark the threat as resolved in ESMC Web Console, it is marked as resolved also in EEI Web Console and vice versa.

Click the threat, select Show details and click the link next to Link to EI Console to see threat details in EEI Web Console.

The following system requirements must be met to enable management of Enterprise Inspector threats in ESMC Web Console:

ESMC version 7 and later.

ESET Endpoint software (ESET Endpoint Antivirus, ESET Endpoint Security) version 7 and later installed on the managed computer.

details_hoverNOTE

ERA 6.5 displays threats reported by ESET Enterprise Inspector, but it does not provide the option to manage them (mark them as resolved).