ESET Enterprise Inspector

ESET Enterprise Inspector is a comprehensive Endpoint Detection and Response system that includes features such as: incident detection, incident management and response, data collection, indicators of compromise detection, anomaly detection, behavior detection, policy violations. For more information about ESET Enterprise Inspector, its installation and functions, see ESET Enterprise Inspector help.

ESET Enterprise Inspector configuration

ESET Enterprise Inspector requires ESMC to:

Create an ESET Enterprise Inspector user with proper permissions. ESMC 7.2 contains the pre-defined permission sets for ESET Enterprise Inspector users.

Create certificates that are used during ESET Enterprise Inspector Server Installation.

Activate ESET Enterprise Inspector on a device connected to ESMC.

note

Note

You need to have ESET Enterprise Inspector license to activate ESET Enterprise Inspector.

Reporting of ESET Enterprise Inspector detections in ESMC

If you add a device that runs the ESET Enterprise Inspector Agent (properly configured and connected to the ESET Enterprise Inspector Server) to ESMC, ESET Enterprise Inspector reports the discovered detections in the ESMC Detections section. You can filter these detections by selecting the icon_ei_alertEnterprise Inspector detection category.

Another detection type reported by ESET Enterprise Inspector are icon_blocked Blocked files. These are the blocked attempts to launch executables blacklisted in ESET Enterprise Inspector (blocked hashes). icon_send_file Send File to EDTD is available only for icon_blocked Blocked files. You can send a file for the malware analysis (ESET Dynamic Threat Defense) from ESMC Web Console. You can see the file analysis details in Submitted Files. If you want to submit other executable files manually for analysis in ESET Dynamic Threat Defense, you can do it from the ESET endpoint product (you need to have the ESET Dynamic Threat Defense license).

Managing ESET Enterprise Inspector detections in ESMC

Integration of ESET Enterprise Inspector detections in the ESMC Web Console allows you to manage Enterprise Inspector  detections directly from the ESMC Web Console, without the need to open the ESET Enterprise Inspector Web Console. For example, if you mark the detection as resolved in the ESMC Web Console, it is also marked as resolved in the ESET Enterprise Inspector Web Console and vice versa.

Click the detection and selectdetails_defaultShow in EI to see detection details in the ESET Enterprise Inspector Web Console.

The following system requirements must be met to enable management of Enterprise Inspector detections in the ESMC Web Console:

ESMC version 7 and later.

ESET Endpoint software (ESET Endpoint Antivirus, ESET Endpoint Security) version 7 and later installed on the managed computer.

note

Note

ERA 6.5 displays detections reported by ESET Enterprise Inspector, but it does not provide the option to manage them (mark them as resolved).