Rules Sets

This dialog controls which new detection rules are enabled after the installation.

New means added with the new install pack and in the Web Console in the Admin > Detection Rules tab can be found after filtering by Tag New.

When updating the ESET Inspect Server, if ESET updated the default rule, it is marked with a tag Updated.

•Enable detection rules with Threat, Warning, and Information severity—ideal for advanced users who want complete visibility and are already familiar with ESET Inspect On-Prem, which prefer to customize everything manually.

•Enable detection rules with Threat and Warning severity—ideal for skilled users who want to do Threat Hunting and evaluate malicious and potentially malicious events.

•Enable only detection rules with Threat severity—ideal for new users who know cyber attacks but want to evaluate only confirmed threats.

•Disable all detection rules—ideal for new users with no experience with EDR solutions and start with an analysis of confirmed malware and attacks detected and blocked by the ESET Endpoint product.

The more severities are enabled, the more sensitive the product reacts to threats and generates more detections.

Rules can be enabled or disabled at any time in the Admin > Detection rules tab of the product:

•The first option can be achieved by filtering the view by severity, enabling all three Threat, Warning, and Info.

•The second option can be achieved by filtering the view by severity, enabling Warning, Info.

•The third option can be achieved by filtering the view by severity and enabling Info.

After selecting the filter of your choice, choose all rules by clicking the check box on the left side of the first row (Rule Name (count)). Click the Enable/Disable button.