ESET Antivirus helps protect your assets from malware, ransomware, and viruses.
Before You Begin
ESET Antivirus requires you to use an application called Remote Administrator to centrally manage all of the deployments to various workstations, assets, and servers. The Remote Administrator application allows ESET Antivirus to configure and send events via syslog, which InsightIDR will ingest.
- Install the ESET Remote Administrator: https://help.eset.com/era_install/65/en-US/index.html
- Configure syslog: https://help.eset.com/era_admin/63/en-US/index.html?admin_server_settings_syslog.htm
- Enable exporting to syslog: https://help.eset.com/era_admin/63/en-US/index.html?admin_server_settings_export_to_syslog.htm
How to Configure This Event Source
- From your dashboard, select Data Collection on the left hand menu.
- When the Data Collection page appears, click the Setup Event Source dropdown and choose Add Event Source.
- From the “Security Data” section, click the Virus Scan icon. The “Add Event Source” panel appears.
- Choose your collector and event source. You can also name your event source if you want.
- Choose the timezone that matches the location of your event source logs.
- Optionally choose to send unfiltered logs.
- Configure your default domain and any Advanced Event Source Settings.
- Select Listen for Syslog and enter the port you configured in the ESET appliance.
- Optionally choose to Encrypt the event source if choosing TCP by downloading the Rapid7 Certificate.
- Click Save.