ESET EDR

The ThreatDefence platform supports integration with ESET PROTECT and ESET Inspect Cloud to ingest endpoint detection and response telemetry. Logs collected from ESET provide visibility into malware detections, suspicious activities, and endpoint risk events.

Prerequisites

• Access to the ESET PROTECT Hub with Superuser permissions.

• A ThreatDefence syslog appliance or VM

Steps

Step 1. Syslog Configuration

• Format of Payload: CEF

• Format of envelope-BSD (Syslog)

• Event types to log—Select the type of logs you want to include (Antivirus, HIPS, Firewall, Web protection, Audit Log, Blocked files, ESET Inspect alerts, Incidents).

• Destination IP (this should be the IP address of your ThreatDefence appliance).

Step 2. Reach out to ThreatDefence support

Once configuration is complete, provide the following details to ThreatDefence Support at 📧 [email protected]:

• Request to enable ESET EDR syslog listener on your ThreatDefence appliance

• Source IP address