Jump to content

Jean M

  • Posts

  • Joined

  • Days Won


Jean M last won the day on November 7 2019

Jean M had the most liked content!

About Jean M

  • Rank

Profile Information

  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi, We're upgrading all AVs and SMC Agent but I have doubts on AV upgrade: 1. If I select to not "automatically reboot" is it expected to install the AV if the user eventually reboots the system? I'm asking because by experience, this doesn't seem to be working, wondering if there's something wrong in configuration. 2. If I select "automatic reboot" will the user be prompted and allowed to delay the reboot? Thanks, Jean M
  2. Hi, I've a computer which has a Client Task Execution in "Planned" state. However: 1. The computer is online and ESET SMC hows the correct "Last connected" 2. There are no triggers set for this task in a future time. Why is the task showing as "Planned" state? This column was what we used to know if a task was already executed or not, I'm not sure if there's other way to know. Thanks, Jean M PS: using ESET SMC v8 and agent version 8.0.3209.0.
  3. Hi Martin, Forgot to add that information, this is a MacOS computer. Thanks!
  4. Hi Martin, Indeed, since one of the cases was my own computer, I assumed it would show my user as logged, however, ESET SMC is not showing any user logged in the computer. Is this some bug? Thanks
  5. Hi, I'm generating a report with the following columns: Logged users . User name Computer . Computer name Static group . Static group name However, when the "logged users" column is used, I can see a small decrease of computers showing in the report. Does anyone have a clue why? Thanks Jean M.
  6. What about the computer UUID? I found that it is required by some API calls but I cannot find one that returns the computers along with their UUID. If anyone knows how to get this information please share.
  7. Hi, I've enabled syslog in ESET SMC (v7.1) and I'm able to see logs generated in syslog daemon. The configuration is the following: However, the message of syslog contains non-printable characters at beginning and end: # xxd /var/log/eset/RemoteAdministrator/Server/ERAServer.log 00000000: efbb bf7b 2265 7665 6e74 5f74 7970 6522 ...{"event_type" 00000010: 3a22 4175 6469 745f 4576 656e 7422 2c22 :"Audit_Event"," 00000020: 6970 7634 223a 2231 302e 3235 302e 312e ipv4":"10.100.0. ... 00000160: 7222 3a22 222c 2272 6573 756c 7422 3a22 r":"","result":" 00000170: 5375 6363 6573 7322 7d23 3031 3523 3031 Success"}#015#01 00000180: 320a 2. I know that the last two were escaped to #015 and #012 by the syslog daemon (rsylogd) automatically. Does anyone know if this is expected? I tried both formats BSD and Syslog and they seem to give the same result. Thanks!
  8. Hi, Is it possible to get computer information like logged user (as shown when we open computer details in Web Console) from the ESET API? I'm able to get the listing of computers with Era.Common.NetworkMessage.ConsoleApi.Groups.RpcExportComputersRequest but this only returns a listing of computer names. Thanks, Jean M
  9. Thanks itman, I was just looking in 70, 71 version documentation, I couldn't find that same page for the latest version. Nevertheless that helps already! Thanks.
  10. Hi, We'd like to experiment using this Rogue Detector server and we'd need to know more information for making the deployment correct. There's little documentation on this server in the documentation, other than the diagram showing it needs to be on the network. Does anyone know if: - Is server monitoring DHCP requests? and anything else? - Will it listen to all interfaces or it's configurable? Thanks! Jean M
  11. I wonder if the SMC Server provides an endpoint for agent connection why not use it for that functionality instead of using an ESET's own infrastructure? Is there any log information about wake-up related events in the agent? Thanks
  12. Hi, Is this necessary in ESET agents for ESET SMC to work? I've read in the documentation that it allows client tasks to be executed as soon as possible, can someone confirm if this is truly necessary or if it can be disabled? Is there a place where we can see the information sent to or contacts done to EPNS? The idea of having an on-prem solution was that it didn't had to rely on third party services. Thanks for any feedback!
  13. Could someone confirm what are the syslog JSON logged Audit Events? if it's just login and logout and if there's a way to log more than that.
  14. Hi Martin, We're looking for actions executed by the native users in ESET SMC, being one of the most important the Client Tasks, of type Run Command. But, overall other actions would be useful also, for auditing purposes. The way the information is shown in the documentation it made me think these syslog audit events would match what we would get by Audit Reports. Thanks!
  15. Hi, I'm trying to process ESET SMC Server in a SIEM system and it seems that it provides a good feature of sending JSON Audit Events to a syslog server. What I needed to know is what audit events are logged, because I'm only receiving login and logout events in syslog: 2020-02-05T17:20:43.724Z ip-10-xxx.xxx ERAServer[2286] <U+FEFF>{"event_type":"Audit_Event","ipv4":"10.xxx","hostname":"ip-10-XXX","source_uuid":"976e2311-41fa-4e38-88ad-5af43c63bab6","occured":"05-Feb-2020 17:20:43","severity":"Information","domain":"Native user","action":"Login attempt","target":"USERNAME","detail":"Authenticating native user 'USERNAME'.","user":"","result":"Success"}#015#012 Thanks!
  • Create New...