Jump to content

Jean M

Members
  • Content Count

    35
  • Joined

  • Days Won

    1

Everything posted by Jean M

  1. Hi, We'd like to experiment using this Rogue Detector server and we'd need to know more information for making the deployment correct. There's little documentation on this server in the documentation, other than the diagram showing it needs to be on the network. Does anyone know if: - Is server monitoring DHCP requests? and anything else? - Will it listen to all interfaces or it's configurable? Thanks! Jean M
  2. I wonder if the SMC Server provides an endpoint for agent connection why not use it for that functionality instead of using an ESET's own infrastructure? Is there any log information about wake-up related events in the agent? Thanks
  3. Hi, Is this necessary in ESET agents for ESET SMC to work? I've read in the documentation that it allows client tasks to be executed as soon as possible, can someone confirm if this is truly necessary or if it can be disabled? Is there a place where we can see the information sent to or contacts done to EPNS? The idea of having an on-prem solution was that it didn't had to rely on third party services. Thanks for any feedback!
  4. Could someone confirm what are the syslog JSON logged Audit Events? if it's just login and logout and if there's a way to log more than that.
  5. Hi Martin, We're looking for actions executed by the native users in ESET SMC, being one of the most important the Client Tasks, of type Run Command. But, overall other actions would be useful also, for auditing purposes. The way the information is shown in the documentation it made me think these syslog audit events would match what we would get by Audit Reports. Thanks!
  6. Hi, I'm trying to process ESET SMC Server in a SIEM system and it seems that it provides a good feature of sending JSON Audit Events to a syslog server. What I needed to know is what audit events are logged, because I'm only receiving login and logout events in syslog: 2020-02-05T17:20:43.724Z ip-10-xxx.xxx ERAServer[2286] <U+FEFF>{"event_type":"Audit_Event","ipv4":"10.xxx","hostname":"ip-10-XXX","source_uuid":"976e2311-41fa-4e38-88ad-5af43c63bab6","occured":"05-Feb-2020 17:20:43","severity":"Information","domain":"Native user","action":"Login attempt","target":"USERNAME","detail":"Authenticating native user 'USERNAME'.","user":"","result":"Success"}#015#012 Thanks!
  7. Hi, We're using the older version, v7.0 yet. Thanks!
  8. Hi! In Ubuntu Bionic the OpenSSL version is >= 1.1.x (https://packages.ubuntu.com/bionic/openssl), and as documented, SMC Agent doesn't support this version. I was wondering if anyone have an idea on how to install the SMC Agent in this OS (or others that use by default a newer version of OpenSSL)? I know it is possible to install an older version of OpenSSL using manual compilation at least, but I was looking for cleaner ways of doing this. If I ask in distribution forums I'm afraid they will say it is old and not supported... 😐 Any idea is welcome. Thanks!
  9. That is a bit limiting, but yes, looking around in the forum we see a workaround (from you) it seems to be working! Thanks.
  10. Well, that seem to work, thanks! In that case wouldn't all other addresses also be blocked? If I open some HTTPS URL it works.
  11. Hi, I've created a policy to block a sample URL domain, however it seems to have the negative effect of blocking any HTTP access (permitting only HTTPS). While reading through the documentation it was not clear to me what setting is related to this behavior? Does anyone know? Thanks!
×
×
  • Create New...