Hello,
When ESET IDS detects a "Security vulnerability exploitation attempt" (usually EsetIpBlacklist), it appears in our ESMC detections as "Blocked" and "Unresolved".
After 20-60 seconds, the detection automatically changes to "Resolved" and shows as "Handled by product".
How can we fix this delay so that a blocked detection is shown as "Resolved" straight away?
The issue this causes us is that we monitor the number of unresolved detections with our monitoring system and we have some internet facing servers that are constantly throwing up exploit attempts from blacklisted IPs. Our monitoring system checks the current state every 15 minutes and a lot of the time there is one of these unresolved detections. By the time we sign into ESMC to check, it's marked as resolved. The outcome is endless notifications from our monitoring system.
One possible solution is to stop logging blacklisted IP detections - but that means should there be a false positive in future we have less diagnostic capability to see it was blocked by ESET. It also doesn't provide a fix when the detection isn't related to blacklisted IPs.
Best regards,
Harry
