Future changes to ESET Enterprise Inspector

[Marcos 3,622]

Hello,

The goal of this message thread is to provide ESET with specific feedback on changes and new features you would like to see in future versions of ESET Enterprise Inspector. Please use the following format when providing feedback:

 

 

Description: A very specific one line description of your feedback.

Detail: A more detailed explanation of your feedback. Please feel free to make this any length, but be sure to use terms everyone can understand. If your suggestion is an extension or update to an existing discussion, please include a link to it in your message.

Here is an example:

 

Description: Linux version

Detail: We use a Linux-based server to minimize costs and I think ESET should make a version of ESET Enterprise Inspector for Linux.

You are welcome to discuss the merits of each and every suggestion, but keep your comments on topic, concise and thoughtful. There are other parts of the forum to discuss issues.

NOTE: When making your requests do not make general statements such as "better gui". If you have a specific feature or functionality you would like to see added (or improved) please post it here, but general requests to "make things better" are not helpful because they do not give ESET detailed enough information. Thank you for your understanding.

Regards,

Marcos

[bbahes 29]

Description: Linux version

Detail: We use a Linux-based server to minimize costs and I think ESET should make a version of ESET Enterprise Inspector for Linux.

Detail 2: Also, we don't want to pay Windows Server licenses for security products.

 

Description: Cloud version

Detail: Managing on premise equipment, patching and monitoring on premise software is costly and time consuming.

 

At minimum you should have Linux version, at best Cloud version.

[vanroy 0]

Hey in the installation of EEi  certificates

step 2 . Select Enterprise inspector Console in the product selector is correct?

step 3 . DNS name of the server is necessary? 

 

or  instructions https://help.eset.com/eei/1/en-US/gui_server_installation.html   what is correct? 

 IMPORTANT

In ESMC Server Settings enable Advanced security in the Connection section before creating a certificate.

By default certificates created by ESMC use * (an asterisk) as a hostname (wildcard certificate). EEI does not support such certificates. The user needs to use the real hostname of EEI Server.

Mandatory parameters for creating Peer Certificate are:

•Product: "Enterprise Inspector Server"

•Host: Use a real IP Address of the EEI Server

Best

 

 

 

[Peter Randziak 595]

Hello @vanroy 

you do not need to force the advanced security in ESMC, you would have to regenerate the certs then.

Just create a new certificate for product "Enterprise Inspector Server" and specify IP address AND / OR host name of your server to it.

Then export this certificate (and CA as well) and use it during the installation of EEI server. You can use this certificate for both EEI console and server.

Regards, P.R.

[Tita314 0]

Good Day, Marcos!

 

Do you know smth about developing Automated Response in EEI?

Maybe you know some other future changes?

[Marcos 3,622]

35 minutes ago, Tita314 said:

Do you know smth about developing Automated Response in EEI?

What do you mean for instance? Action in rules can be already configured:

 

[Tita314 0]

Marcos, 

Thanks for a quick answer!

I mean, do you plan to organize automatic actions according to the broken rules?

 

Edited October 23, 2020 by Tita314

[MichalJ 383]

Hello @Tita314, Yes, similar functionality is in planned for the upcoming releases. 

[Tita314 0]

Michalj, thank you for your answer/

It is a very good news!

 

Maybe you can declassify a little bit more features that are in development?  We miss the news about improvement!

[Lockbits 1]

Hello guys,

The ability to add other type of hashes like SHA256 in order to block them and not only SHA1.

 

Thanks.

[igi008 9]

16 minutes ago, Lockbits said:

Hello guys,

The ability to add other type of hashes like SHA256 in order to block them and not only SHA1.

 

Thanks.

Many thanks for your suggestion. Now we are working on extending hashes in all our products. We plan to support also SHA256 as well. Of course, it completely makes sense to support it also in this feature (block by hash).

[Lockbits 1]

Hello guys,

I've two suggestions:

1) The option to apply exclusions for web control detections or "Detected by ESET Endpoint Security product" alerts. We've a customer that is using web control and we configured the product so all blocked websites are logged in EPC console setting the verbosity accordingly. The problem is that this information is also sent to EEI console and this add a ton of unnecessary data and difficult the detection of valuable data. We can disable the verbose level but this will also affect the blocked website being logged and reported to ESMC.

I mean this:

2) The possibility to add granular exclusions for some rules like MS Office application has saved executable [D0806]. We get about 5 daily alerts of this type and all are benign. Apparently Office creates a lot of temporal with .com extension like this:

Currently I can create an exclusion to this rule but I prefer to don't do this because in case a real malware creates a .com or .exe I'll miss this alert. Maybe an option to exclude per folder? So I can exclude the path that always start with the same pattern. Of course that if I do this in this folder I can miss a real malware being written to such path but the possibility is quite less that creating an entire exclusion for this rule or modifying the rule to not include .com extension.

Thanks.