Adding Enterprise Inspector

[j-gray 35]

We're currently running ESET Protect on-prem with Windows and OS X licenses for EEA.

I'm referencing the EEI Help documentation, but a little unclear on some details. Could someone please walk me through what it would look like to add Enterprise Inspector so we have full EDR?

I gather we would run up a new/separate server for EEI in addition to our existing EP server. Install EP agent on EEI server, then deploy EEI server via EP console. I also gather that clients will need two agents (one for EP and one for EEI)?

I don't entirely understand deployment and management from there. Can I use a single web console to deploy both agents and manage all policies? Or do I need to deploy EP agents from the EP console and EEI agents from the EEI console? Is all information aggregated into a single console?

Appreciate any pointers or clarification. TIA

[MichalJ 434]

Hello @j-gray, I will try to help.

Our EDR works in a way, that it requires a separate server with a separate console, however the "EDR console" is inteded only for incident investigation. Management / deployment / activation still happens in ESET PROTECT.

So given the fact that you have already deployed ESET PROTECT environment, those are the steps needed: 

1. Install ESET Enterprise Inspector on a dedicated machine. You will have to connect it to your ESET PROTECT, as it uses single sign on between those two, and ESET PROTECT is the one that is also managing user access rights. On this machine, also install ESET PROTECT Agent (you will need it, for future updates).  EEI server needs to be installed manually, you can´t do it from EP Server (not the first time). 
2. Once your EEI Server is installed and running, you can proceed with installation of a component called "EEI Agent". Even though it is named "agent" it is a very small binary, that just sends the detection metadata gathered by our Endpoints (Endpoint is the "AGENT" per se) to the EEI Server, where the detection logic resides. 
3. You will have to specify the EEI server connection details into the policy for EEI agent, that you can assign to group all (they will connect). Also, you will have to activate EEI Agent (If you have the latest version of ESET PROTECT, there is a context menu option called "deploy EEI Agent", that will do the trick for you). 

Once you have your environment setup, EEI detections will appear also in ESET PROTECT. From there, you can easily navigate to details of each detection. You can also access the EEI UI directly, if you are interested in just the EDR functionality. 

Hope that this helps.

Michal 

 

[j-gray 35]

Thanks for the information --I appreciate it.