pronto 6 Posted June 13, 2023 Share Posted June 13, 2023 Servus Community, since the hafnium vulnerability, we have been using a Yara Rule Scanner, which also searches for patterns of different attack vectors in log files and reports matches. The application we currently use for this is freeware, now we are considering upgrading to the full version. With the upgrade more modules, rules and scanners will be unlocked. This may also include an EDR system to actively respond to threats. Depending on the upgrade level. ESET apparently offers something similar with the ESET Inspect module, which would be much cheaper in terms of price. This prompts the question where is the difference, which is supposed to be worth several thousand euros per year? For example, can ESET Inspect search for anomalies in log files? Both in Windows event logs, as well as in text log files, such as IIS logs? Can it be actively reacted to? Detect and block encryption Trojans; detect lateral propagation in the network of intruders and report suspicious activity; central GUI for reporting and configuration (e.g. false positive configuration)? All these things that a normal virus scanner cannot do. FYI: We already use ESET Protect on our endpoints. Thx & Bye Tom Link to comment Share on other sites More sharing options...
Administrators Marcos 5,076 Posted June 13, 2023 Administrators Share Posted June 13, 2023 ESET Inspect is a powerful XDR solution that helps you keep an overview of what's going on in your network, detect suspicious anomalies and activities in your network and take the desired action in response to potential threats. ESET Inspect gathers data from ESET security product on endpoints and servers and evaluates them either on endpoints (e.g. in case of roaming clients) on centrally on the server. It currently has 1261 rules pre-set by security analysts and researchers to detect You can set up remediation actions for particular rules: When investigating what led to an attack or infection, you can view the process tree: Rule details provide further information to administrators, such as a list of known malicious or benign cases, recommendations, MITRE att&ck techniques, etc. There is much more that ESET Inspect offers, hence I'd recommend requesting a trial license from your local ESET distributor and try it out yourself. If you have any questions, don't hesitate to ask. We will be happy to help you get acquainted with ESET Inspect. Link to comment Share on other sites More sharing options...
pronto 6 Posted June 13, 2023 Author Share Posted June 13, 2023 Servus Marcos, thank you for your comments. A test setup will certainly be the best option. Can we remove it from the Protect console without leaving any remaining traces if we decide not to use it? Thx & Bye Tom Link to comment Share on other sites More sharing options...
thae 9 Posted June 16, 2023 Share Posted June 16, 2023 ESET Inspect cannot detect anomalies in log files. For that, a SIEM is more appropriate. For the rest, Inspect works well. Ufoto 1 Link to comment Share on other sites More sharing options...
Recommended Posts