Ufoto 14 Posted July 12, 2023 Share Posted July 12, 2023 Hello All, Looking at the ESET INSPECT rules that are enabled by default, I can see that these are basically all "Threat" severity rules, while all of the rest are disabled. Is this the generally recommended best practice by ESET? I feel that customers miss out a lot by having all other rules disabled, however I do realize that some of them could be very noisy. Is there a guide, or a blog post advising on some sort of best practice configuration that has some additional rules enabled, rules that are proven to produce false-positives rarely (e.g. Dharma ransomware toolkit item file name was written [C0637]). I could go and read all 1000 rules one by one and use my subjective opinion to enable some, but this doesn't seem to be optimal. Let me give you an example - I work with other solutions, and some of them have profiles like "Balanced", "Secure", etc. and depending on the profile different set of rules is enabled. I know that there is no such feature here, however I am looking for some sort of guidance at least, I can enable them manually afterwards. Thank you in advance! Link to comment Share on other sites More sharing options...
ESET Staff Solution j91321 7 Posted July 13, 2023 ESET Staff Solution Share Posted July 13, 2023 I'd recommend to enable rules with tag Essential. Next it's worth reviewing rules that have automatic actions assigned. You can filter these by using the "Rule Actions" filter in the Rules list. You can also use other tags to better filter categories you're interested in and enabled rules based on that. Peter Randziak and Ufoto 2 Link to comment Share on other sites More sharing options...
Ufoto 14 Posted July 18, 2023 Author Share Posted July 18, 2023 Hello, Thank you for the tips, they are really useful, I was barely paying attention to tags. Link to comment Share on other sites More sharing options...
Recommended Posts