YossiC 1 Posted June 11 Share Posted June 11 Hi, Is it possible to send the Trigger Event of the Detection to Syslog? For example in rules catching SSH communication, the address would appear in the "Event" tab on Inspect console. My ESET Inspect server is on the latest version. Quote Link to comment Share on other sites More sharing options...
ESET Staff j91321 6 Posted Saturday at 10:43 AM ESET Staff Share Posted Saturday at 10:43 AM Unfortunately we don't send Trigger Event through syslog. These events can be quite large (for example if the triggering event is a Script event). The supported way of doing this is to fetch additional data through REST API after you receive the syslog message, I believe the "event" field is present in the latest version in GET /api/v1/detections/{id} even though it is missing in the documentation. YossiC 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.