Jump to content

ERA Firewall Events


Go to solution Solved by MartinK,

Recommended Posts

  • ESET Insiders
Posted

In ERA, the following events get reported to the console:

Detected ARP cache poisoning attack

Duplicate IP addresses detected in network

 

What settings control these events? Can I add more? Can I exclude these? I'm not sure why just these two get reported to ERA and how they are controlled.

  • ESET Staff
  • Solution
Posted

ERA receives only events from pre-defined firewall rules (not from custom rules) mostly from IDS. Configuration on endpoint is located here: Personal Firewall -> Basic -> IDS and advanced options -> Intrusion detection

  • ESET Insiders
Posted

ERA receives only events from pre-defined firewall rules (not from custom rules) mostly from IDS. Configuration on endpoint is located here: Personal Firewall -> Basic -> IDS and advanced options -> Intrusion detection

 

Gotcha. So the information received from ERA is from pre-defined rules. Anything that I want to specifically monitor for (custom rules) won't be reported to ERA.

  • 2 months later...
Posted

Is there any way to get the mac address of the device causing the problem? I see these randomly. Generally with one of the router IPs which might indicate someone trying to divert routing. Or could be a sign a router is having issues. Logs only seem to give you the IP with the issue. Mac would let me be able to track back to a device to fix or disable it.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...