ESET PROTECT Integration
Overview
ESET PROTECT provides centralized management for ESET endpoint security products with threat detection, device control, and full disk encryption. KYRA MDR collects ESET events via syslog or the ESET PROTECT API for comprehensive endpoint monitoring.
Prerequisites
- A KYRA MDR Collector installed and running
- ESET PROTECT Server with administrative access
- ESET PROTECT version 10.x or later
- Network connectivity from the server to the collector on port 514
Configuration
Configure syslog export in ESET PROTECT:
- Log in to the ESET PROTECT Web Console
- Navigate to More > Server Configuration > Advanced Settings
- Under Syslog Server, configure:
Enable Syslog: YesSyslog Server Host: <collector-ip>Syslog Server Port: 514Format: JSONTransport: TCPExport Logs: Detections, Firewall, HIPS, Audit- Click Save
- Verify events under More > Server Configuration > Syslog status
Collected Log Types
| Log Type | Description | Security Use |
|---|---|---|
| Detections | Malware and threat detections | Endpoint protection monitoring |
| Firewall | ESET Firewall events | Host network security |
| HIPS | Host intrusion prevention events | Behavioral threat detection |
| Device Control | USB and peripheral events | Data security, policy enforcement |
| Web Control | Web access filtering | Content filtering |
| Audit | Administrative and user actions | Compliance auditing |
Troubleshooting
Syslog not exporting: Verify syslog is enabled in server configuration. Restart the ESET PROTECT Server service after enabling.
JSON parsing errors: KYRA MDR expects ESET JSON format. Verify the syslog format is set to JSON.
Missing agent events: Events from endpoints must first report to the ESET PROTECT Server before being forwarded via syslog.
Contact kyra@seekerslab.com for support.