[AI-5441] DDS: ESET Protect: Integration v1.0.0 #20349
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
datadog-agent-integrations-bot
bot
added
documentation
dev/testing
dev/tooling
qa/skip-qa
savandalasaniya-crest
changed the title
jhgilbert
added
the
editorial review
torosmassa
changed the title
sarah-witt
requested changes
May 28, 2025
There was a problem hiding this comment.
Hi @savandalasaniya-crest, thanks for the PR! I left some initial comments.
temporal-github-worker-1
bot
added
agent/requested-changes
and removed
agent/review-requested
labels
sarah-witt
previously approved these changes
Jun 2, 2025
temporal-github-worker-1
bot
added
agent/approved
and removed
agent/requested-changes
labels
buraizu
reviewed
Jun 2, 2025
eset_protect/README.md
Outdated
|
|
||
| - **Threat_Event**: Records detections involving identified security threats like malware, viruses, and suspicious behavior. It includes information on the threat type, its location, and the response or action performed. | ||
| - **FirewallAggregated_Event**: Records network traffic filtered by the firewall, including blocked or allowed connections. It tracks protocols, IP addresses, ports, and the status of network connections. | ||
| - **FilteredWebsites_Event**: Records website access attempts blocked by the web filtering feature based on security or policy rules. It includes details about the website category and the action taken (allowed/blocked). |
There was a problem hiding this comment.
Suggested change
| - **FilteredWebsites_Event**: Records website access attempts blocked by the web filtering feature based on security or policy rules. It includes details about the website category and the action taken (allowed/blocked). | |
| - **FilteredWebsites_Event**: Records website access attempts blocked by the web filtering feature based on security or policy rules. It includes details about the website category and the action taken (allowed or blocked). |
There was a problem hiding this comment.
Done 👍
eset_protect/README.md
Outdated
| - **Threat_Event**: Records detections involving identified security threats like malware, viruses, and suspicious behavior. It includes information on the threat type, its location, and the response or action performed. | ||
| - **FirewallAggregated_Event**: Records network traffic filtered by the firewall, including blocked or allowed connections. It tracks protocols, IP addresses, ports, and the status of network connections. | ||
| - **FilteredWebsites_Event**: Records website access attempts blocked by the web filtering feature based on security or policy rules. It includes details about the website category and the action taken (allowed/blocked). | ||
| - **Audit_Event**: Records user or system actions within the management console, such as configuration changes, logins, or task executions, for auditing and accountability. |
There was a problem hiding this comment.
Suggested change
| - **Audit_Event**: Records user or system actions within the management console, such as configuration changes, logins, or task executions, for auditing and accountability. | |
| - **Audit_Event**: Records user or system actions within the management console for auditing and accountability, such as configuration changes, logins, or task executions. |
There was a problem hiding this comment.
Done 👍
eset_protect/README.md
Outdated
|
|
||
| ### Installation | ||
|
|
||
| To install the ESET Protect integration, run the following Agent installation command and the following steps. For more information, see the [Integration Management][5] documentation. |
There was a problem hiding this comment.
Suggested change
| To install the ESET Protect integration, run the following Agent installation command and the following steps. For more information, see the [Integration Management][5] documentation. | |
| To install the ESET Protect integration, run the following Agent installation command. Afterward, follow the steps in the [configuration](#configuration) section to set up log collection. For more information, see the [Integration Management][5] documentation. |
There was a problem hiding this comment.
Done 👍
eset_protect/README.md
Outdated
| - **Host**: Provide IP address or hostname of the destination for Syslog messages. | ||
| - **Port**: Provide port number. | ||
| - **Format**: Select Syslog. | ||
| - **Transport**: Select Protocol for sending messages to Syslog. Select TCP or UDP. |
There was a problem hiding this comment.
Suggested change
| - **Transport**: Select Protocol for sending messages to Syslog. Select TCP or UDP. | |
| - **Transport**: Select Protocol for sending messages to Syslog (TCP or UDP). |
There was a problem hiding this comment.
Done 👍
eset_protect/README.md
Outdated
|
|
||
| ### Logs | ||
|
|
||
| The ESET Protect integration collects Threat_Event, FirewallAggregated_Event, FilteredWebsites_Event, and Audit_Event logs. |
There was a problem hiding this comment.
Suggested change
| The ESET Protect integration collects Threat_Event, FirewallAggregated_Event, FilteredWebsites_Event, and Audit_Event logs. | |
| The ESET Protect integration collects `Threat_Event`, `FirewallAggregated_Event`, `FilteredWebsites_Event`, and `Audit_Event` logs. |
There was a problem hiding this comment.
Done 👍
| @@ -0,0 +1,1798 @@ | |||
| { | |||
| "title": "ESET Protect - Audit Events", | |||
| "description": "This dashboard provides information about the Audit events.", | |||
There was a problem hiding this comment.
Suggested change
| "description": "This dashboard provides information about the Audit events.", | |
| "description": "This dashboard provides information about Audit events.", |
There was a problem hiding this comment.
Done 👍
| @@ -0,0 +1,1632 @@ | |||
| { | |||
| "title": "ESET Protect - Filtered Websites Events", | |||
| "description": "This dashboard offers insights into the ESET Protect Filtered Websites events.", | |||
There was a problem hiding this comment.
Suggested change
| "description": "This dashboard offers insights into the ESET Protect Filtered Websites events.", | |
| "description": "This dashboard offers insights into ESET Protect Filtered Website events.", |
There was a problem hiding this comment.
It looks like both Websites events and Website events are used in this file. Suggesting to make this usage consistent throughout the file.
There was a problem hiding this comment.
Done 👍
| "id": 666821597255175, | ||
| "definition": { | ||
| "type": "note", | ||
| "content": "Datadog Cloud SIEM analyzes and correlates the ESET Protect logs to detect threats to your environment in real time. If you don't see signals please make sure you've enabled [Datadog Cloud SIEM](/security).", |
There was a problem hiding this comment.
Suggested change
| "content": "Datadog Cloud SIEM analyzes and correlates the ESET Protect logs to detect threats to your environment in real time. If you don't see signals please make sure you've enabled [Datadog Cloud SIEM](/security).", | |
| "content": "Datadog Cloud SIEM analyzes and correlates ESET Protect logs to detect threats to your environment in real time. If you don't see signals, ensure you've enabled [Datadog Cloud SIEM](/security).", |
There was a problem hiding this comment.
Done 👍
| @@ -0,0 +1,1329 @@ | |||
| { | |||
| "title": "ESET Protect - Threat Events", | |||
| "description": "This dashboard offers insights into the ESET Protect Threat events.", | |||
There was a problem hiding this comment.
Suggested change
| "description": "This dashboard offers insights into the ESET Protect Threat events.", | |
| "description": "This dashboard offers insights into ESET Protect Threat events.", |
There was a problem hiding this comment.
Done 👍
| "id": 3076471816303785, | ||
| "definition": { | ||
| "type": "note", | ||
| "content": "ESET Protect is an application that lets you manage ESET products on workstations and servers in a networked environment from one central location. Using the ESET PROTECT Web Console, you can deploy ESET Solutions, manage tasks, enforce security policies, monitor system status, and quickly respond to problems or detections on remote computers.\n\nThe Threat dashboard provides events generated by ESET antivirus system when it detects potential threats, such as malware, viruses, or suspicious files. It shows when the antivirus has identified a security risk and possibly taken action on a file, application, or network traffic.\n\nFor more information, see the [ESET Protect Integration Documentation](https://docs.datadoghq.com/integrations/eset_protect).\n\n**Tips**\n- Use the timeframe selector in the upper-right corner of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.", |
There was a problem hiding this comment.
Suggested change
| "content": "ESET Protect is an application that lets you manage ESET products on workstations and servers in a networked environment from one central location. Using the ESET PROTECT Web Console, you can deploy ESET Solutions, manage tasks, enforce security policies, monitor system status, and quickly respond to problems or detections on remote computers.\n\nThe Threat dashboard provides events generated by ESET antivirus system when it detects potential threats, such as malware, viruses, or suspicious files. It shows when the antivirus has identified a security risk and possibly taken action on a file, application, or network traffic.\n\nFor more information, see the [ESET Protect Integration Documentation](https://docs.datadoghq.com/integrations/eset_protect).\n\n**Tips**\n- Use the timeframe selector in the upper-right corner of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.", | |
| "content": "ESET Protect is an application that lets you manage ESET products on workstations and servers in a networked environment from one central location. Using the ESET PROTECT Web Console, you can deploy ESET Solutions, manage tasks, enforce security policies, monitor system status, and quickly respond to problems or detections on remote computers.\n\nThe Threat dashboard provides events generated by the ESET antivirus system when it detects potential threats, such as malware, viruses, or suspicious files. It shows when the antivirus has identified a security risk and possibly taken action on a file, application, or network traffic.\n\nFor more information, see the [ESET Protect Integration Documentation](https://docs.datadoghq.com/integrations/eset_protect).\n\n**Tips**\n- Use the timeframe selector in the upper-right corner of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.", |
There was a problem hiding this comment.
Done 👍
temporal-github-worker-1
bot
dismissed
sarah-witt’s stale review
Review from sarah-witt is dismissed. Related teams and files:
- agent-integrations
- eset_protect/README.md
- eset_protect/assets/dashboards/eset_protect_audit_events.json
- eset_protect/assets/dashboards/eset_protect_filtered_websites_events.json
- eset_protect/assets/dashboards/eset_protect_overview.json
- eset_protect/assets/dashboards/eset_protect_threat_events.json
temporal-github-worker-1
bot
added
agent/review-requested
and removed
agent/approved
labels
Wyrine
added
assets/no-dry-run
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This is a initial release PR of ESET Protect integration including all the required assets.
Motivation
Review checklist (to be filled by reviewers)
qa/skip-qalabel if the PR doesn't need to be tested during QA.backport/<branch-name>label to the PR and it will automatically open a backport PR once this one is merged