feat(Eset Protect): add section for ESET Protect Cloud

SEKOIA-IO · Jul 2, 2024 · 72762b2 · 72762b2
1 parent 6bfed02
commit 72762b2
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 1 deletion.
diff --git a/docs/assets/instructions/eset_protect/cloud_syslog.png b/docs/assets/instructions/eset_protect/cloud_syslog.png
diff --git a/docs/xdr/features/collect/integrations/endpoint/eset_protect.md b/docs/xdr/features/collect/integrations/endpoint/eset_protect.md
@@ -41,7 +41,7 @@ Only events from the following log categories are being exported to Syslog serve
 
 An internal syslog concentrator is required to collect and forward events to Sekoia.io.
 
-### Enable syslog forwarding
+### Enable syslog forwarding on ESET Protect On-Prem
 To enable Syslog server in ESET Protect, follow the steps below:
 
 1. In admin console go to `More` > `Settings`.
@@ -55,6 +55,26 @@ To enable Syslog server in ESET Protect, follow the steps below:
 
     ![Syslog configuration](/assets/instructions/eset_protect/enable_syslog_2.png)
 
+### Enable syslog forwarding on ESET Protect Cloud
+
+!!! warning
+    Important note - For ESET Protect Cloud, you will required a secured syslog forwarder. Please read our article [how to secure data collection to the syslog forwarder](../../ingestion_methods/syslog/secured_forwarded.md)
+
+
+To enable Syslog server in ESET Protect, follow the steps below:
+
+1. In admin console go to `More` > `Admin` > `Settings`.
+2. Click `General` > `Syslog`
+3. Check `Enable syslog sending`
+4. Select `JSON` as the format of the payload
+5. Select `Syslog` as the format of the envelope
+6. Select `Information` as the minimal log level
+7. Check all event types
+8. Type the address of the log concentrator
+9. Click `Apply settings`
+
+![Advanced Settings](/assets/instructions/eset_protect/cloud_syslog.png)
+
 ### Create an intake
 
 Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `ESET Protect`.