From 8ffd10b16be045cbffd8a8d11ff79f6d5ff0b853 Mon Sep 17 00:00:00 2001 From: Bivic Date: Tue, 3 Sep 2024 17:34:58 +0200 Subject: [PATCH 1/4] say that we need TLS + add the file in the tree --- docs/integration/categories/endpoint/eset_protect.md | 3 +++ mkdocs.yml | 1 + 2 files changed, 4 insertions(+) diff --git a/docs/integration/categories/endpoint/eset_protect.md b/docs/integration/categories/endpoint/eset_protect.md index fba1a206b8..1b1904701e 100644 --- a/docs/integration/categories/endpoint/eset_protect.md +++ b/docs/integration/categories/endpoint/eset_protect.md @@ -73,6 +73,9 @@ To enable Syslog server in ESET Protect on On-Prem : ![Syslog configuration](/assets/instructions/eset_protect/enable_syslog_2.png) +!!! warning + Important note - For ESET Protect Cloud, you will required a secured syslog forwarder. Please read our article [how to secure data collection to the syslog forwarder](intergration/ingestion_methods/syslog/secured_forwarded.md) + To enable Syslog server in ESET Protect on Cloud: 1. In admin console go to `More` > `Admin` > `Settings`. 2. Click `General` > `Syslog` diff --git a/mkdocs.yml b/mkdocs.yml index 98c866d92d..f7e3d41e88 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -308,6 +308,7 @@ nav: - Syslog: - Overview: integration/ingestion_methods/syslog/overview.md - Sekoia.io Forwarder: integration/ingestion_methods/syslog/sekoiaio_forwarder.md + - Secured forwarding: integration/ingestion_methods/syslog/secured_forwarding.md - Third-party syslog services: integration/ingestion_methods/syslog/syslog_service.md - Rsyslog: integration/ingestion_methods/syslog/rsyslog.md - Syslog NG: integration/ingestion_methods/syslog/syslog-ng.md From ced5addb60cd836f97adb0a1bc4c5826bc1150fb Mon Sep 17 00:00:00 2001 From: Bivic Date: Tue, 3 Sep 2024 18:23:59 +0200 Subject: [PATCH 2/4] fix bad indent --- .../categories/endpoint/eset_protect.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/integration/categories/endpoint/eset_protect.md b/docs/integration/categories/endpoint/eset_protect.md index 1b1904701e..470af688b9 100644 --- a/docs/integration/categories/endpoint/eset_protect.md +++ b/docs/integration/categories/endpoint/eset_protect.md @@ -62,14 +62,14 @@ type: intake ### Instructions on the 3rd party solution To enable Syslog server in ESET Protect on On-Prem : - 1. In admin console go to `More` > `Settings`. - 2. Open `Advanced Settings` tab. +1. In admin console go to `More` > `Settings`. +2. Open `Advanced Settings` tab. ![Advanced Settings](/assets/instructions/eset_protect/enable_syslog_1.png) - 3. Click on `Syslog server` > `Use Syslog server`. - 4. Then click on `Logging` > `Export logs to Syslog` and choose `JSON` format. - 5. Save configuration. +3. Click on `Syslog server` > `Use Syslog server`. +4. Then click on `Logging` > `Export logs to Syslog` and choose `JSON` format. +5. Save configuration. ![Syslog configuration](/assets/instructions/eset_protect/enable_syslog_2.png) @@ -77,17 +77,17 @@ To enable Syslog server in ESET Protect on On-Prem : Important note - For ESET Protect Cloud, you will required a secured syslog forwarder. Please read our article [how to secure data collection to the syslog forwarder](intergration/ingestion_methods/syslog/secured_forwarded.md) To enable Syslog server in ESET Protect on Cloud: - 1. In admin console go to `More` > `Admin` > `Settings`. - 2. Click `General` > `Syslog` - 3. Check `Enable syslog sending` - 4. Select `JSON` as the format of the payload - 5. Select `Syslog` as the format of the envelope - 6. Select `Information` as the minimal log level - 7. Check all event types - 8. Type the address of the log concentrator - 9. Check `Validate CA Root certificates of TLS connections` - 10. Copy the public certificate of the Certificate Authority in the textarea - 11. Click `Apply settings` +1. In admin console go to `More` > `Admin` > `Settings`. +2. Click `General` > `Syslog` +3. Check `Enable syslog sending` +4. Select `JSON` as the format of the payload +5. Select `Syslog` as the format of the envelope +6. Select `Information` as the minimal log level +7. Check all event types +8. Type the address of the log concentrator +9. Check `Validate CA Root certificates of TLS connections` +10. Copy the public certificate of the Certificate Authority in the textarea +11. Click `Apply settings` ![Advanced Settings](/assets/instructions/eset_protect/cloud_syslog.png) From 17b5632a60e0d9f1c536c450a59b74c2f3adce06 Mon Sep 17 00:00:00 2001 From: Bivic Date: Tue, 3 Sep 2024 18:34:19 +0200 Subject: [PATCH 3/4] fix tree --- mkdocs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mkdocs.yml b/mkdocs.yml index f7e3d41e88..cc04584b6d 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -308,10 +308,10 @@ nav: - Syslog: - Overview: integration/ingestion_methods/syslog/overview.md - Sekoia.io Forwarder: integration/ingestion_methods/syslog/sekoiaio_forwarder.md - - Secured forwarding: integration/ingestion_methods/syslog/secured_forwarding.md - Third-party syslog services: integration/ingestion_methods/syslog/syslog_service.md - Rsyslog: integration/ingestion_methods/syslog/rsyslog.md - Syslog NG: integration/ingestion_methods/syslog/syslog-ng.md + - Secured forwarding: integration/ingestion_methods/syslog/secured_forwarding.md - List of Intakes: - Overview: integration/categories/overview.md - Applicative: From f8701551883b3fad6e7cad7178ac874a8b1fdf2f Mon Sep 17 00:00:00 2001 From: Bivic Date: Tue, 3 Sep 2024 18:43:24 +0200 Subject: [PATCH 4/4] fix list --- docs/integration/categories/endpoint/eset_protect.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/integration/categories/endpoint/eset_protect.md b/docs/integration/categories/endpoint/eset_protect.md index 470af688b9..a6dca123ab 100644 --- a/docs/integration/categories/endpoint/eset_protect.md +++ b/docs/integration/categories/endpoint/eset_protect.md @@ -62,6 +62,7 @@ type: intake ### Instructions on the 3rd party solution To enable Syslog server in ESET Protect on On-Prem : + 1. In admin console go to `More` > `Settings`. 2. Open `Advanced Settings` tab. @@ -77,6 +78,7 @@ To enable Syslog server in ESET Protect on On-Prem : Important note - For ESET Protect Cloud, you will required a secured syslog forwarder. Please read our article [how to secure data collection to the syslog forwarder](intergration/ingestion_methods/syslog/secured_forwarded.md) To enable Syslog server in ESET Protect on Cloud: + 1. In admin console go to `More` > `Admin` > `Settings`. 2. Click `General` > `Syslog` 3. Check `Enable syslog sending`