ESET Inspect features a Public REST API that enables the accessing and exporting of detections and their remediation to allow effective integration with tools such as SIEM, SOAR, ticketing tools and many others.

ESET Inspect supports Windows, macOS, and Linux, which makes it a perfect choice for multiplatform environments.

Incident response and security services are only as smooth as the ease with which they are accessed – both in terms of the incident responder’s connection to the XDR console, and the connection with the endpoints. The connection works at close to real-time speed with maximum security measures applied, all without the need for third-party tools.

Use the powerful query-based IOC search and apply filters to raw data for sorting based on file popularity, reputation, digital signature, behavior, or other contextual information. Setting up multiple filters allows automated, easy threat hunting and incident response, including the ability to detect and stop APTs and targeted attacks.

Define network access policies to quickly stop lateral movement by malware. Isolate a compromised device from the network with just one click in the ESET Inspect interface. Also, easily remove devices from the containment state.

ESET Inspect provides unique behavior- and reputationbased detection that is fully transparent to security teams. All rules are easily editable via XML to allow finetuning or easily created to match the needs of specific enterprise environments, including SIEM integrations.

ESET Inspect references its detections to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework, which in one click provides you with comprehensive information even about the most complex threats.

Group objects such as detections, computers, executables or processes into logical units to view potential malicious events on a timeline, with related user actions. ESET Inspect  automatically suggests to the incident responder all related events and objects that can greatly help in an incident’s triage, investigation, and resolution stages.

Check actions carried out by an executable and utilize ESET’s LiveGrid® Reputation system to quickly assess if executed processes are safe or suspicious. Monitoring anomalous user-related incidents is possible due to specific rules written to be triggered by behavior, not simple malware, or signature detections. Grouping of computers by user or department allows security teams to identify if the user is entitled to perform a specific action or not.

Block malicious modules from being executed on any computer in your organization’s network. ESET Inspect’s open architecture offers the flexibility to detect violations of policies that apply to the use of specific software like torrent applications, cloud storage, Tor browsing or other unwanted software.

Assign and unassign tags for fast filtering of objects such as computers, alarms, exclusions, tasks, executables, processes, and scripts. Tags are shared among users, and once created, can be assigned within seconds.

Prioritize the severity of alarms with a scoring functionality that attributes a severity value to incidents and allows admins to quickly identify computers with a higher probability for potential incidents.

View and block modules based on over 30 different indicators, including hash, registry modifications, file modifications and network connections.

View comprehensive data about a newly executed module, including time of execution, the user who executed it, dwell time and the devices attacked. All data is stored locally to prevent sensitive data leakage