⚠️ ESET Protect Platform
⚠️ Unpublished: This item is from a solution that is not yet published on Azure Marketplace or not installed in Content Hub.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | ESETProtectPlatform |
| Publisher | ESET |
| Used in Solutions | ESET Protect Platform |
| Collection Method | Azure Function |
| Connector Definition Files | ESETProtectPlatform_API_FunctionApp.json |
| Ingestion API | Log Ingestion API — Azure Function code uses LogsIngestionClient/Log Ingestion API |
The ESET Protect Platform data connector enables users to inject detections data from ESET Protect Platform using the provided Integration REST API. Integration REST API runs as scheduled Azure Function App.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
IntegrationTableIncidents_CL |
? | ✓ | ? |
IntegrationTable_CL |
? | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): read and write permissions on the workspace are required. - Keys (Workspace): read permissions to shared keys for the workspace are required. See the documentation to learn more about workspace keys.
Custom Permissions: - Microsoft.Web/sites permissions: Read and write permissions to Azure Functions to create a Function App is required. See the documentation to learn more about Azure Functions. - Permission to register an application in Microsoft Entra ID: Sufficient permissions to register an application with your Microsoft Entra tenant are required. - Permission to assign a role to the registered application: Permission to assign the Monitoring Metrics Publisher role to the registered application in Microsoft Entra ID is required.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
NOTE: The ESET Protect Platform data connector uses Azure Functions to connect to the ESET Protect Platform via Eset Connect API to pull detections logs into Microsoft Sentinel. This process might result in additional data ingestion costs. See details on the Azure Functions pricing page.
NOTE: The newest version of the ESET PROTECT Platform and Microsoft Sentinel integration pulls not only detections logs but also newly created incidents. If your integration was set up before 20.06.2025, please follow these steps to update it.
1. Step 1 - Create an API user
Use this instruction to create an ESET Connect API User account with Login and Password.
2. Step 2 - Create a registered application
Create a Microsoft Entra ID registered application by following the steps in the Register a new application instruction.
3. Step 3 - Deploy the ESET Protect Platform data connector using the Azure Resource Manager (ARM) template
-
Click the Deploy to Azure button below.
-
Select the name of the Log Analytics workspace associated with your Microsoft Sentinel. Select the same Resource Group as the Resource Group of the Log Analytics workspace.
-
Type the parameters of the registered application in Microsoft Entra ID: Azure Client ID, Azure Client Secret, Azure Tenant ID, Object ID. You can find the Object ID on Azure Portal by following this path
Microsoft Entra ID -> Manage (on the left-side menu) -> Enterprise applications -> Object ID column (the value next to your registered application name).
-
Provide the ESET Connect API user account Login and Password obtained in Step 1.
-
Select one or more ESET products (ESET PROTECT, ESET Inspect, ESET Cloud Office Security) from which detections are retrieved.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊