I have a crawler running on a machine that also has the ESET RA service and the RA console installed on it. There are definitely clients with issues such as several days since they were seen, and old AV definitions. I have added the built-in ESET alerts to this machine, but they are not triggering.

Am I misunderstanding how these alerts work? Should they be applied to the machine with the ESET Remote Administrator service (as I assumed) or to the machines actually running the ESET anti-virus? As a matter of interest, this ESET RA machine is not actually running ESET, it’s running Symantec Endpoint Protection.

Do I need to feed some ESET logs into the database? It would help things a lot if I could see how the built-in alerts do their work (like what are they searching the database for).

Some better documentation along those lines would be good. I’ve been watching these forums for awhile now. It was nice to see a presence from GTM recently which was what prompted me to post. Keep it up! We need a stronger community.