Unifying ESET Inspect and ESET PROTECT (OpenXDR)
Summary
As part of ESET PROTECT evolution into a true OpenXDR platform, we are consolidating ESET Inspect capabilities directly into ESET PROTECT. This unifies the consoles, standardizes data on the Elastic Common Schema, and introduces a new Incident management workflow.
Who is affected?
•All cloud customers using ESET PROTECT and/or ESET Inspect (only cloud versions of both solutions)
•Partners/MSPs and users of APIs.
|
Actions Required To ensure uninterrupted service, you must perform the following before January 2026: 1.Update Network Configuration: You must allow new IP addresses for the OpenXDR Endpoint. 2.Update ESET Inspect Connector: Version 3.0 is required for OpenXDR compatibility. NOTE: Outdated ESET Inspect Connectors will not generate Indicators. Furthermore, once the new backend systems are deployed (February–April 2026), the product will stop creating new Incidents entirely. ESET will automatically update older connectors during January and February 2026. However, if your environment restricts auto-updates or ESET update servers, you must perform a manual update to ensure compatibility. |
Transition timeline
Date |
Milestone |
Impact |
|---|---|---|
January 2026 |
Preparation phase |
•ESET Inspect Connector 3.0 released (required) •Update to ESET Management Agent version 13.0+ is required. •Creation of new Incident Rules in ESET Inspect is disabled |
January to March 2026 |
ESET PROTECT 7.0 |
•Advanced Search (Indicators) becomes available. •Integrations section debuts (Microsoft Entra ID). |
February to April 2026 |
OpenXDR launch |
•New incidents open in ESET PROTECT. Old incidents remain visible in ESET Inspect for a limited time. |
Second half of 2026 |
Consolidation |
•Inspect Incident Management Removed: You cannot create incidents or add detections in ESET Inspect. •Rule Conversion: User Incident Rules auto-convert to Detection Rules. •Telemetry Search: Becomes available in ESET PROTECT Advanced Search. |
First half of 2027 |
Target end state |
Unified single pane of glass across ESET PROTECT. |
Detailed changes
The new data model
We are moving to a three-layer data model based on Elastic Common Schema:
•Telemetry: Low-level events (e.g., “driver loaded”).
•Indicators: Time-stamped events with context (similar to legacy Detections).
•Incidents: Correlated groups of Indicators prioritized for investigation.
Workflow changes (What replaces what?)
•Detections are becoming Incidents: The primary investigation of potential threats shifts from Detections to Incidents.
•Legacy Inspect console is becoming PROTECT Console: Investigation and response move entirely to ESET PROTECT.
•Advanced Search: A new SIEM-like interface in ESET PROTECT replaces legacy search. It supports Lucene query syntax for searching Indicators and provides separate drill-down workflows for Telemetry data.
Dual mode (transition period)
During the transition (H1 2026), you will see both legacy and new sections.
•Cross-console behavior: Existing legacy incidents remain in ESET Inspect; new OpenXDR incidents appear exclusively in ESET PROTECT.
•Backward compatibility: Existing APIs and Syslog integrations will continue to work. The backend maps new Indicators to existing Detections.
•New API: A new Incident API will be released. Customers are advised to migrate to this API as soon as possible.
Integrations
A new central section in ESET PROTECT will manage OpenXDR integrations, starting with Microsoft Entra ID and on-prem Active Directory.
Next steps
•Migrate workflows: Begin handling incidents in ESET PROTECT as soon as the feature becomes available.
•Convert rules: If you use custom Incident Rules, start converting them to Detection Rules before the automatic migration in the second half of 2026.
•Feedback: Report UX issues via the in-product Submit Feedback button.
