Version : ForeScout CounterAct v8.0 and above version.
ForeScout CounterAct gives you network access control. It maintains the policies and network configuration and deploys them to the ForeScout CounterACT appliances.
ForeScout CounterAct can be integrated with Netsurion Open XDR using syslog. With the help of ForeScout CounterAct KP items, we can monitor the network access control activities, malicious process and mail infection on applications and also trigger the alert whenever any malicious process running and mail infection is detected.
Netsurion Open XDR dashboard will help you to visualize the web activities on applications. It can even create the report that helps to collect user activities happening in the applications for a time interval. This will help you to review the different malicious and network activities. Netsurion Open XDR CIM will help you to correlate from network access control activities, malicious process, and mail infection, etc.
Netsurion Data Source Integrations for ForeScout CounterAct allows you to monitor the following components:
- Security – Malicious process logs, Mail infection logs, and Blocked events.
- Operations – Network access control logs.
Once ForeScout CounterAct is configured to deliver events to Netsurion Open XDR knowledge objects and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
|Security||ForeScout CounterAct – Suspicious activity found||This alert will trigger whenever suspicious process is found.|
|Security||ForeScout CounterAct – Email infection detected||This alert will trigger whenever an infection is found in the email attachments.|
|Security||ForeScout CounterAct – Blocked events||This report provides information related to the blocked events IP address, port details, firewall blocking status and reason.|
|Security||ForeScout CounterAct – Mail infection activities||This report provides information related to mail ids of sender and receiver, mail subject and IP address.|
|Security||ForeScout CounterAct – Suspicious activity found||This report provides information related to a potential malicious process found, IP address, process ID, and threat name.|
|Operations||ForeScout CounterAct – Network access control activities||This report provides information related to IP address, rule names, rule message, and reason.|
The configuration details are consistent with Netsurion Open XDR 9.x and later, and ForeScout CounterAct.