ForeScout CounterAct

Version : ForeScout CounterAct v8.0 and above version.

ForeScout CounterAct gives you network access control. It maintains the policies and network configuration and deploys them to the ForeScout CounterACT appliances.

ForeScout CounterAct can be integrated with Netsurion's Open XDR platform using syslog. With the help of ForeScout CounterAct KP items, we can monitor the network access control activities, malicious process and mail infection on applications and also trigger the alert whenever any malicious process running and mail infection is detected.

Netsurion's Open XDR platform dashboard will help you to visualize the web activities on applications. It can even create the report that helps to collect user activities happening in the  applications for a time interval. This will help you to review the different malicious and network activities. Netsurion's Open XDR platform CIM will help you to correlate from network access control activities, malicious process, and mail infection, etc.

Netsurion Data Source Integrations for ForeScout CounterAct allows you to monitor the following components:

  • Security - Malicious process logs, Mail infection logs, and Blocked events.
  • Operations - Network access control logs.

Once ForeScout CounterAct is configured to deliver events to Netsurion knowledge objects and reports can be configured into Netsurion.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security ForeScout CounterAct - Suspicious activity found This alert will trigger whenever suspicious process is found.
Security ForeScout CounterAct - Email infection detected This alert will trigger whenever an infection is found in the email attachments.

Reports

Type Name Description
Security ForeScout CounterAct – Blocked events This report provides information related to the blocked events IP address, port details, firewall blocking status and reason.
Security ForeScout CounterAct – Mail infection activities This report provides information related to mail ids of sender and receiver, mail subject and IP address.
Security ForeScout CounterAct – Suspicious activity found This report provides information related to a potential malicious process found, IP address, process ID, and threat name.
Operations ForeScout CounterAct – Network access control activities This report provides information related to IP address, rule names, rule message, and reason.

Documentation

The configuration details are consistent with Netsurion version 9.x and later, and ForeScout CounterAct v8.0 and above version.

Download Integration Guide and How-to Guide for more information and to configuration instructions .

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept