ForeScout CounterAct

Applies To: ForeScout CounterAct v8.0 and above version.

Overview

ForeScout CounterAct gives you network access control. It maintains the policies and network configuration and deploys them to the ForeScout CounterACT appliances.

ForeScout CounterAct can be integrated with EventTracker using syslog. With the help of ForeScout CounterAct KP items, we can monitor the network access control activities, malicious process and mail infection on applications and also trigger the alert whenever any malicious process running and mail infection is detected. EventTracker dashboard will help you to visualize the web activities on applications. It can even create the report that helps to collect user activities happening in the  applications for a time interval. This will help you to review the different malicious and network activities. EventTracker CIM will help you to correlate from network access control activities, malicious process, and mail infection, etc.

EventTracker knowledge pack for ForeScout CounterAct allows you to monitor the following components:

• Security - Malicious process logs, Mail infection logs, and Blocked events.
• Operations - Network access control logs.

Once ForeScout CounterAct is configured to deliver events to EventTracker knowledge objects and reports can be configured into EventTracker.

Some of the knowledge packs available in EventTracker are listed below. For more information, refer to the Integration Guide.

Scope

The configuration details in this guide are consistent with EventTracker version 9.x and later, and ForeScout CounterAct v8.0 and above version.

Documentation

To configure ForeScout CounterAct to send logs to EventTracker, refer to the How-to Guide.

For more information, please refer to the  Integration guide.