Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

ForeScout

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
SECURITY EVENTS TEMPLATE. INTEGRATION WITH FORESCOUT
[ Edited ]
Adviser
Adviser
Vadim
Posts: 172
Registered: ‎09-09-2015

‎08-04-2017 12:58 PM - edited ‎08-04-2017 01:29 PM

Vadim
Adviser
Posts: 82

Hi there,

The PDF-file attached to the post provides detailed explanation of the security events management template.  Do not copy/past the template from the file, it may not work. Download the template attached to this post. The templates are provided “as-is”, please check them in you Lab environment and modify for your needs before implementing them in production.

 

FS_RemediateOnEvent extensible attribute is required to trigger a policy on ForeScout side. WAPI credentials are required to update extensible attributes and retrieve “_ref” field.

 

Any feedback and/or questions are appreciated and very welcome.

BR,

Vadim Pavlov

images.icon_attachment.alt
FS_SecEvents.pdf ‏63 KB
Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: