The PDF-file attached to the post provides detailed explanation of the security events management template. Do not copy/past the template from the file, it may not work. Download the template attached to this post. The templates are provided “as-is”, please check them in you Lab environment and modify for your needs before implementing them in production.
FS_RemediateOnEvent extensible attribute is required to trigger a policy on ForeScout side. WAPI credentials are required to update extensible attributes and retrieve “_ref” field.
Any feedback and/or questions are appreciated and very welcome.