Infoblox and ForeScout CounterACT together enable security and incident response teams to leverage the integration of NAC, IPAM and DNS security to enhance visibility, manage assets, ease compliance and automate remediation. This video shows how the integration with ForeScout CounterACT works using Outbound API NIOS 8.1 feature.
All necessary templates are attached to this post. The templates are provided “as-is”, please check them in you Lab environment and modify for your needs before implementing them in production.
The templates require Extensible Attributes, described in the table below. It is recommended to inherit attributes with the default values from the network view level
|
Extensible Attribute
|
Description
|
|
FS_Sync
|
Defines if an object should be synced with ForeScout. Possible values: true, false
|
|
FS_SyncedAt
|
Contains date/time when the object was synchronized, updated by the assets management template
|
|
FS_RemediateOnEvent
|
Defines if a remediation task/policy should be executed for RPZ or DNS Tunneling events that are triggered
|
You can use attached PHP script to create these EAs (do not forget to update $NIOS_baseURL, $NIOS_User, $NIOS_PWD, $data variables based on your configuration)
The detailed description how the templates work and how to configure it you can find in these posts:
Any feedback and/or questions are much appreciated.
BR,
Kevin Zettel
