Forescout
Method 1: Network logs forwarding
The Network logs forwarding page ("Settings" > "System Settings" > "Network logs forwarding") allows users to enable and configure the forwarding of Network Logs to a third-party solution by means of syslog messages. The pages and configuration steps required to enable forwarding of Network Logs are exactly the same as those described for Alerts. The only difference lies in the semantics adopted when users un-tick the "always active" checkbox in the alert forwarding conditions, but leave the conditions "tree" empty. For Alerts, this results in all alerts being forwarded, whereas for Network Logs, this results in no log begin forwarded. The rationale is that Alerts are important events that are generally desirable to be forwarded to an analyst, whereas Network Logs are useful additional intelligence for context and threat hunting. This choice of default behavior is to prevent user mistakes in the configuration of eyeInspect to impact their monitoring capabilities. Pre-set messages for CEF, LEEF and JSON (Splunk) are available also for Network Logs forwarding.
Configure the plugin receiver port
Configure the Syslog plugin port for receiving syslog events for each Forescout Platform device configured as a syslog server (receiver of wireless events and/or switch events) in the management interface. Each device receives syslog events sent from managed, individual network devices.
To configure the port for receiving syslog events:
Verify the plugin is running
Verify that the Syslog plugin is running in all of the Forescout Platform devices that are configured in the management interface as syslog servers (In the Console, select and expand the Core Extensions module entry).
If the plugin is not running in all of these Forescout Platform devices, select .
Source: https://docs.forescout.com/bundle/network-cntrlr-1-2-8-h/page/c-syslog-plugin-configuration-p-d1e1407.html
Method 2: Generate an API key for application integration
To generate an API key for your custom application to query ingested log telemetry and other sources of data, complete the following procedure:
Source: https://docs.forescout.com/bundle/forescout-cloud-administration-guide/page/gitdoc-cloud/Cloud/forescout-cloud-administration-guide/generate_an_api_key_for_application_integration.html
No Comments