Skip to main content

Forescout

Method 1: Network logs forwarding

 

The Network logs forwarding page ("Settings" > "System Settings" > "Network logs forwarding") allows users to enable and configure the forwarding of Network Logs to a third-party solution by means of syslog messages. The pages and configuration steps required to enable forwarding of Network Logs are exactly the same as those described for Alerts. The only difference lies in the semantics adopted when users un-tick the "always active" checkbox in the alert forwarding conditions, but leave the conditions "tree" empty. For Alerts, this results in all alerts being forwarded, whereas for Network Logs, this results in no log begin forwarded. The rationale is that Alerts are important events that are generally desirable to be forwarded to an analyst, whereas Network Logs are useful additional intelligence for context and threat hunting. This choice of default behavior is to prevent user mistakes in the configuration of eyeInspect to impact their monitoring capabilities. Pre-set messages for CEF, LEEF and JSON (Splunk) are available also for Network Logs forwarding.

 

Source: https://docs.forescout.com/bundle/eyeinspect-user-guide-v5-5-0/page/gitdoc-eyeinspect/eyeInspect/eyeInspect_User_Guide/network-logs-forwarding.html

 

Method 2: Generate an API key for application integration

 

To generate an API key for your custom application to query ingested log telemetry and other sources of data, complete the following procedure:

  1. In Forescout Cloud Console, select Integrations under the Administration menu.
  2. Click the Generate API Key button next to the category of your application - IoT/OT or SIEM.

    The Generate API Key configuration screen appears.

  3. Select a time for the API key to expire or select "Never Expires".
  4. Select users to receive Email notifications about the API key generation and expiry date.
  5. Click the Generate button and copy the API key that appears. This API key is unique and non-retrievable once the window is closed. Store the key in a secure location now; it will be needed by the application with which you are integrating.
    When generating an API key for Risk Sharing applications, the configuration screen will display the API endpoint URL needed to communicate with the API.

Source: https://docs.forescout.com/bundle/forescout-cloud-administration-guide/page/gitdoc-cloud/Cloud/forescout-cloud-administration-guide/generate_an_api_key_for_application_integration.html

Back to top