Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an App
Forescout App for Splunk app icon

Forescout App for Splunk

Your cyber attack surface consists of all connected devices accessing your network at anytime, anywhere, by anyone. To effectively reduce risk, you need to maximize your insight and control of all devices on your network. On average, Forescout customers discover over 25% more connected devices than they knew they had and can collect hundreds more contextual device properties than before. By combining Forescout's complete enterprise-wide device visibility, rich contextual device and network properties data and automated incident response capabilities with Splunk’s data correlation, analytics and incident management, security operations teams can dramatically reduce risk and increase operational efficiency by realizing numerous benefits including: • Refine security policies by collecting and analyzing real-time device, user and network insight across managed and unmanaged connected devices, including IT, IoT, OT, BYOD and Guest, and regardless of device type or network tier. • Enhance scope and accuracy of real-time analytics, long-term trend analysis and investigations • Rapidly detect anomalies, vulnerabilities and threats • More easily prioritize incidents by leveraging correlated contextual device and event data to prioritize incidents • Automate closed-loop incident response workflows across the entire incident management lifecycle to immediately mitigate and remediate threats and provide a complete audit trail from incident detection to results of actions taken. Integration of the Forescout platform with Splunk Enterprise, Splunk Cloud and Splunk Enterprise Security (ES) is enabled by the Forescout eyeExtend for Splunk module paired with the Forescout App for Splunk along with the Forescout Adaptive Response and Forescout Technology Add-ons for Splunk. The Forescout App for Splunk provides customizable, out-of-the-box queries and dashboards to visualize Forescout data in Splunk, displaying a wealth of information such as: • Device compliance status • User types (registered corporate users or guests) • Device types connected to the network and connection details • Patterns of network access over time • Policy trends • Forescout system health information • Incident response action status The Forescout Adaptive Response Add-on enables closed loop incident response actions. The Forescout Technology Add-on for Splunk enables more rapid time to insight by providing Forescout data in the Splunk Common Information Model (CIM) ready format.

Built by Forescout Technologies
splunk product badge
Latest Version 3.0.4
April 16, 2024
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
CIM Version: 5.x, 4.x, 3.x
Rating

0

(0)

Log in to rate this app
Support
Forescout App for Splunk support icon
Developer Supported app
Ranking

#13

in IoT & Industrial Data
Your cyber attack surface consists of all connected devices accessing your network at anytime, anywhere, by anyone. To effectively reduce risk, you need to maximize your insight and control of all devices on your network. On average, Forescout customers discover over 25% more connected devices than they knew they had and can collect hundreds more contextual device properties than before. By combining Forescout's complete enterprise-wide device visibility, rich contextual device and network properties data and automated incident response capabilities with Splunk’s data correlation, analytics and incident management, security operations teams can dramatically reduce risk and increase operational efficiency by realizing numerous benefits including: • Refine security policies by collecting and analyzing real-time device, user and network insight across managed and unmanaged connected devices, including IT, IoT, OT, BYOD and Guest, and regardless of device type or network tier. • Enhance scope and accuracy of real-time analytics, long-term trend analysis and investigations • Rapidly detect anomalies, vulnerabilities and threats • More easily prioritize incidents by leveraging correlated contextual device and event data to prioritize incidents • Automate closed-loop incident response workflows across the entire incident management lifecycle to immediately mitigate and remediate threats and provide a complete audit trail from incident detection to results of actions taken. Integration of the Forescout platform with Splunk Enterprise, Splunk Cloud and Splunk Enterprise Security (ES) is enabled by the Forescout eyeExtend for Splunk module paired with the Forescout App for Splunk along with the Forescout Adaptive Response and Forescout Technology Add-ons for Splunk. The Forescout App for Splunk provides customizable, out-of-the-box queries and dashboards to visualize Forescout data in Splunk, displaying a wealth of information such as: • Device compliance status • User types (registered corporate users or guests) • Device types connected to the network and connection details • Patterns of network access over time • Policy trends • Forescout system health information • Incident response action status The Forescout Adaptive Response Add-on enables closed loop incident response actions. The Forescout Technology Add-on for Splunk enables more rapid time to insight by providing Forescout data in the Splunk Common Information Model (CIM) ready format.

Categories

Created By

Forescout Technologies

Type

app

Downloads

6,104

Licensing

Splunk Answers

Resources

Login to report this app listing