Forescout Technology Add-on for Splunk

Your cyber attack surface consists of all connected devices accessing your network at anytime, anywhere, by anyone. To effectively reduce risk, you need to maximize your insight and control of all devices on your network. On average, Forescout customers discover over 25% more connected devices than they knew they had and can collect hundreds more contextual device properties than before. By combining Forescout's complete enterprise-wide device visibility, rich contextual device and network properties data and automated incident response capabilities with Splunk’s data correlation, analytics and incident management, security operations teams can dramatically reduce risk and increase operational efficiency by realizing numerous benefits including: • Refine security policies by collecting and analyzing real-time device, user and network insight across managed and unmanaged connected devices, including IT, IoT, OT, BYOD and Guest, and regardless of device type or network tier. • Enhance scope and accuracy of real-time analytics, long-term trend analysis and investigations • Rapidly detect anomalies, vulnerabilities and threats • More easily prioritize incidents by leveraging correlated contextual device and event data to prioritize incidents • Automate closed-loop incident response workflows across the entire incident management lifecycle to immediately mitigate and remediate threats and provide a complete audit trail from incident detection to results of actions taken. Integration of the Forescout platform with Splunk Enterprise, Splunk Cloud and Splunk Enterprise Security (ES) is enabled by the Forescout eyeExtend for Splunk module paired with the Forescout App for Splunk along with the Forescout Adaptive Response and Forescout Technology Add-ons for Splunk. The Forescout Technology Add-on for Splunk is a required component to streamline data transfer between Forescout and Splunk Enterprise. This Add-on maps Forescout collected device properties to the Splunk Common Information Model (CIM) and extracts events based on Forescout data. The Forescout Technology Add-on also maintains Forescout credentials for communications between Forescout and Splunk Enterprise.

Built by Forescout Technologies

Latest Version 3.0.5

May 22, 2025

Release notes

Compatibility

Not Available

Platform Version: 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3

Rating

0

(0)

Log in to rate this app

Support

Developer Supported addon

Learn more

Ranking

#8

in IoT & Industrial Data

Your cyber attack surface consists of all connected devices accessing your network at anytime, anywhere, by anyone. To effectively reduce risk, you need to maximize your insight and control of all devices on your network. On average, Forescout customers discover over 25% more connected devices than they knew they had and can collect hundreds more contextual device properties than before. By combining Forescout's complete enterprise-wide device visibility, rich contextual device and network properties data and automated incident response capabilities with Splunk’s data correlation, analytics and incident management, security operations teams can dramatically reduce risk and increase operational efficiency by realizing numerous benefits including: • Refine security policies by collecting and analyzing real-time device, user and network insight across managed and unmanaged connected devices, including IT, IoT, OT, BYOD and Guest, and regardless of device type or network tier. • Enhance scope and accuracy of real-time analytics, long-term trend analysis and investigations • Rapidly detect anomalies, vulnerabilities and threats • More easily prioritize incidents by leveraging correlated contextual device and event data to prioritize incidents • Automate closed-loop incident response workflows across the entire incident management lifecycle to immediately mitigate and remediate threats and provide a complete audit trail from incident detection to results of actions taken. Integration of the Forescout platform with Splunk Enterprise, Splunk Cloud and Splunk Enterprise Security (ES) is enabled by the Forescout eyeExtend for Splunk module paired with the Forescout App for Splunk along with the Forescout Adaptive Response and Forescout Technology Add-ons for Splunk. The Forescout Technology Add-on for Splunk is a required component to streamline data transfer between Forescout and Splunk Enterprise. This Add-on maps Forescout collected device properties to the Splunk Common Information Model (CIM) and extracts events based on Forescout data. The Forescout Technology Add-on also maintains Forescout credentials for communications between Forescout and Splunk Enterprise.