Forescout Adaptive Response Add-on for Splunk

Your cyber attack surface consists of all connected devices accessing your network at anytime, anywhere, by anyone. To effectively reduce risk, you need to maximize your insight and control of all devices on your network. On average, Forescout customers discover over 25% more connected devices than they knew they had and can collect hundreds more contextual device properties than before. By combining Forescout's complete enterprise-wide device visibility, rich contextual device and network properties data and automated incident response capabilities with Splunk’s data correlation, analytics and incident management, security operations teams can dramatically reduce risk and increase operational efficiency by realizing numerous benefits including: • Refine security policies by collecting and analyzing real-time device, user and network insight across managed and unmanaged connected devices, including IT, IoT, OT, BYOD and Guest, and regardless of device type or network tier. • Enhance scope and accuracy of real-time analytics, long-term trend analysis and investigations • Rapidly detect anomalies, vulnerabilities and threats • More easily prioritize incidents by leveraging correlated contextual device and event data to prioritize incidents • Automate closed-loop incident response workflows across the entire incident management lifecycle to immediately mitigate and remediate threats and provide a complete audit trail from incident detection to results of actions taken. Integration of the Forescout platform with Splunk Enterprise, Splunk Cloud and Splunk Enterprise Security (ES) is enabled by the Forescout eyeExtend for Splunk module paired with the Forescout App for Splunk along with the Forescout Adaptive Response and Forescout Technology Add-ons for Splunk. This Forescout Adaptive Response Add-on supports the Splunk Adaptive Operations Framework as follows: -The Forescout App for Splunk maintains a list of available actions from the Forescout platform. Splunk can instruct the Forescout platform to respond to potential threats by applying any of these actions to endpoints that match search/trend criteria. -To complete the action flow, the Forescout platform reports the status of actions applied to endpoints. The Forescout Adaptive Response Add-on enables closed-loop incident response workflows that allow you to streamline security operations and minimize business risk by automating the incident management lifecycle with a complete audit trail that also helps with policy refinements.

Built by Forescout Technologies

Latest Version 3.0.7

May 22, 2025

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3

Rating

0

(0)

Log in to rate this app

Support

Developer Supported addon

Learn more

Ranking

#17

in IoT & Industrial Data

Your cyber attack surface consists of all connected devices accessing your network at anytime, anywhere, by anyone. To effectively reduce risk, you need to maximize your insight and control of all devices on your network. On average, Forescout customers discover over 25% more connected devices than they knew they had and can collect hundreds more contextual device properties than before. By combining Forescout's complete enterprise-wide device visibility, rich contextual device and network properties data and automated incident response capabilities with Splunk’s data correlation, analytics and incident management, security operations teams can dramatically reduce risk and increase operational efficiency by realizing numerous benefits including: • Refine security policies by collecting and analyzing real-time device, user and network insight across managed and unmanaged connected devices, including IT, IoT, OT, BYOD and Guest, and regardless of device type or network tier. • Enhance scope and accuracy of real-time analytics, long-term trend analysis and investigations • Rapidly detect anomalies, vulnerabilities and threats • More easily prioritize incidents by leveraging correlated contextual device and event data to prioritize incidents • Automate closed-loop incident response workflows across the entire incident management lifecycle to immediately mitigate and remediate threats and provide a complete audit trail from incident detection to results of actions taken. Integration of the Forescout platform with Splunk Enterprise, Splunk Cloud and Splunk Enterprise Security (ES) is enabled by the Forescout eyeExtend for Splunk module paired with the Forescout App for Splunk along with the Forescout Adaptive Response and Forescout Technology Add-ons for Splunk. This Forescout Adaptive Response Add-on supports the Splunk Adaptive Operations Framework as follows: -The Forescout App for Splunk maintains a list of available actions from the Forescout platform. Splunk can instruct the Forescout platform to respond to potential threats by applying any of these actions to endpoints that match search/trend criteria. -To complete the action flow, the Forescout platform reports the status of actions applied to endpoints. The Forescout Adaptive Response Add-on enables closed-loop incident response workflows that allow you to streamline security operations and minimize business risk by automating the incident management lifecycle with a complete audit trail that also helps with policy refinements.