Warning

This app is archived. App archiving documentation

ForeScout CounterACT Syslog Add-on for Splunk app icon

ForeScout CounterACT Syslog Add-on for Splunk

The purpose of this add-on is to provide value to your ForeScout CounterACT syslog logs (ONLY SYSLOG!). This is done by making the logs CIM compliant, adding tagging for Enterprise Security data models, and other knowledge objects to make searching and visualizing this data easy.

Built by
splunk product badge
screenshot

Latest Version 1.0.1
April 16, 2019
Compatibility
Splunk Enterprise
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
CIM Version: 4.x, 3.x
Rating

0

(0)

Log in to rate this app
Support
ForeScout CounterACT Syslog Add-on for Splunk support icon
Not Supported
The purpose of this add-on is to provide value to your ForeScout CounterACT syslog logs (ONLY SYSLOG!). This is done by making the logs CIM compliant, adding tagging for Enterprise Security data models, and other knowledge objects to make searching and visualizing this data easy. This add-on assumes you are onboarding the data either using a syslog collector that outputs to a file or using the built-in Splunk TCP/UDP listener (I would highly recommend the former)--the knowledge objects will work for any ingestion method if you use the correct sourcetype. Regardless of ingestion method, you may need to adjust some of the props.conf settings for proper line breaking and timestamp parsing. +Built for Splunk Enterprise 6.x.x or higher +CIM Compliant (CIM 4.0.0 or higher) +Ready for Enterprise Security +Built based on ForeScout CounterACT Syslog Plugin 3.2.0 Documentation ++https://www.forescout.com/wp-content/uploads/2018/04/CounterACT_Syslog_Messages_Technical_Note.pdf +++Supports logs from "NAC Events", "Threat Protection", and "System Log and Events" sections. +++Does not support logs from "User Operation" or "Operating System Messages" sections (too much variance between systems). +If you are looking to use the ForeScout CounterACT API, please use this add-on: https://splunkbase.splunk.com/app/3382/

Categories

IT Operations, Security, Fraud & Compliance

Created By

Hurricane Labs

Type

addon

Downloads

1,536

Resources

Log in to report this app listing