Latest Version 1.1.1
April 19, 2022
Warning
Splunkbase Classic has been deprecated and will be deactivated on February 18, 2026.
This app is archived. App archiving documentation
Forescout OT Network Security Monitoring for Splunk
The Forescout OT Network Security Monitoring App for Splunk (Forescout OT NSM App) enables users to act on OT/ICS threats and vulnerabilities using three intuitive Splunk dashboards. By integrating configurable alert data from Forescout eyeInspect (previously named SilentDefense) with device information and other relevant network activity, this App provides Splunk users with unparalleled contextual information required to identify threats, manage remediation workflows and secure their ICS environment.
Built by
Compatibility
Splunk Enterprise
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0
CIM Version: 5.x, 4.x
Rating
0
(0)
Log in to rate this app
Support
Not Supported
The Forescout OT Network Security Monitoring App for Splunk (Forescout OT NSM App) enables users to act on OT/ICS threats and vulnerabilities using three intuitive Splunk dashboards. By integrating configurable alert data from Forescout eyeInspect (previously named SilentDefense) with device information and other relevant network activity, this App provides Splunk users with unparalleled contextual information required to identify threats, manage remediation workflows and secure their ICS environment.
The Forescout OT NSM App for Splunk is the ideal solution for industrial asset owners who want to integrate rich OT asset intelligence and threat detection data from across all OT sites within Splunk. Users can leverage the exceptional OT asset and threat data from Forescout eyeInspect to increase compliance and defend their OT/ICS networks from both operational failures and cyberattacks, such as Ripple 20, EKANS, WannaCry, NotPetya, TRITON and many more.
The Forescout OT NSM App for Splunk contains three pre-built Splunk Dashboards:
- The Security Dashboard helps the user to identify alert trends and correlate them with other network activity, enabling a faster detection of anomalies, cyber threats, dangerous commands sent to OT devices and device misbehavior. It allows to reduce Mean Time to Response by providing the context needed to determine the best mitigation action
- The Asset Inventory Dashboard lets analysts access high-value device information and context to better identify unexpected changes in the network, prioritize investigations, and quickly acknowledge new assets, communication patterns, or protocols seen within the network to help asset inventory and maintenance processes.
- The Administrative Dashboard provides deep insights on system health status and user activity performed on the Forescout eyeInspect appliances, to prevent system failure and detect undesired user activity.
The Forescout OT NSM App for Splunk automatically maps data to the Splunk Common Information Model (CIM) and the Splunk OT Asset Model. Valuable Forescout eyeInspect alerts and asset data can also be easily leveraged by other Splunk Apps and Add-ons such as Splunk Enterprise Security and OT Security Add-on for Splunk.
Categories
IoT & Industrial Data, Security, Fraud & Compliance
Created By
Forescout Technologies
Type
app
Downloads
1,161
Splunk Answers
Ask a question about this app listing(Opens new window)Resources
Log in to report this app listing