Freely subscribe to our NEWSLETTER

ForeScout CounterACT helps organisations gain complete visibility for all devices, users, systems and applications attempting to connect to or on an enterprise network – wired or wireless, managed or unmanaged, PC or mobile. Devices are dynamically discovered, classified, profiled and assessed without requiring agents. CounterACT applies policy-based controls to: allow, limit or block access; manage guests and BYOD users; monitor and enforce endpoint compliance and mitigate violations and exposures. All captured information, as well as event logs, can be sent to Splunk Enterprise for data analysis, reporting and optimised retention. In addition, operators can enable Splunk Enterprise to communicate with CounterACT to directly mitigate security issues. As a result, IT organisations can make their data truly actionable.

The ForeScout App for Splunk Enterprise allows customers to easily use and create a wide variety of operational dashboards and reports which take advantage of Splunk Enterprise to efficiently analyse, visualise and store huge volumes of identity, device, application, access and violation data generated by ForeScout CounterACT. Security analysts can combine this information with other big data sources for real-time monitoring and to conduct historical searches to identify advanced threats, fraud and other security exposures. Furthermore, Splunk can be easily configured to send triggered event data to ForeScout CounterACT in order to remediate endpoint security issues, isolate breached systems or trigger other policy-based controls.

The ForeScout App for Splunk Enterprise is available now on Splunk Apps. ForeScout integration with Splunk is performed via syslog, CEF (Common Event Format) and Web API (Application Programming Interface) standards.