Forescout Eyesight
Visualize Forescout Eyesight hosts, policies, users and vulnerabilities, map Forescout hosts to its matching policies, assigned user and identified vulnerabilities, and monitor changes through queries and alerts.
- Installation guide
- Forescout Eyesight data model
- Forescout Eyesight types
Installation
To initiate this integration in JupiterOne, you will first need to create a Web API token within Forescout to use in JupiterOne.
Configuration in Forescout Eyesight
Creating a Web API Token:
- Log in to the Forescout Console and navigate to Settings > Modules. Search for "Web API".
- If the "Web API" module is not already started, start it, and click the "Configure" button.
- Under "User Settings", create a new user.
- Save the username and password you created. Enter these credentials in the "Web API Username" and "Web API Password" fields in JupiterOne.
Optional: Creating an Admin API User for Ingesting Network Segment Entities
- Log in to the Forescout Console and navigate to Settings > Modules. Search for "Core Extensions > Admin API".
- If the "Admin API" module is not already started, start it.
- Use the "Settings" search to find and select the "CounterACT User Profiles" option.
- Click the "Add" button and create a new user with the "User Type" set to "Single - Password".
- Enter the username and password you create in the "Admin API Username" and "Admin API Password" fields in JupiterOne.
- Assign the user "Group Management" and "Policy Management" permissions with the "View" scope.
:::
Configuration in JupiterOne
To install the Forescout Eyesight integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select "Forescout Eyesight". Click New Instance to begin configuring your integration.
Creating a configuration requires the following:
The Account Name used to identify the Forescout Eyesight account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled.Description to assist in identifying the integration instance, if desired.
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration.Your Hostname.
The Web API Username and Web API Password.
The Admin API Username and Admin API Password if you want to ingest the Ip Ranges.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Data Model
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | forescout_eyesight_account | Account |
| Host | forescout_eyesight_host | Host |
| Ip Range | forescout_eyesight_ip_range | IpRange |
| Policy | forescout_eyesight_policy | Policy |
| Policy Rule | forescout_eyesight_policy_rule | Rule |
| Scanner | forescout_eyesight_scanner | Scanner |
| User | forescout_eyesight_user | User |
| Vulnerability | forescout_eyesight_vulnerability | Finding |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
forescout_eyesight_account | HAS | forescout_eyesight_scanner |
forescout_eyesight_host | HAS | forescout_eyesight_vulnerability |
forescout_eyesight_ip_range | CONTAINS | forescout_eyesight_host |
forescout_eyesight_policy | HAS | forescout_eyesight_policy_rule |
forescout_eyesight_scanner | IDENTIFIED | forescout_eyesight_host |
forescout_eyesight_scanner | ASSIGNED | forescout_eyesight_policy |
forescout_eyesight_user | USES | forescout_eyesight_host |
Forescout Eyesight Account
forescout_eyesight_account inherits from Account
| Property | Type | Description | Specifications |
|---|---|---|---|
name * | string | ||
vendor * | string |
Forescout Eyesight Scanner
forescout_eyesight_scanner inherits from Scanner
| Property | Type | Description | Specifications |
|---|---|---|---|
name * | string | ||
category * | array of strings |
Forescout Eyesight Host
forescout_eyesight_host inherits from Host
| Property | Type | Description | Specifications |
|---|---|---|---|
id * | string | ||
ipAddress | string | ||
macAddress | string | ||
function | string | ||
os | string | ||
model | string | ||
manufacturer | string |
Forescout Eyesight User
forescout_eyesight_user inherits from User
| Property | Type | Description | Specifications |
|---|---|---|---|
name * | string | ||
username | string | ||
loggedInStatus | string | ||
department | string | ||
email | string |
Forescout Eyesight Vulnerability
forescout_eyesight_vulnerability inherits from Finding
| Property | Type | Description | Specifications |
|---|---|---|---|
id * | string | ||
title * | string | ||
cveId | string | ||
icsaId | string | ||
vendorSpecificId | string | ||
suppressed | boolean | ||
matchingConfidence | string | ||
cvssScore | number | ||
cvssTemporalScore | number | ||
cvssConfidentialityImpact | string | ||
cvssIntegrityImpact | string | ||
cvssAvailabilityImpact | string | ||
cvssRemediationLevel | string | ||
cvssReportingConfidence | string |
Forescout Eyesight Policy
forescout_eyesight_policy inherits from Policy
| Property | Type | Description | Specifications |
|---|---|---|---|
id * | string | ||
name * | string | ||
description | string |
Forescout Eyesight Policy Rule
forescout_eyesight_policy_rule inherits from Rule
| Property | Type | Description | Specifications |
|---|---|---|---|
id * | string | ||
name * | string | ||
description | string |
Forescout Eyesight Ip Range
forescout_eyesight_ip_range inherits from IpRange