Forescout eyeInspect is a platform that provides deep visibility and control of Operational Technology (OT) and Industrial Control System (ICS) networks, enabling threat detection, asset management, and risk compliance.

For more detailed information refer to Forescout’s official website.

Integration Method:  Data Collector (API Ingest)

Tables: Device Inventory Info (5001)

This integration supports the following events.

This integration supports the following versions.

Prerequisites

• Admin access to Forescout eyeInspect.

• Install or use an existing data collector.

• Access to the DataBee console

Configuration Overview

1. Data Collector Configuration and Installation.

2. Add a New User in Forescout.

3. Create Forescout eyeInspect Data Feed in the DataBee console.

   DataBee Parameter	Forescout eyeInspect Parameter
   Username	Username
   Password	Password
   Base URL	https://<host_ip> (IP of the Forescout eyeInspect)

Data Collector Configuration and Installation

To receive events from Forescout eyeInspect, a Data Collector must be installed and configured. The data collector is used to call eyeInspect APIs in an on-prem environment and send data to DataBee securely.

Follow the steps provided in DataBee's official documentation to complete the configuration. Additionally, refer to this guide for detailed instructions on installing the Data Collector on your Linux machine.

Forescout eyeInspect Configuration

Create User

1. Log on to the Forescout eyeInspect using Administrator credentials.

2. From the navigation bar under SETTINGS select System Settings.
    

3. From the “Command Center Settings” page, select Users and roles under “Users” tab.
    

4. Click on + to add a new user.
    

5. In the Add User Form:

   1. Enter the ‘Username’, ‘Password’, and ‘Full name’ of user you want to create.

   2. Uncheck the ‘Force Password Change at next login’ if you want to use the same password as entered in previous step to access the API.

   3. From the ‘Selected roles’ check only the viewer role, then click on FINISH.
       

DataBee Configuration

1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
    

2. Search for Forescout eyeInspect and click it as shown below.
    

3. Click on the Data Collector option for collection method.
    

4. Click on the API Ingest option as the polling mechanism.
    

5. Enter the feed contact information, select the collector that you have created from the drop down, and click on the Next button.
    

6. In the configuration page, confirm the following:

   • Base URL: paste the Base URL which would be the Ip address of the Forescout eyeInspect Server

   • Request Count: set to 500.

   • Interval: set to 60 seconds.

   • Event Types: preselected for all the event types that integration pulls.
     

     Note:

     Limit is set to 500 requests/60s for a high-spec (8GB RAM) setup. Use 100 requests/60s for lower-spec setups.

      

7. In the configure authentication page, confirm the following, then click on Next.

   • Authorization Method: Basic Auth

   • Username: paste the username.

   • Password: paste the password.

   • Enable TLS: check the Enable TLS option.

   • Skip Server-side Certificate Verification: check it to disable the server-side certificate verification.

   • Root CAS File Path: enter the path where the CA certificate file is located on the data collector.
      

8. Click Submit.
    

Troubleshooting Tips

• Ensure that the server is reachable by opening the terminal on the receiver machine and running ping <server_ip> command. 

• If you encounter any issues regarding log forwarding, refer to the DataBee troubleshooting document for detailed guidance.