Forescout eyeSight is a network security solution that provides visibility into and control over devices connected to an extended enterprise network. It discovers, classifies, and assesses devices, enabling organizations to enforce security policies, automate workflows, and improve overall network security posture.
For more detailed information refer to Forescout’s official web site.
Integration Method: Data Collector (API Ingest)
Tables: Device Inventory Info (5001)
This integration supports the following events.
Event | Description |
Hosts | Returns a paginated list of all hosts, and other properties, defined in the Forescout Platform. |
This integration supports the following versions.
Prerequisites
The user should have access to the Forescout eyeSight console with administrator privileges.
The user should have a compatible version of the system in which we can configure the data collector.
The user should have access to the DataBee console.
Configuration Overview
Add a New User in Forescout.
Create Forescout eyeSight Data Feed in the DataBee console.
DataBee Parameter | Forescout eyeSight Parameter |
Base URL | https://<instance> (IP/Instance of the Forescout eyeSight) |
Token URL | https://<instance>/api/login |
Username | |
Password |
Data Collector Configuration and Installation
To receive events from Forescout eyeSight, a Data Collector must be installed and configured. The data collector is used to call eyeSight APIs in an on-prem environment and send data to DataBee securely.
Follow the steps provided in DataBee's official documentation to complete the configuration. Additionally, refer to this guide for detailed instructions on installing the Data Collector on your machine.
Forescout eyeSight Configuration
Create User
Log on to the Forescout eyeSight using Administrator credentials.
From the navigation bar, click on the settings icon.
Under Options scroll down to select Web API, then click on Add to create new user.
On the Add Credentials window enter User, Password and Verify Password, then click on OK to create user.
On the Web API page click on Apply to apply the changes we made.
Once the process is complete, click Close to finish this step.
DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for Forescout eyeSight and click on it as shown below.
Click on the Data Collector option for collection method.
Click on the API Ingest option as the polling mechanism.
Enter the feed contact information, select the collector that you have created from the drop down, and click on the Next button.
In the configuration page, confirm the following, then click on Next.
Base URL: Paste the Base URL which would be the IP address/instance of the Forescout eyeSight.
Request Count: Set to 10
Interval: Set to 60 seconds
Event Types: Preselected for all the event types that integration pulls.
In the configure authentication page, confirm the following, then click Next.
Authorization Method: Token URL Auth
Token URL: Replace the <instance> with IP address/instance of the Forescout eyeSight Server.
Username: Paste the username
Password: Paste the password
Enable TLS: Check the Enable TLS option
Skip Server-side Certificate Verification: Check it to disable the server-side certificate verification
Root CAS File Path: Enter the path where the CA certificate file is located on your machine.
Click Submit.
Troubleshooting Tips
Ensure that the server is reachable by opening the terminal on the receiver machine and running ping <server_ip> command.
If you encounter any issues regarding log forwarding, refer to the DataBee troubleshooting document for detailed guidance.