Your feedback is the driving force behind our innovation. Forescout’s eyeInspect 5.9 is the direct result of listening to what slows you down, frustrates your analysts, or adds unnecessary steps to your day.
These aren’t headline grabbing features. They’re the everyday quality-of-life improvements that remove friction, make your workflows faster, and set a solid foundation for the major capabilities coming next.
Command Center & User Interface
When your dashboard feels chaotic or you’re digging to find the right alert, investigations slow down, and critical details can slip away. eyeInspect 5.9 makes the Command Center cleaner, more responsive, and easier to read at-a-glance, so you can act faster. Here’s what’s new:
- A redesigned, active queries-based UI gives you more interactivity, easier filtering, and quick status checks without bouncing between views.
- Scheduled report exports mean CSVs and other formats land in your inbox automatically, no more manual runs.
- Alert label enrichment now adds context like asset details and the exact detection rule that fired the event streamlining helping triage.
- Expanded language localization lets users pick their preferred language after the initial login, not just stick with the default.
- Enhanced group management offers better bulk actions and more intuitive workflows for managing both assets and users.
Together, these enhancements deliver a more intuitive user experience, minimizing administrative tasks so your team can dedicate its time to what’s most important.
Sensor Performance & Capabilities
Sensors are expected to operate efficiently in deployment and always provide reliable data. In 5.9, passive and active monitoring have been tuned for accuracy and efficiency, so you can trust what you see without adding constrains to your network, and includes:
- Lower CPU usage across passive and active sensors means less overhead and smoother operation.
- Smarter traffic handling now inspects only initial packets in high-throughput streams—like RTSP up to 500 Mbps—so benign traffic isn’t flagged.
- Windows query migration to WinRM brings a more modern, firewall-friendly protocol into play.
- No upper limit on dynamic filtering, allowing you to apply as many filtering rules as needed, even in large and complex OT networks. You can fine-tune traffic inspection without hitting system-imposed limits.
- Wildcard MAC address support makes source management broader and faster to configure.
These changes work together to give you more accurate monitoring, so you get data you can trust without unnecessary alerts or slowing down your network.
Configuration & Content
Nobody likes a deployment that drags on. In 5.9, we’ve streamlined the entire setup process with more templates and smarter defaults, cutting out the repetitive work so you can get up and running in a fraction of the time.
- Refined configuration workflows adjust device roles, event mapping, and sensor setup, removing many of the steps you used to repeat.
- Expanded template library for passive sensors now includes: default factory settings, recommended settings, strict detection, OT/Edge, data center, and medical templates, each tailored to specific deployment needs.
- Updated sensor templates bring in new detection settings for scenarios like Proof of Value, keeping coverage strong without drowning in alerts.
The goal is to get you up and running faster. We’ve simplified how you set up discovery and detection rules giving you the freedom to fine-tune settings or explore new features as you go.
Security & Management
You need to have complete trust in your security tools. We’ve added a few key refinements that strengthen the solution’s security and make life easier for administrators, including:
- Safe, thoroughly tested active queries keep network load low while ensuring performance stays consistent.
- Encrypted password storage now meets modern security standards right in the database.
- Clearer, more actionable error messages help you diagnose and resolve problems without the guesswork.
Content Enhancements for Better Context and Coverage
Great detection relies on rich, accurate data. This release brings a significant update to our content libraries, from new device roles to expanded queries—to improve the information at your fingertips.
- New device roles, from Automated Guided Vehicles and Jump Servers to Smart Doorbells and Train Control Systems, add precision to asset classification in OT, IoT, and IT networks.
- Updated MITRE mapping to version 17, including new entries for detections like CodesysV2.
- Expanded active queries such as DNP3 Probing, HTTP Favicon, Profinet RPC, and SNMP Printer Info, giving you richer asset data, firmware details, and vendor classification across more device types.
Ultimately, this deeper context allows your team to investigate alerts more effectively and make faster, more confident security decisions.
With eyeInspect 5.9, we focused on one thing: making your life easier. We’ve streamlined workflows and cleaned up the interface so your team can get straight to the insights that matter. It’s all about getting you set up faster, so you can find what you need without the hassle, giving you stronger security without the extra complexity. This means you see real value much sooner and get the operational resilience you count on.
Experience a more intuitive approach to OT security
Our self-guided demo lets you explore the platform’s visibility and detection capabilities whenever you have a moment, with no pressure.