This Extended Module provides bi-directional orchestration between the ForeScout platform and both Splunk Enterprise and Splunk Enterprise Security. It combines ForeScout’s agentless device visibility, broad array of controls and automated response capabilities with Splunk’s powerful data correlation, rich analytics, incident management and search features. The joint solution helps you better understand your organization’s overall security risk posture and rapidly respond to mitigate and remediate a range of security incidents.
Highlights of this release:
- Support for Batch Messaging to improve performance – Batched messages encapsulate all device properties for each device, thus improving the overall system performance for both the Extended Module and the Splunk Enterprise server.
- Support for MAC-only Devices and IPv6 Devices – IPv6 addresses can be reported as host property inside the hostinfo message sent by the Extended Module. Additionally, IPv6 addresses are sent as part of the identity header in all messages sent by the module.
- Enhanced Messaging – New information is supplied with each update message sent from the Extended Module to the Splunk Enterprise server. When updates are sent from a ForeScout CounterACT® action, the action submits device properties and its associated data to Splunk.
- Support for Customized Indexes – The Extended Module now supports any index of your choice.
- Support for Multiple Channels for each Splunk Target – Previously, the Extended Module only supported a single Splunk target. Now users can have multiple HTTP destinations with the same URL.
- Connection Tests
- To ensure connection to the Splunk Enterprise server, a Test button has been added to the configuration section of the Extended Module. After the test is run, details of the test are displayed to guide you through troubleshooting any connection issues.
- On the TA-ForeScout App Configuration page, a default Test alert called trigger_test_alerts_to_counteract is now available. This sends test alerts to the Extended Module on CounterACT to check reachability to CounterACT. Updated results are displayed for the user.
A 90-day trial of the Extended Module for Splunk is available for ForeScout customers via the ForeScout Product Updates Portal.
© 2018. ForeScout Technologies, Inc. is a Delaware corporation. The ForeScout logos and trademarks can be found at https://www.forescout.com/company/legal/intellectual-property-patents-trademarks/. Other names mentioned may be trademarks of their respective owners.