Forescout Integration

Forescout is a unified device visibility and control platform for converging IT and OT networks. It allows organizations to gain total situational awareness of all devices in their interconnected environment and coordinate actions to mitigate both their cyber and operational risk. The Forescout platform shows what is on your extended enterprise network with 100% device visibility. This visibility enables an accurate device inventory, continuous compliance enforcement, policy-based access control and rapid response to security incidents. Click here for more information.

To integrate with Forescout, perform the following (see below for detailed instructions):

  1. Generate a Fortra VM API Key
  2. Insert Key into CounterACT
  3. Change Severity Level Detection
  4. Import Data Exchange (DEX) Web Service Requests
  5. Import Policies into CounterACT

Generate a Fortra VM API Key

  1. Log in to Fortra VM.

  2. In the site heater, select your name and choose My profile.

  3. On the API Tokens tab, select Create new token.

  4. In the Add New Token dialog, type the token name and select OK.

  5. Below your token name, selecting Click to show key displays your API Key.

    6. IMPORTANT: An API Key is equivalent to a user’s password. Do not use a key with more than one product integration. If you believe a key is compromised, delete the token from Fortra VM immediately by selecting the trash can icon and resulting check-mark to confirm.

Insert Key into CounterACT

Open the Options menu in the CounterACT Appliance Console.

  1. From the Options menu, select Data Exchange (DEX).
  2. Click on the External Web Services tab.
  3. Click on the first Web Service Request and select Edit on the right.
  4. In the HTTP Message Headers section replace the asterisks with your FVM API key.
  5. Repeat the process for the remaining Web Service Requests.

Change Severity Level Detection

Open the Options menu in the CounterACT Appliance Console.

  1. From the Options menu, select Data Exchange (DEX).
  2. Select the External Web Services tab.
  3. Click the Vulnerability Info Web Service Request and select Edit on the right.
  4. From the HTTP Message Headers section locate Severity.
  5. Set this value to the minimum value to be detected, i.e., High will detect High and Critical vulnerabilities. {Trivial, Low, Medium, High, Critical}

Import Data Exchange (DEX) Web Service Requests

Open the Options menu in the CounterACT Appliance Console.

  1. From the Options menu, select Data Exchange (DEX).
  2. Click on the External Web Services tab.
  3. Select Import from the right hand side.
  4. Browse and select the file to import (dex_webserver_table.xml).
  5. Select the Properties tab.
  6. Follow the previous steps to import the properties file (dex_property_table.xml).

Import Policies into CounterACT

Open the Policy menu in the CounterACT Appliance Console.

  1. On the left hand side click the Import Policy Folder button. (It’s the farthest right button under the Policy Folders section).
  2. Select your target and import mode.
  3. Browse for the policy file (LaunchScanForNewHost.xml, VulnerabilitiesDetected.xml).
  4. Click OK.

    5. NOTE: Some of the files might be password protected. The password is foresight.

Edit Policies in CounterACT

Once policies have been created you have the opportunity to edit them as well.

  1. Select the policy to be edited.
  2. Change the Name, the Criteria and Actions as needed.
  3. Click OK when complete.