Documentation Center
AlienVault® USM Appliance™

ForeScout CounterACT

When you configure ForeScout CounterACT to send log data to USM Appliance, you can use the ForeScout CounterACT plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor ForeScout
Device Type Network Access Control
Connection Type Syslog
Data Source Name Forescout-nac
Data Source ID 1874

Integrating ForeScout CounterACT

Before you configure the ForeScout CounterACT integration, you must have the IP Address of the USM Appliance Sensor.

To configure ForeScout CounterACT to send Syslog messages to USM Appliance

  1. From the ForeScout website, download the plug-in for ForeScout CounterACT.
  2. Log in to your ForeScout CounterACT appliance.
  3. From the CounterACT Console toolbar, select Options > Plugins > Install.
  4. From the Plug-ins pane, select the Syslog plug-in and click Configure. Set configuration parameters as follows:
    • Syslog Address: type the USM Appliance IP address.
    • Syslog Port: select 514
    • Other fields:
      • Identity: Enter CounterACT.
      • Facility: Specify the Syslog message facility. (The default value is local4.)
      • Priority: Specify the Syslog messages priority. (The default value is info.)

  5. Click the Events filtering tab, and select the event types that you want to send to USM Appliance.
  6. Click Apply.
  7. To start sending syslog messages, select the Plugins option from the Options menu.
  8. Check that the Syslog plugin is selected.
  9. Click Start.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

http://docplayer.net/1990594-Quick-start-guide-for-symantec-event-collector-for-forescout-counteract.html

For troubleshooting, refer to the vendor documentation:

https://www.forescout.com/support/