- 19 Feb 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
ForeScout CounterACT
- Updated on 19 Feb 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
ForeScout CounterACT platform provides insight into network-connected devices.
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
Parameters
- ForeScout CounterACT Domain (required) – The URL for the ForeScout CounterAct domain.
- User Name and Password (required) - The credentials for a user account that has the Required Permissions to fetch assets.
- Admin API User Name (optional) - The ForeScout Admin API user name.
- Admin API Password (optional) - The Forescout Admin API password.
- Admin API Client ID (optional) - The Forescout Admin API Client ID.
Filling in all of the above Admin API configuration settings is necessary in order to Fetch device segments from Admin API.
- Verify SSL (required, default: False) - Verify the SSL certificate offered by the value supplied in ForeScout CounterACT Domain. For more details, see SSL Trust & CA Settings.
- If enabled, the SSL certificate offered by the value supplied in ForeScout CounterACT Domain will be verified against the CA database inside of Axonius. If the SSL certificate can not be validated against the CA database inside of Axonius, the connection will fail with an error.
- If disabled, the SSL certificate offered by the value supplied in ForeScout CounterACT Domain will not be verified against the CA database inside of Axonius.
- HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in ForeScout CounterACT Domain.
- If supplied, Axonius will utilize the proxy when connecting to the value supplied in ForeScout CounterACT Domain.
- If not supplied, Axonius will connect directly to the value supplied in ForeScout CounterACT Domain.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced Settings
Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters
- Do not fetch devices with no MAC address and no hostname (required, default: False) - Select whether to exclude fetching devices without MAC address and without hostname.
- Do not fetch devices with no IP (required, default: False) - Select whether to exclude fetching devices without an IP address.
- Ignore irrelevant device manufacturers - Select this option to ignore the device manufacturer field.
- Number of parallel requests (required, default: 10) - Set the number of parallel requests that the ForeScout CounterAct server will get data from devices.
- Re-authenticate after every X requests (required, default 100) - Set the number of requests to allow before attempting to re-authenticate to get a new session token.
- Do not fetch rule information for devices (fast mode) - Deprecated from version 6.0.14.
- Use Azure Instance ID for Cloud ID - Select to set the device's Cloud ID field with the value of the Azure Instance ID field.
- Fetch device segments from Admin API - Select this option to fetch device segments using Forescout Admin API. Make sure to fill in the Forescout Admin API User Name, Password, and Client ID parameters in order to use this setting.
For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.
APIs
Axonius uses the following APIs:
Required Permissions
The value supplied in User Name must have permissions to use the API, see Configure the Web API section in the ForeScout eyeExtend Connect Module for Web API Plugin Configuration Guide.