Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

Introduction

Tags beginning with nac.forescout identify events generated by Forescout.

Valid tags and data tables

The full tag must have 3 levels. The first two are fixed as nac.forescout. The third level identifies the type of events sent, and the fourth level indicates the event subtype. 

Technology

Brand

Type

Subtype

nac

forescout

  • counteract

  • policy

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag

Data table

nac.forescout.counteract.policy

nac.forescout.counteract.policy

Table structure

This is the set displayed by these tables.

nac.forescout.counteract.policy

Field

Type

Extra Label

eventdate

timestamp

-

machine

str

-

serverdate

str

-

hostname

str

-

procName

str

-

procId

str

-

sourceIp

ip4

-

rule

str

-

details

str

-

match

str

-

category

str

-

rawMessage

str

-

hostchain

str

tag

str

  • No labels