nac.forescout
- Former user (Deleted)
- Former user (Deleted)
Introduction
Tags beginning withnac.forescout identify events generated by Forescout.
Valid tags and data tables
The full tag must have 3 levels. The first two are fixed as nac.forescout. The third level identifies the type of events sent, and the fourth level indicates the event subtype.Â
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product/Service | Tags | Data table |
|---|---|---|
Forescout counterACT |
|
|
|
| |
|
| |
|
| |
|
|
Table structure
This is the set displayed by these tables:
nac.forescout.counteract.actions
Field | Type | Source field name | Extra Label |
|---|---|---|---|
eventdate |
| Â | Â |
machine |
| vmachine | Â |
eventType |
| Â | Â |
ipAddr |
| Â | Â |
macAddr |
| Â | Â |
hostName |
| Â | Â |
dnsName |
| Â | Â |
user |
| Â | Â |
rawMessage |
| Â | Â |
unknown |
| Â | Â |
hostchain |
|  | ✓ |
tag |
|  | ✓ |
nac.forescout.counteract.common
Field | Type | Source field name | Extra Label |
|---|---|---|---|
eventdate |
| Â | Â |
machine |
| vmachine | Â |
eventtype |
| Â | Â |
sourceIp |
| Â | Â |
destinationIp |
| Â | Â |
destinationPort |
| Â | Â |
rawMessage |
| Â | Â |
unknown |
| Â | Â |
hostchain |
|  | ✓ |
tag |
|  | ✓ |
nac.forescout.counteract.log
Field | Type | Source field name | Extra Label |
|---|---|---|---|
eventdate |
| Â | Â |
machine |
| vmachine | Â |
log |
| Â | Â |
details |
| Â | Â |
severity |
| Â | Â |
rawMessage |
| Â | Â |
unknown |
| Â | Â |
hostchain |
|  | ✓ |
tag |
|  | ✓ |
nac.forescout.counteract.policy
Field | Type | Extra Label |
|---|---|---|
eventdate |
| Â |
machine |
| Â |
serverdate |
| Â |
hostname |
| Â |
procName |
| Â |
procId |
| Â |
sourceIp |
| Â |
rule |
| Â |
details |
| Â |
match |
| Â |
category |
| Â |
rawMessage |
| Â |
hostchain |
| ✓ |
tag |
| ✓ |
nac.forescout.counteract.system
Field | Type | Extra Label |
|---|---|---|
eventdate |
| Â |
message |
| Â |
hostchain |
| ✓ |
tag |
| ✓ |