Forescout eyeExtend¶
The purpose of this doc is to list the configruation steps needed for a Forescout eyeExtend
integration with Clear NDR®.
From the Stamus networks
(under Administration
) drop down menu go to Integrations
:

In the left menu click on Configure provider
:

Fill the Forescout eyeExtend
Connect form:
Auth URL should be (example):
https://10.136.0.150/connect/v1/authentication/token
Credentials:
snuser
/snpasswd
if you use the previous URL for testVerify HTTPS certificate
should be unchecked

Click Submit
to save the changes.
After submission, use the Test
button to verify the correctness of the entered details

Return to the Integrations
page. Navigate to the Webhook tab and click Add Item
. Select the provider Forescout
.

The JSON template will be auto-filled.
Set the URL to (example): https://10.136.0.150/connect/v1/hosts
(example url).
Uchecked Verify HTTPS certificate
box:

Click Submit
to save the changes. The Test Syntax
button can be used for an additional validation check.

Update and push ruleset

To confirm or test functionality - SSH into the probe and replay a PCAP file, preferably malicious / test pcap.
Trigger the webhook to view the results in the Java app:

Use the following details to log in:
Login Method: Keep it as Password
Username: admin
Password: snpasswd!

