Forescout eyeExtend¶
The purpose of this doc is to list the configruation steps needed for a Forescout eyeExtend integration with Clear NDR®.
From the Stamus networks (under Administration) drop down menu go to Integrations:
In the left menu click on Configure provider:
Fill the Forescout eyeExtend Connect form:
Auth URL should be (example):
https://10.136.0.150/connect/v1/authentication/tokenCredentials:
snuser/snpasswdif you use the previous URL for testVerify HTTPS certificateshould be unchecked
Click Submit to save the changes.
After submission, use the Test button to verify the correctness of the entered details
Return to the Integrations page. Navigate to the Webhook tab and click Add Item. Select the provider Forescout.
The JSON template will be auto-filled.
Set the URL to (example): https://10.136.0.150/connect/v1/hosts (example url).
Uchecked Verify HTTPS certificate box:
Click Submit to save the changes. The Test Syntax button can be used for an additional validation check.
Update and push ruleset
To confirm or test functionality - SSH into the probe and replay a PCAP file, preferably malicious / test pcap.
Trigger the webhook to view the results in the Java app:
Use the following details to log in:
Login Method: Keep it as Password
Username: admin
Password: snpasswd!
