TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Forescout Appliances Logs | ✅ | ✅ | forescout_appliances_logs | Nested JSON Key-Value | S3 |
Overview
Forescout Technologies is a global cybersecurity leader that provides an agentless, vendor-agnostic platform designed to see, secure, and manage managed and unmanaged cyber assets across IT, IoT, OT, and IoMT environments. Founded in 2000 and trusted by Fortune 100 organizations,.png?sv=2022-11-02&spr=https&st=2026-03-16T01%3A58%3A23Z&se=2026-03-16T02%3A09%3A23Z&sr=c&sp=r&sig=8PE6sycuzBX1ChUJnAJz4YHOmOPKp5CwBURAi5Dl%2FT8%3D)
the company specializes in continuous, real-time monitoring and threat detection, which helps organizations eliminate network blind spots and enforce policy-based controls without disrupting critical business operations. The Forescout platform often referred to as the 4D Platform or Continuum Platform automates asset management, risk assessment, and network segmentation to reduce attack surfaces, while its Vedere Labs research team provides insights into emerging threats. By orchestrating security actions with third-party tools, such as firewalls and SIEM systems, Forescout improves incident response times and ensures compliance with security frameworks
Supported data types
Forescout Appliances Logs
Overview:
Forescout appliances generate comprehensive, real-time logs and reports that provide visibility into network activity, policy compliance, and system health. These logs track endpoint behaviour including connection attempts, MAC addresses, and IP assignments and record when actions are taken to remediate, block, or authenticate devices. Users can review system event logs for administrative activity, such as successful or failed user logins, and analyze threat protection reports that detail malicious activity, worm outbreaks, and vulnerability scans. The appliances also provide, through the Appliance Details view, granular information on system resources, including CPU usage, memory utilisation, and plugin status. These logs can be viewed via the Console, exported in various formats (TXT, CSV, XLS), or forwarded to third-party security systems via the Syslog plugin.
Table name: forescout_appliances_logs
Send data to Hunters
Hunters supports the ingestion of Forescout Appliances Logs via an intermediary AWS S3 bucket.
To connect Forescout Appliances Logs:
Export your logs from Forescout Appliances Logs to an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in Nested JSON Key-Value:
{
"message": "<166>Jan 01 00:00:00 hostname CounterACT[12345]: NAC Policy Log: Source: X.X.X.X, Rule: Policy \"Policy Rule Name\" , Match: \"Policy Rule Name:Unmatched\", Category: N/A, Details: Host evaluation changed from \"Previous State:Match\" to \"Policy Rule Name:Unmatched\" due to condition . Reason: Host removed from group \"Device Group\" because it no longer matches rule \"Rule Name\". Duration: 2 minutes and 7 seconds ",
"syslog_ip": "X.X.X.Y",
"syslog_host": "hostname.example.com"
}