ForeScout CounterAct OverviewResources Applies To: ForeScout CounterAct v8.0 and above version. Overview ForeScout CounterAct gives you network access control. It maintains the policies and network configuration and deploys them to the ForeScout CounterACT appliances. ForeScout CounterAct can be integrated with EventTracker using syslog. With the help of ForeScout CounterAct KP items, we can monitor the network access control activities, malicious process and mail infection on applications and also trigger the alert whenever any malicious process running and mail infection is detected. EventTracker dashboard will help you to visualize the web activities on applications. It can even create the report that helps to collect user activities happening in the applications for a time interval. This will help you to review the different malicious and network activities. EventTracker CIM will help you to correlate from network access control activities, malicious process, and mail infection, etc. EventTracker knowledge pack for ForeScout CounterAct allows you to monitor the following components: Security - Malicious process logs, Mail infection logs, and Blocked events. Operations - Network access control logs. Once ForeScout CounterAct is configured to deliver events to EventTracker knowledge objects and reports can be configured into EventTracker. Previous Next Some of the knowledge packs available in EventTracker are listed below. For more information, refer to the Integration Guide. Security Alerts ForeScout CounterAct: Suspicious activity found – This alert will trigger whenever suspicious process is found. ForeScout CounterAct: Email infection detected - This alert will trigger whenever an infection is found in the email attachments. Reports ForeScout CounterAct – Blocked events – This report provides information related to the blocked events IP address, port details, firewall blocking status and reason. ForeScout CounterAct – Mail infection activities – This report provides information related to mail ids of sender and receiver, mail subject and IP address. ForeScout CounterAct – Suspicious activity found - This report provides information related to a potential malicious process found, IP address, process ID, and threat name. Operations Reports ForeScout CounterAct – Network access control activities - This report provides information related to IP address, rule names, rule message, and reason. Scope The configurations detailed in this guide are consistent with EventTracker version 9.x and later, and ForeScout CounterAct v8.0 and above version. Documentation To configure ForeScout CounterAct to send logs to EventTracker, refer the How to Guide. For more information, please refer the Integration guide.