Forescout EyeInspect

Details
Content
Dependencies
Version History

Get in-depth device visibility for OT networks

This pack enables you to gain complete device visibility in-depth device visibility for your computing systems that are used to manage industrial operations.

What does this pack do?

Retrieve information about the hosts, links, and alerts in the eyeInspect CC database.
Retrieve information about a specific vulnerability stored in the eyeInspect CC database.
Retrieve the PCAP file associated to a given alert.
Retrieve information about the sensors associated to the eyeInspect CC.
Retrieve information about the modules of a specified sensor.
Change the properties of specified module.
Delete the specified module from the specified sensor and from the eyeInspect CC database.
Retrieve the IP blacklist from the Industrial Threat Library of a specified sensor.
Add a new entry to the IP blacklist from the Industrial Threat Library of a specified sensor.
Retrieve the domain name blacklist from the Industrial Threat Library of a specified sensor.
Add a new entry to the domain name blacklist from the Industrial Threat Library of a specified sensor.
Retrieve the SSL client application blacklist from the Industrial Threat Library of a specified sensor.
Add a new entry to the SSL client application blacklist from the Industrial Threat Library of a specified sensor.
Retrieve the file operation blacklist from the Industrial Threat Library of a specified sensor.
Add entries to the file operation blacklist from the Industrial Threat Library of a specified sensor.
Retrieve information about all monitored Command Center resources and their health status excluding the logs.
Download the ZIP file that contains diagnostic logs of the Command Center.
Get, create, update, delete group policies.
Add all hosts not assigned to any policy (individual or group) matching the filter to the group policy.
Unassign all hosts assigned to the group policy matching the filter.
Get all IP reuse domains.
Retrieve information about the changes of host properties and configuration from the eyeInspect CC database.

This pack enables you to gain complete device visibility in-depth device visibility for your computing systems that are used to manage industrial operations.

What does this pack do?

Retrieve information about the hosts, links, and alerts in the eyeInspect CC database.
Retrieve information about a specific vulnerability stored in the eyeInspect CC database.
Retrieve the PCAP file associated to a given alert.
Retrieve information about the sensors associated to the eyeInspect CC.
Retrieve information about the modules of a specified sensor.
Change the properties of specified module.
Delete the specified module from the specified sensor and from the eyeInspect CC database.
Retrieve the IP blacklist from the Industrial Threat Library of a specified sensor.
Add a new entry to the IP blacklist from the Industrial Threat Library of a specified sensor.
Retrieve the domain name blacklist from the Industrial Threat Library of a specified sensor.
Add a new entry to the domain name blacklist from the Industrial Threat Library of a specified sensor.
Retrieve the SSL client application blacklist from the Industrial Threat Library of a specified sensor.
Add a new entry to the SSL client application blacklist from the Industrial Threat Library of a specified sensor.
Retrieve the file operation blacklist from the Industrial Threat Library of a specified sensor.
Add entries to the file operation blacklist from the Industrial Threat Library of a specified sensor.
Retrieve information about all monitored Command Center resources and their health status excluding the logs.
Download the ZIP file that contains diagnostic logs of the Command Center.
Get, create, update, delete group policies.
Add all hosts not assigned to any policy (individual or group) matching the filter to the group policy.
Unassign all hosts assigned to the group policy matching the filter.
Get all IP reuse domains.
Retrieve information about the changes of host properties and configuration from the eyeInspect CC database.

Automations

Name	Description
ForescoutEyeInspectButtonHostChangeLog	Get change log of Forescout EyeInspect hosts.
ForescoutEyeInspectButtonGetVulnerabilityInfo	Get information of a CVE from Forescout EyeInspect CVEs DB.
ForescoutEyeInspectButtonGetPCAP	Get PCAP of a Forescout EyeInspect incident.

Classifiers

Name	Description
Forescout EyeInspect mapper

Incident Fields

Name	Description
Forescout EyeInspect Sensor ID
Forescout EyeInspect L4 Protocol
Forescout EyeInspect L2 Protocol
Forescout EyeInspect L3 Protocol
Forescout EyeInspect Engine
Forescout EyeInspect L7 Protocol

Incident Types

Name	Description
Forescout EyeInspect

Integrations

Name	Description
Forescout EyeInspect	Delivers flexible and scalable OT/ICS asset visibility.

Layouts

Name	Description
Forescout Eyeinspect General Layout

Automations

Name	Description
ForescoutEyeInspectButtonGetPCAP	Get PCAP of a Forescout EyeInspect incident.
ForescoutEyeInspectButtonGetVulnerabilityInfo	Get information of a CVE from Forescout EyeInspect CVEs DB.
ForescoutEyeInspectButtonHostChangeLog	Get change log of Forescout EyeInspect hosts.

Classifiers

Name	Description
Forescout EyeInspect mapper

Incident Fields

Name	Description
Forescout EyeInspect Sensor ID
Forescout EyeInspect Engine
Forescout EyeInspect L7 Protocol
Forescout EyeInspect L3 Protocol
Forescout EyeInspect L2 Protocol
Forescout EyeInspect L4 Protocol

Incident Types

Name	Description
Forescout EyeInspect

Integrations

Name	Description
Forescout EyeInspect	Delivers flexible and scalable OT/ICS asset visibility.

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (2)

Pack Name	Pack By
Filters And Transformers	By: Cortex XSOAR
Base	By: Cortex XSOAR

1.0.21 - 842208 (February 21, 2024)

Integrations

Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 33040

Download

1.0.20 - 803390 (February 4, 2024)

Integrations

Forescout EyeInspect

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32683

Download

1.0.19 - 762016 (January 14, 2024)

Integrations

Forescout EyeInspect

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32183

Download

1.0.18 - 721233 (December 27, 2023)

Integrations

Forescout EyeInspect

Updated the Docker image to: demisto/python3:3.10.13.83255.

Scripts

ForescoutEyeInspectButtonHostChangeLog

Updated the Docker image to: demisto/python3:3.10.13.83255.

ForescoutEyeInspectButtonGetVulnerabilityInfo

Updated the Docker image to: demisto/python3:3.10.13.83255.

ForescoutEyeInspectButtonGetPCAP

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31808

Download

1.0.17 - 6894987 (November 15, 2023)

Integrations

Forescout EyeInspect

Updated the Docker image to: demisto/python3:3.10.13.80014.

Related pull requests:
- 30914

Download

1.0.16 - 6259960 (September 7, 2023)

Integrations

Forescout EyeInspect

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29530

Download

1.0.15 - 6129053 (August 23, 2023)

Integrations

Forescout EyeInspect

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29149

Download

1.0.14 - 5976562 (August 7, 2023)

Integrations

Forescout EyeInspect

Updated the Docker image to: demisto/python3:3.10.12.67728.

Related pull requests:
- 28805

Download

1.0.13 - R5866730 (July 25, 2023)

Integrations

Forescout EyeInspect

Updated the Docker image to: demisto/python3:3.10.12.65389.

Related pull requests:
- 28387

Download

1.0.12 - 5708361 (July 7, 2023)

Scripts

ForescoutEyeInspectButtonHostChangeLog

Updated the Docker image to: demisto/python3:3.10.12.63474.

ForescoutEyeInspectButtonGetVulnerabilityInfo

Updated the Docker image to: demisto/python3:3.10.12.63474.

ForescoutEyeInspectButtonGetPCAP

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27975

Download

1.0.11 - R5692327 (July 5, 2023)

Integrations

Forescout EyeInspect

Updated the Docker image to: demisto/python3:3.10.12.63474.
Fixed an issue where a default argument value was missing in some commands.

Related pull requests:
- 27443

Download

1.0.10 - 5546375 (June 16, 2023)

Integrations

Forescout EyeInspect

Updated the Docker image to: demisto/python3:3.10.12.62631.

Related pull requests:
- 27334

Download

1.0.9 - 5363095 (May 25, 2023)

Integrations

Forescout EyeInspect

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 26993

Download

1.0.8 - 5226855 (May 9, 2023)

Integrations

Forescout EyeInspect

Fixed a library incompatibility by downgrading the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 26405

Download

1.0.7 - 5204212 (May 6, 2023)

Integrations

Forescout EyeInspect

Updated the Docker image to: demisto/python3:3.10.11.57293.

Related pull requests:
- 26341

Download

1.0.6 - R5170573 (May 2, 2023)

Integrations

Forescout EyeInspect

Updated the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 25992

Download

1.0.5 - 4906551 (March 27, 2023)

Integrations

Forescout EyeInspect

Updated the Docker image to: demisto/python3:3.10.10.50695.

Related pull requests:
- 25528

Download

1.0.4 - 4751368 (March 6, 2023)

Scripts

ForescoutEyeInspectButtonGetPCAP

Updated the Docker image to: demisto/python3:3.10.10.48392.

ForescoutEyeInspectButtonGetVulnerabilityInfo

Updated the Docker image to: demisto/python3:3.10.10.48392.

ForescoutEyeInspectButtonHostChangeLog

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 25084

Download

1.0.3 - R4718798 (March 1, 2023)

Integrations

Forescout EyeInspect

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24702

Download

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	May 1, 2022
Last Release	February 21, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.