Use the Executive Dashboard

Similar documents
Ensure Antivirus Compliance

Ensure Instant Messaging and Peer to Peer Compliance

Classify Assets. How-to Guide. CounterACT Version 7.0.0

Control Network Vulnerabilities

Manage External Devices

Prevent Network Attacks

Classify Mobile Assets

CounterACT Reports Plugin

ForeScout App for IBM QRadar

ForeScout CounterACT. Windows Vulnerability DB. Configuration Guide. Updated February 2018

Control Wireless Networks

CounterACT NetFlow Plugin

CounterACT Aruba ClearPass Plugin

ForeScout Extended Module for Qualys VM

ForeScout CounterACT. Ensure Antivirus Compliance. How-to Guide. Version 8.0

ForeScout Extended Module for Bromium Secure Platform

CounterACT External Classifier Plugin

CounterACT Afaria MDM Plugin

CounterACT CEF Plugin

CounterACT Check Point Threat Prevention Module

ForeScout CounterACT. Ensure Instant Messaging and Peer to Peer Compliance. How-to Guide. Version 8.0

ForeScout Extended Module for ServiceNow

ForeScout App for Splunk

ForeScout CounterACT. Configuration Guide. Version 5.0

CounterACT User Directory Plugin

CounterACT Syslog Plugin

CounterACT DNS Enforce Plugin

ForeScout CounterACT. Configuration Guide. Version 1.1

CounterACT Microsoft System Management Server (SMS) System Center Configuration Manager (SCCM) Plugin

ForeScout CounterACT. Track Changes to Network Endpoints. How-to Guide. Version 8.0

ForeScout Amazon Web Services (AWS) Plugin

CounterACT Advanced Tools Plugin

Forescout. Control Network Vulnerabilities. How-to Guide. Forescout version 8.1

ForeScout CounterACT. Classify Devices. How-to Guide. Version 8.0

ForeScout Extended Module for Advanced Compliance

CounterACT Security Policy Templates

Forescout. eyeextend for MobileIron. Configuration Guide. Version 1.9

CounterACT Hardware Inventory Plugin

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.3

Forescout. Asset Reporting Format (ARF) Reports Module. Configuration Guide. Version 1.0.3

Forescout. eyeextend for IBM MaaS360. Configuration Guide. Version 1.9

Forescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2

ForeScout CounterACT. ARF Reports Module. Configuration Guide. Version 1.0.3

ForeScout Extended Module for MaaS360

ForeScout Extended Module for MobileIron

ForeScout CounterACT. Assessment Engine. Configuration Guide. Version 1.0

ForeScout Extended Module for VMware AirWatch MDM

Forescout. eyeextend for IBM BigFix. Configuration Guide. Version 1.2

Forescout. eyeextend for VMware AirWatch. Configuration Guide. Version 1.9

Forescout. Configuration Guide. Version 4.4

ForeScout Extended Module for Web API

ForeScout CounterACT. Configuration Guide. Version 1.2

SecureConnector Advanced Features

Forescout. eyeextend for ServiceNow. Configuration Guide. Version 2.0

Forescout. eyeextend for Carbon Black. Configuration Guide. Version 1.1

Forescout. Engine. Configuration Guide. Version 1.3

ForeScout CounterACT Linux Plugin

Forescout. Plugin. Configuration Guide. Version 2.2.4

Forescout. Configuration Guide. Version 3.5

Easy-to-Use PCI Kit to Enable PCI Compliance Audits

Forescout. Configuration Guide. Version 2.4

ForeScout CounterACT. Core Extensions Module: CEF Plugin. Configuration Guide. Version 2.7

Forescout. Configuration Guide. Version 1.3

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3

ForeScout CounterACT. Configuration Guide. Version 4.3

CounterACT HPS Applications Plugin

ForeScout CounterACT. Centralized Licensing. How-to Guide. Version 8.0

ForeScout CounterACT. Controller Plugin. Configuration Guide. Version 1.0

ForeScout Extended Module for Carbon Black

CounterACT Macintosh/Linux Property Scanner Plugin

CounterACT Wireless Plugin

Forescout. Server and Guest Management Configuration Guide. Version 6.4

Forescout. Configuration Guide. Version 2.2

ForeScout CounterACT. Single CounterACT Appliance. Quick Installation Guide. Version 8.0

ForeScout Extended Module for ServiceNow

ForeScout Extended Module for Symantec Endpoint Protection

ForeScout Extended Module for Palo Alto Networks Next Generation Firewall

Enterprise Manager/Appliance Communication

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.3

ForeScout CounterACT. Configuration Guide. Version 1.2

CounterACT DHCP Classifier Plugin

ForeScout CounterACT. Plugin. Configuration Guide. Version 1.2

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.2.4

ForeScout Extended Module for IBM BigFix

ForeScout CounterACT. Configuration Guide. Version 1.4

ForeScout Extended Module for IBM BigFix

Forescout. Open Integration Module: Web API. Configuration Guide. Version 1.4

Syslog Messages Sent by CounterACT

ForeScout CounterACT. Cisco PIX/ASA Firewall Integration Module. Configuration Guide. Version 2.1

CounterACT 802.1X Plugin

Monitoring and Troubleshooting

ForeScout CounterACT. Work with IPv6 Addressable Endpoints. How-to Guide. Version 8.0

ForeScout Extended Module for Tenable Vulnerability Management

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1

Sophos Enterprise Console Help. Product version: 5.3

McAfee Cloud Workload Security Product Guide

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1

Forescout. Configuration Guide. Version 4.2

Forescout. eyeextend for Splunk. Configuration Guide. Version 2.9

ZENworks 2017 Audit Management Reference. December 2016

Transcription:

How-to Guide CounterACT Version 7.0.0

Table of Contents About Using the Executive Dashboard... 3 Setting Up CounterACT to Work with the Executive Dashboard... 3 Accessing the Executive Dashboard... 3 Create Organizational Units... 4 Categorize and Label Policies... 6 A Close-Up Look at the Executive Dashboard... 8 Compliance Trend... 8 Remediation Trend... 9 Real-Time Organizational Unit Compliance... 9 Real-Time Overall Network Compliance... 9 Gauges... 10 Real-Time Asset Coverage... 11 CounterACT Version 7.0.0 2

About Using the Executive Dashboard CounterACT s Executive Dashboard is a powerful web-based information center. It delivers a dynamic, real-time summary of critical activity on your network, based on information collected by CounterACT policies. Setting Up CounterACT to Work with the Executive Dashboard Make sure that you have met the following requirements to enable the Executive Dashboard to run properly: You are working with Internet Explorer version 6 or above, or Firefox version 2 or above. Flash 8 or above is installed on your machine. JavaScript is enabled on browsers running the Executive Dashboard. The policies you work with in the Executive Dashboard have been defined to include All IPs. You have run the following CounterACT templates in this order: Asset Classification Corporate/Guest Control one or more of the Compliance templates You have created organizational units and assigned segments to them; for example, a Sales Organizational Unit including East, West and Central Sales Segments. The Compliance Trend and Organizational Unit Compliance graphs in the Executive Dashboard are sorted according to these units. For instructions on how to create organizational units, see Create Organizational Units. You have categorized and labeled the policies that you want the Executive Dashboard to include in its results. For instructions on how to categorize and label policies, see Categorize and Label Policies. Accessing the Executive Dashboard To access the Executive Dashboard: 1. Log into the CounterACT Console. 2. On the Console toolbar select the Dashboard tab. The Executive Dashboard tab opens. CounterACT Version 7.0.0 3

Create Organizational Units To create organizational units: 1. Log into the CounterACT Console. 2. In the Filters pane, double-click Organizational Units. The Organizational Units Manager opens. CounterACT Version 7.0.0 4

3. Select Add. The Add Organizational Unit dialog box opens. 4. Enter a name and description (optional) for the organizational unit, select at least one segment, and select OK. The information is displayed in the Organizational Units Manager. 5. Select OK and select Yes to save the changes. For more information on the extended configuration options, refer to the Console User Manual or the Console Online Help. CounterACT Version 7.0.0 5

Categorize and Label Policies To categorize and label policies: 1. Log into the CounterACT Console. 2. On the Console toolbar, select the Policy tab. The Policy Manager opens. 3. Select a policy and then select the Categorize button. The Categorize dialog box opens. 4. Select the Compliance option from the drop-down list. CounterACT Version 7.0.0 6

5. For each sub-rule, select a label from the drop-down list. 6. Select OK. The compliance settings are displayed in the Policy Manager. 7. Select Apply. For more information on the extended configuration options, refer to the Console User Manual or the Console Online Help. CounterACT Version 7.0.0 7

A Close-Up Look at the Executive Dashboard The Executive Dashboard is divided into six sections. Compliance Trend This section displays compliance trends for specified organizational units in your enterprise. For example, you can display the number of endpoints in the sales department that used/did not use unauthorized Instant Messaging applications over the last month. Hosts that meet Total Compliance match at least one compliance requirement, and do not match any non-compliance requirements. If a host matches a compliance policy but is unlabeled for other policies, it is considered totally compliant. From the drop-down lists, select an organizational unit, a compliance policy and a time period. Use the tooltip when hovering over the graph line to view information on how many hosts were or were not compliant at any given time. CounterACT Version 7.0.0 8

Remediation Trend This section displays information about the number of remediated events over a given time period for the selected policies and organizational units. Remediation occurs when the host status changes from non-compliant to compliant; for example, hosts that used unauthorized Instant Messaging applications and then uninstalled them. Real-time Organizational Unit Compliance This section shows real-time policy compliance statistics for organizational units in your enterprise. Hosts that meet Total Compliance match at least one compliance requirement, and do not match any non-compliance requirements. If a host matches a compliance policy but is unlabeled for other policies, it is considered totally compliant. Select from the drop-down list to display organizational unit information for specific compliance policies or for all policies (Total compliance). Hover over the bars of the table to show the equivalent percentage. Real-time Overall Network Compliance This section displays both the percentage and the number of compliant versus noncompliant hosts in your network. CounterACT Version 7.0.0 9

Gauges Dashboard gauges provide information about network guests, malicious hosts and remediation events. The gauges for network guests and malicious hosts indicate: Gauge needle: real-time detection information. Gauge line and number: weekly average. Numerical values: weekly range. For remediation events, the gauge indicates different information. See Remediations. Guests Authorized Guests are hosts that are not part of your domain but were authorized to access your internal network, such as the laptop used by an outside contractor who authenticated to the network with the right credentials. Unauthorized Guests are hosts that did not properly authenticate. You can decide which matched rules should be labeled to create Authorized and Unauthorized Guests. Threats The Threats gauge indicates how many hosts are maliciously scanning or attempting to infect your network. These hosts are detected via the Threat Protection Policy. Blocked indicates how many endpoints have been blocked by CounterACT after detecting malicious activity. If this number is 0, you may need to change your Threat Protection Policy from Monitor mode to Block mode. Monitored indicates the total number of machines that are being tracked as potential threats but are not blocked. If this number is 0, you may need to change your Threat Protection Policy from Block mode to Monitor mode. CounterACT Version 7.0.0 10

Remediation A remediation event occurs when the host status changes from non-compliant to compliant. For example, a remediation event occurs if a CounterACT policy detects that a host installed an unauthorized application and later detects that it was removed. Results are displayed on a daily basis starting from midnight. The gauge indicates: Gauge needle: number of remediation events from 12:00AM until the current time. Gauge line and number: average of daily remediation events. Numerical values: number of daily remediation events (12:00AM-11:59PM) over the last week. Real-time Asset Coverage This section displays the status of hosts within your network that are monitored by CounterACT and protected by CounterACT policies. Monitored This value represents the number of endpoints assigned to CounterACT Appliances for tracking. Controlled This value represents Windows, Macintosh and Linux endpoints monitored by CounterACT Appliances that are within the scope of addresses of at least one CounterACT policy. Other types of network devices are not included in the calculation; for example, guest hosts, printers, Virtual Machines and switches. CounterACT Version 7.0.0 11

Total This value represents all hosts detected by CounterACT, including hosts assigned to an Appliance as well as hosts detected by CounterACT passively but not specifically assigned to an Appliance. If the number of Monitored, Controlled and Total hosts is less than the total number of devices in your network, your entire network may not be well protected. In this scenario it is advisable to broaden the scope of your policies. CounterACT Version 7.0.0 12

Legal Notice Copyright ForeScout Technologies, 2000-2015. All rights reserved. The copyright and proprietary rights in this guide belong to ForeScout Technologies. It is strictly forbidden to copy, duplicate, sell, lend or otherwise use this guide in any way, shape or form without the prior written consent of ForeScout Technologies. This product is based on software developed by ForeScout Technologies. The products described in this document are protected by U.S. patents #6,363,489, #8,254,286, #8,590,004 and #8,639,800 and may be protected by other U.S. patents and foreign patents. Redistribution and use in source and binary forms are permitted, provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials and other materials related to such distribution and use, acknowledge that the software was developed by ForeScout Technologies. THIS SOFTWARE IS PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. All other trademarks used in this document are the property of their respective owners. Send comments and questions about this document to: documentation@forescout.com January 2015 CounterACT Version 7.0.0 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback