Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

ForeScout CounterACT Sample Event Messages

Use these sample event messages to verify a successful integration with JSA.

Note:

Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

ForeScout CounterACT Sample Messages When You Use the Syslog Protocol

Sample 1: The following sample event message shows that an authentication certificate issuer is detected.

Table 1: Highlighted Values in the Forescout CounterACT Sample Event

JSA field name

Highlighted values in the event payload

Event ID

agent_auth_issuer

Category

Property

Source IP

10.84.144.14

Username

testUser

Device Time

Mar 7 2019 07:50:32.000 EST

Sample 2: The following sample event message shows when the last credentials succeeded on this host.

Table 2: Highlighted Values in the Forescout CounterACT Sample Event

JSA field name

Highlighted values in the event payload

Event ID

cached_credentials

Category

Property

Source IP

192.168.74.25

Username

qradar1

Device Time

Mar 26 2019 15:56:14.000 PDT