Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Chinmaya_Naik
Advisor

Forescout NAC Integration with checkpoint EDR (Endpoint)

Jump to solution

Hi Team,

As of my old query which one is to integration with Checkpoint Management Server which gives us the Firewall Threat Prevention detection and Remediates information on ForeScout.

Link: https://community.checkpoint.com/t5/Logging-and-Reporting/Forescout-Integration-with-checkpoint-mana...

Now My requirement is about to see the information on ForeScout of all the Endpoint Client which installed in our Infra.

Information needs to visible on ForeScout such as:-

1. Endpoint Client Version

2. Checkpoint Endpoint Services

3. Encryption Status of all connected clients

4. Antimalware Updates

As of now we able to achieve point first, Second and third.

 

CP Endpoint Version InformationCP Endpoint Version Information

screenshot 02screenshot 02

 

We try to add the Checkpoint EDR on ForeScout antivirus policy but unable to see the Checkpoint vendor name but we able to see the checkpoint vendor on the encryption section on ForeScout policy and after added the checkpoint on encryption policy (ForeScout) then we able to see the encryption status. (Above Screenshot 02).

But as I check with ForeScout team and find that a custom policy needs to be created on ForeScout for Antimalware visibility in order to posture the Checkpoint Antimalware updates but ForeScout required a DAT file from Checkpoint Endpoint Agent.

But I unable to find which DAT file required also that file must be stored the Anti-Malware Signature version information (in Checkpoint Endpoint). 

Basically, other third-party vendors have contained DAT file in each of the machines and that DAT file will usually update once a new signature fetched by the client from Server.

Kindly help whether it's possible to see on ForeScout that, whether the Checkpoint Antimalware Signature is up-to-date or not Because the NAC agent have that functionality to move the machine to an isolated network if the Endpoint machine antimalware or antivirus signature is not up to date and this functionality is very important for most of the organization.

 

Thanks and Regards

@Chinmaya_Naik 

2 Replies
This widget could not be displayed.