Forescout Risk and Exposure Management
Important
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Forescout Risk and Exposure Management (REM) platform provides data across all devices in a customer environment as discovered by the Forescout platform. REM gives a single view of device risk and vulnerabilities, including a timeline to track events and changes to a device risk value. Combining the contextual data from the Forescout REM platform with Microsoft Security Copilot allows security teams to quickly assess the risk posed across their environments and prioritise work by getting clear information on their exposure to different vulnerabilities or configurations which exist.
Note
This article contains information about third-party plugins. This is provided to help complete integration scenarios. However, Microsoft does not provide troubleshooting support for third-party plugins. Contact the third-party vendor for support.
Know before you begin
Integration with Security Copilot works with an API key. You need to take the following steps before using the plugin.
Get your Forescout Risk and Exposure Management API key. If you don't have one yet, follow these steps:
- Login to Forescout Cloud.
- In the Forescout Cloud Console, select Integrations under the Administration menu.
- Click the Generate API Key button next to the category of your application - IoT/OT. The Generate API Key configuration screen appears.
- Provide a meaningful name for the API key such as Microsoft Security Copilot.
- Select a time for the API key to expire or select Never Expires. If the key is set to expire, select users to receive Email notifications about the API key generation and expiry date.
- Click the Generate button and copy the API key that appears on screen. This API key is unique and non-retrievable once the window is closed. Save this key in a secure location for use in Microsoft Security Copilot.
- Copy the API Endpoint URL that appears below the key.
Sign in to Microsoft Security Copilot.
Access Manage Plugins by selecting the Sources button from the prompt bar.
Next to Forescout Risk and Exposure Management, select Set up.
In the Forescout Risk and Exposure Management plugin settings pane, under Forescout Cloud Data Exchange API Endpoint URL enter the API endpoint URL.
In the Value field, paste your API Key, and then select Save.
Sample Forescout Risk and Exposure Management prompts
After the Forescout Risk and Exposure Management plugin is configured, you can use the following capabilities with Security Copilot.
The following table lists example prompts to try.
Capability | Example prompts |
---|---|
Get REM assets | - Using Forescout, tell me about my top 5 riskiest devices. - Tell me about the risks for X. - Show me all devices with CVE-1234-5678. |
Troubleshoot the Forescout Risk and Exposure Management plugin
Errors occur
If you encounter errors, such as Couldn't complete your request, or An unknown error occurred. Make sure the plugin is turned on. This error may occur if the lookback period is too long, causing the query to attempt to retrieve an excessive amount of data. If the issue persists, sign out of Security Copilot, and then sign back in.
Prompts aren't invoking the correct capabilities
If prompts aren't invoking the correct capabilities, or prompts are invoking some other capability set, you might have custom plugins or other plugins that have similar functionality as the capability set you want to use.
Provide feedback
To provide feedback, contact Forescout Risk and Exposure Management.
See also
Other plugins for Microsoft Security Copilot Manage plugins in Microsoft Security Copilot