Forescout Vedere Labs

Forescout Vedere Labs research team provides a threat intelligence feed containing IP, URL, and File hash indicators for all activity seen and monitored by Forescout, including information on Known Exploited Vulnerabilities and Vedere Labs own reported CVEs. With the extensive research conducted, this provides indicators and CVE details across IT, OT, IoT and IoMT, allowing anyone to benefit from this research. The research helps security teams speed up threat hunting efforts in combination with Microsoft Security Copilot. Additionally, this service also allows for lookups against domain names to check for use of Domain Generation Algorithms (DGA) or data exfiltration techniques.

Note

This article contains information about third-party plugins. This is provided to help complete integration scenarios. However, Microsoft does not provide troubleshooting support for third-party plugins. Contact the third-party vendor for support.

Prerequisites

Forescout Vedere Labs Threat Feed API Key.

Know before you begin

Integration with Security Copilot requires an API key for authorization. Navigate to Forescout Vedere Labs and register for a free API Key to start taking advantage of the vulnerabilities and indicators provided by this feed. You'll need to take the following steps before using the plugin.

  1. Sign in to Microsoft Security Copilot.

  2. Access Manage Plugins by selecting the Sources button from the prompt bar.

  3. Next to Forescout Vedere Labs, select Set up.

  4. In the Forescout Vedere Labs settings pane, input your API key in the Value field, and then select Save.

Sample Forescout Vedere Labs prompts

After the Forescout Vedere Labs plugin is configured, you can use the following capabilities with Security Copilot.

The following table provides examples you can try:

Capability Example prompts
Get Indicators Show me vedere labs file indicators for the past 8 hours

Tell me about any indicators for [IP] or [File Hash]
Get Exploited CVEs Show me all known exploited vulnerabilities in the last 7 days

give me the latest 5 KEVs according to Vedere Labs from the past 7 days with a confidence score of at least 6
Get Vedere Labs CVEs Show me the most recent Vedere Labs CVE
Lookup Domain Has "example.com" got any indicators of malicious use

Check if "dga.com" is using any techniques related to malware

Provide feedback

To provide feedback, contact Forescout Vedere Labs.

See also

Non-Microsoft plugins for Microsoft Security Copilot

Manage plugins in Microsoft Security Copilot