Forescout Vedere Labs
Important
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Forescout Vedere Labs research team provides a threat intelligence feed containing IP, URL, and File hash indicators for all activity seen and monitored by Forescout, including information on Known Exploited Vulnerabilities and Vedere Labs own reported CVEs. With the extensive research conducted, this provides indicators and CVE details across IT, OT, IoT and IoMT, allowing anyone to benefit from this research. The research helps security teams speed up threat hunting efforts in combination with Microsoft Copilot for Security. Additionally, this service also allows for lookups against domain names to check for use of Domain Generation Algorithms (DGA) or data exfiltration techniques.
Note
This article contains information about third-party plugins. This is provided to help complete integration scenarios. However, Microsoft does not provide troubleshooting support for third-party plugins. Contact the third-party vendor for support.
Prerequisites
Forescout Vedere Labs Threat Feed API Key.
Know before you begin
Integration with Copilot for Security requires an API key for authorization. Navigate to Forescout Vedere Labs and register for a free API Key to start taking advantage of the vulnerabilities and indicators provided by this feed. You'll need to take the following steps before using the plugin.
Sign in to Microsoft Copilot for Security.
Access Manage Plugins by selecting the Sources button from the prompt bar.
Next to Forescout Vedere Labs, select Set up.
In the Forescout Vedere Labs settings pane, input your API key in the Value field, and then select Save.
Sample Forescout Vedere Labs prompts
After the Forescout Vedere Labs plugin is configured, you can use the following capabilities with Copilot for Security.
The following table provides examples you can try:
| Capability | Example prompts |
|---|---|
| Get Indicators | Show me vedere labs file indicators for the past 8 hours Tell me about any indicators for [IP] or [File Hash] |
| Get Exploited CVEs | Show me all known exploited vulnerabilities in the last 7 days give me the latest 5 KEVs according to Vedere Labs from the past 7 days with a confidence score of at least 6 |
| Get Vedere Labs CVEs | Show me the most recent Vedere Labs CVE |
| Lookup Domain | Has "example.com" got any indicators of malicious use Check if "dga.com" is using any techniques related to malware |
Provide feedback
To provide feedback, contact Forescout Vedere Labs.