Visibility with SPAN and DHCP
Device Profile Library (DPL) & Device Classification Engine (DCE) Purpose
Advanced Classification
Advanced Criteria : Authentication Events
Advanced Criteria: Events
Advanced Criteria: Track changes
Advanced Criteria: User Directory
Advanced Criteria: Other Device Information 1
Advanced Criteria: Other Device Information 2
Quiz
Criteria Logic
Add to List
Whitelisting and Blacklisting
Commonly Misconfigured Criteria
Scripts as Actions
Reasons for Irresolvable Criteria
- Non existent property for the endpoint
> Testing for a windows property on non-windows devices
> Looking for a property on an unmanaged device such as a security camera
- Inability to access the endpoint due to
> Network issues
> Incorrect credentials
- Endpoint is outside of the deployment’s IP Assignments
- Endpoint is not part of the Internal Network
Setting Counters
This Counters action is helpful for policy testing and enforcement
Example: On 1st incident of matching AV not updated we send a notification. On the 2nd incident of matching we block or quarantine the device.
“ACtion” Scheduling
scheduling an action is useful when e.g. you run muliple scripts and you need to run them after each other and not all at the same time
Key Policy Errors to Avoid
Quiz
Quiz
FLEXX Lincesing Model
Resilience and HA Licensing
Options to transition to FLEXX Licensing
- Hardware Refresh
- Upgrade
- Migrate
-
Overview16
-
Terms27
-
Upgrade Notes 7.0>8.06
-
AA - Policy Best Practices0
-
AA - Advanced Troubleshooting0
-
AA - Certificates and Identity Tracking0
-
AA - General Review FSA Topics54
-
AA- Day243
-
AA - HPS Plugin Tuning0
-
AA - UD Plugin Tuning0
-
AA - Switch Plugin Tuning0
-
AA - Policy Functionality0
-
AA - Lisensing, Extened Modules & Redundancy0
-
AA - Customized Policy Examples.0
-
ForeScout Policy Conditions/Properties24
-
AA - Quizes0
