CounterACT Plugin Configuration Guide for … Plugin Configuration Guide for ForeScout Mobile...

CounterACT Plugin Configuration Guide for

ForeScout Mobile Integration Module – MaaS360

Version 1.0.1

ForeScout Mobile

Version 1.0.1

Table of Contents

About the MaaS360 Integration ...................................................................................... 3

ForeScout MDM ............................................................................................................ 3

Additional Documentation .............................................................................................. 3

About this Plugin ............................................................................................................. 3

How it Works ................................................................................................................ 4

Continuous Query Refresh ....................................................................................... 4

Supported Devices ....................................................................................................... 5

Supported Network Infrastructures................................................................................ 5

What to Do .................................................................................................................... 5

Accessing Fixes Made after this Release...................................................................... 6

Requirements .................................................................................................................. 6

Version Requirements .................................................................................................. 6

CounterACT / Hotfix Requirements .......................................................................... 6

Additional Plugin Requirements ............................................................................... 6

Registration and Activation Requirements .................................................................... 7

MaaS360 Registration and Activation ....................................................................... 7

Networking Requirements .............................................................................................. 7

Endpoint Requirements .................................................................................................. 7

Installation and Configuration ........................................................................................ 7

Test Plugin Communication with the MaaS Service .................................................... 10

Displaying Inventory Data ............................................................................................. 11

MaaS360 Policy Templates ........................................................................................... 12

MaaS360 Device Manageability Policy Template ........................................................ 12

Using the MaaS360 Device Manageability Template ............................................. 13

MaaS360 Device Compliance Policy Template ........................................................... 19

Using the MaaS360 Device Compliance Template ................................................. 20

Creating Unauthorized Application Lists ..................................................................... 23

Working with CounterACT Policies .............................................................................. 26

Version 1.0.1 ii

Detecting MaaS360 Devices - Policy Properties ......................................................... 26

Core Attributes ....................................................................................................... 27

Security and Compliance ....................................................................................... 28

Hardware Inventory ................................................................................................ 29

Network Information ............................................................................................... 29

Additional Information ............................................................................................ 29

Open Property Search............................................................................................ 30

Tag MaaS360 Devices - Policy Actions ...................................................................... 31

Custom Attribute Value Action ................................................................................ 31

Refresh Device Information Action ......................................................................... 32

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module – MaaS360

Version 1.0.1

3

About the MaaS360 Integration

ForeScout MDM helps IT administrators streamline the process to provision, manage and

secure today’s expanding suite of smartphones and tablets, all from a single portal. ForeScout

MDM for mobile devices is an easy to use platform that includes all of the essential

functionality for end-to-end management of iOS and Android devices.

This means with a single unified security management and reporting system, you can ensure

that your network is secured, regardless of the type of device a user may be carrying.

Instead of implementing new security silos that are limited to mobile devices, you can extend

your PC and network security systems to encompass mobile devices.

ForeScout MDM

ForeScout MDM is a cloud-based solution, enabling quick and easy deployment; enrollment,

monitoring, management and support. Together with ForeScout CounterACT, ForeScout

MDM provides a whole new level of centralized visibility and control for actionable insights

into your entire computing landscape.

Secure all Mobile Devices: ForeScout MDM supports all major smartphone

and tablet platforms including iOS and Android - in both Exchange and Lotus

Notes environments.

Embrace BYOD: ForeScout MDM provides workflows to discover, enroll,

manage and report on personally owned devices as part of your mobile device

operations.

Experience simple device enrollment and approval: ForeScout MDM

provides auto-quarantine for Exchange, and alerts IT personnel to approve all

new devices. Additionally it provides for easy user self-enrollment, via web,

email or SMS.

Additional Documentation

Refer to the documents at the following location for more technical information about the

ForeScout MDM solution. http://updates.forescout.com/online/help/mdm/ForeScout_MDM_doc.pdf

About this Plugin

Integration with CounterACT lets you deliver a comprehensive MDM solution that provides

powerful monitoring and enforcement capabilities not available when working solely with the

MaaS360 solution. Use the MaaS360 Integration Plugin to complete the cycle of security by

obtaining valuable capabilities:

Automated real-time, continuous detection and compliance of mobile devices

the moment they try to connect to your network, including unmanaged and

unknown devices.

http://updates.forescout.com/online/help/mdm/ForeScout_MDM_doc.pdf


Version 1.0.1

4

Unified network access control policy enforcement options.

Allow compliant and managed devices on the network.

Limit network access based on device type, device ownership, time of day,

and device compliance. The limited access network can allow access to a

subset of applications and data, blocking access to more sensitive

corporate resources.

Block noncompliant devices or specific types of devices from your

network completely.

Tag devices at the MaaS360 console, based on CounterACT detections.

Enhance CounterACT inventory by populating it with MaaS360 information.

How it Works

The MaaS360 Integration Plugin queries the MaaS360 service for device attributes, for

example core attributes, security and compliance information, hardware inventory and network

information. All MaaS360 queries are performed by a single CounterACT Appliance that is

designated for this purpose. This designated CounterACT Appliance, herein called the

MaaS360 Connected Appliance, retrieves information from other CounterACT Appliances and

the CounterACT Enterprise Manager and forwards the information to the MaaS360 service.

Similarly, the MaaS360 Connected Appliance retrieves information from the MaaaS360

service and forwards it to other CounterACT Appliances and the CounterACT Enterprise

Manager

Port 5223/TCP must be open for outbound traffic.

Continuous Query Refresh

MaaS360 query mechanisms recheck endpoint attributes at a static frequency — approximately

once a day. However, after plugin installation, querying of endpoint properties is based on


Version 1.0.1

5

CounterACT policy recheck definitions. The conditions under which to recheck hosts that

match the policy. Specifically, you can define:

How often hosts are rechecked once they match a policy

Under what conditions to carry out the recheck

This ensures continuous, real-time endpoint evaluation that can be customized for each

CounterACT policy.

Queries for device core attributes are initiated on the basis of the endpoint MAC address. Core

attribute results return the device ID, which is used for further queries. As such, it is required

that CounterACT learn endpoint MAC addresses in order to initiate the query process. You can

use the MaaS360 Manageability Policy template to detect hosts at which MAC addresses are

not learned. See MaaS360 Device Manageability Policy Template for details.

Supported Devices

The following devices are supported by ForeScout MDM:

iOS

Android

BlackBerry

Windows Mobile

Symbian

The following devices are supported by the MaaS360 Integration Plugin:

iOS

Android

For exact OS version support, refer to the MaaS360 documentation:


Supported Network Infrastructures

Devices connected to the network via a WiFi connection.

What to Do

To use the MaaS360 Integration Plugin, perform the following tasks:

1. Verify that you have met software and networking requirements.

See Requirements.

2. Install, configure and test the plugin.

See Installation and Configuration.

3. Create CounterACT policies that detect, manage and remediate devices.

See MaaS360 Policy Templates and Working with CounterACT Policies.



Version 1.0.1

6

4. Connect to the ForeScout MaaS360 Console to configure device policies:

http://mdm.forescout.com/login

Refer to the documents at the following location for more technical information about the

ForeScout MDM solution.


Accessing Fixes Made after this Release

New issues may be discovered and fixed after this release. These fixes will be made available

as Beta fixes to the upcoming plugin version until the final version is posted on the ForeScout

customer support page.

You can access information about Beta fixes for the upcoming version at:

http://updates.forescout.com/support/files/plugins/fiberlink/1.0.1/Updates.pdf

In addition, you can contact the ForeScout Beta Manager at [email protected] to request the

Beta plugin update with the fixes.

Requirements

This section lists version, registration and networking requirements.

Version Requirements

This section lists version requirements.

CounterACT / Hotfix Requirements

CounterACT version 6.3.4.1, Hotfix 6.0 or above.

CounterACT version 6.3.4.10, Hotfix 1.0 or above.

Additional Plugin Requirements

HPS – Inspection Engine Plugin version 9.4.3 or above.

User Directory Plugin version 5.4.3 or above.

http://mdm.forescout.com/login


http://updates.forescout.com/support/files/plugins/fiberlink/1.0.1/Updates.pdf

mailto:[email protected]


Version 1.0.1

7

Registration and Activation Requirements

This section lists registration and activation requirements.

MaaS360 Registration and Activation

1. Register for access to the MaaS360 service at:

http://mdm.forescout.com

The service is available as 30-day free trial.

2. Activate the registration by sending an activation request to:

[email protected]

You will receive an email response with information required for configuring the

plugin, as well as other information.

Networking Requirements

Mobile devices managed by the MaaS360 service cannot establish a connection to the

MaaS360 cloud service via a proxy. If a proxy is setup at the enterprise network, you must

open port TCP/5223 to 17.0.0.0/8 on the enterprise firewall. By doing this, the proxy is

bypassed when the mobile device accesses the MaaS360 service.

Endpoint Requirements

Queries for device core attributes are initiated on the basis of the endpoint MAC address. Core

attribute results return the device ID, which is used for further queries. As such, it is required

that CounterACT learn endpoint MAC addresses in order to initiate the query process. You can

use the MaaS360 Manageability Policy template to detect hosts at which MAC addresses are

not learned. See MaaS360 Device Manageability Policy Template for details.

Installation and Configuration

This section describes how to install, configure and test the MaaS360 Integration Plugin. The

configuration is used to ensure that the plugin can communicate with the MaaS360 service.

To install:

1. After registering for the trail at http://mdm.forescout.com, you will receive an email

that provides a download link.

2. Download and save the plugin installation file to the machine where the CounterACT

Console is installed.

3. Log in to CounterACT and select Options from the Tools menu.

4. Select Plugins. The Plugins pane opens.


http://mdm.forescout.com/


Version 1.0.1

8

5. Select the Install button. The Open dialog box opens.

6. Navigate to the location where you saved the plugin installation file.

7. Select Install.

Once installed, the MaaS360 Integration Plugin automatically adds a MaaS360 HTTP

Redirect exception to the CounterACT NAC Redirect Exception list. CounterACT NAC

HTTP redirect exceptions are designed to ensure users can access business essential

Internet sites or important files on the Internet while allowing required HTTP blocking

and redirection. In this case, incorporating an m.dm exception and a fiberlink

exception ensures that devices can enroll with the MaaS360 service and still receive

required HTTP notifications. See MaaS360 Device Manageability Policy Template

for more information about this exception.

8. Start the plugin:

Select Mobile Integration – MaaS360 from the Plugins pane.

Select the Start button.

To configure the plugin:

1. Select Mobile Integration - MaaS360 from the Options window. The configuration is

used to ensure that the plugin can communicate with the MaaS360 service.


Version 1.0.1

9

2. Enter the following details about the MaaS360 service.

MaaS360 Web Service Billing ID*. (This information is used in the

Manageability template, HTTP notification actions when redirecting

endpoint Web sessions to the MDM enrollment site. See the MaaS360

Device Manageability Policy Template for details. )

MaaS360 Application ID*

MaaS360 Access Key*

MaaS360 Authentication Username

MaaS360 Authentication Password

This information is provided by email after you activate your registration. See

Registration and Activation Requirements for details.

3. In the MaaS360 Connected Appliance drop-down list, select the name of an

Appliance that will service as a proxy between the MaaS service and the Enterprise

Manager and enterprise Appliances. The CounterACT device listed here is the only

device that will communicate directly with the MaaS360 service. An Enterprise

Manager may not be selected here.

4. Select the Advanced tab.


Version 1.0.1

10

5. The MaaS360 Web Service URL Name field displays default values.

6. The MaaS360 Application Version field Name field displays default values.

7. The MaaS360 Platform ID field displays default values.

8. In the MaaS360 Query Threshold field, define the maximum number of query

requests to the MaaS360 service per threshold interval (defined in the following field).

9. In the MaaS360 Query Threshold Interval (Seconds) field, define the frequency that

the plugin should query the MaaS360 service.

10. Select the Use a Proxy Server checkbox if there is a proxy between the MaaS360

Connected Appliance and the MaaS360 service in the cloud.

11. Enter the IP address of the proxy server in the DNS Name or IP Address of the

Proxy Server field.

12. Enter the required proxy server port in the Port Number field.

Test Plugin Communication with the MaaS Service

Test the plugin communication with the MaaS service.

To test communication:

1. Select the Test tab.

2. In the Device MAC Address filed, enter the MAC address of device in order to test

plugin communication with the MaaS service. Do not enter colons. Use lower case.


Version 1.0.1

11

Displaying Inventory Data

Use the CounterACT Inventory to view a real-time display of MaaS360 device network

activity at multiple levels, for example, software installed, core attributes or hardware

information.

The inventory lets you:

Broaden your view of the organizational network from device-specific to

activity-specific.

View MaaS360 devices that have been detected with specific attributes.

Easily track MaaS360 device activity.

Incorporate inventory detections into policies.

To access the inventory:

1. Select the Inventory icon from the Console toolbar.

2. Navigate to the MaaS360 entries.


Version 1.0.1

12

The following information is available:

Core Attributes: Device Type, Platform Name

Hardware Inventory: Manufacturer, Model Operating System.

Software Installed

Refer to the CounterACT Console User’s Manual or the Console, Online Help for information

about how to work with the CounterACT Inventory.

MaaS360 Policy Templates

Two templates are available for detecting, managing and remediating MaaS360 devices:

MaaS360 Device Manageability Policy Template

MaaS360 Device Compliance Policy Template

MaaS360 Device Manageability Policy Template

Use this policy to detect Maas360 unmanageable devices. Devices that are unmanageable:

Have not been detected with a MAC address

Queries for device core attributes are initiated on the basis of the endpoint MAC

address. Core attribute results return the device ID, which is used for further queries.

Cannot be accessed via CounterACT at the MaaS360 Cloud

Are not listed with the MaaS360 service

Have not enrolled with the MaaS360 service


Version 1.0.1

13

Remediation options, disabled by default, let you block unmanageable devices from the

corporate network and redirect device user web sessions to a page where they can register for

the purpose of becoming manageable.

Prerequisites

Consider which hosts you want to inspect. The policy does not handle hosts

outside of the Internal Network.

You should run the Asset Classification template first. The Hand Held group

generated when running the Asset Classification template is included in

MaaS360 Device Manageability template Scope. The template was most likely

run during initial CounterACT setup.

Verify that you have configured the MaaS360 Integration Plugin.

Using the MaaS360 Device Manageability Template

This section describes how to use the MaaS360 Device Manageability template.

To use the MaaS360 Device Manageability template:

1. Select Add from the Policy Manager.

2. Navigate to the Mobile> MaaS360 folder and select the MaaS360 Device

Manageability template.

3. Select Next. The Name page opens.


Version 1.0.1

14

4. Accept the default name or change it as required and enter a description.

5. Select Next. The Scope dialog box opens. Use the dialog box to define which hosts

should be inspected.


Version 1.0.1

15

6. Select one of the following from the IP Address Range dialog box. Your selection

appears in the IP Ranges section of the Scope page.

Select the All button to include all IP addresses.

Insert an IP address range.

Select a network segment.

The Hand Held group, generated from the Asset Classification policy, is automatically

included in the Filter by Group section of the Scope. This ensures that only mobile

devices are inspected.

7. Select Next. The Enrollment Address page opens.

8. The address listed here is retrieved from the billing ID that you defined in the plugin

configuration, MaaS360 Web Service Billing ID field and is used for the purpose of

redirecting the endpoint user to enroll with the MaaS360 service. After enrollment,

devices can be managed.

9. Select Next. The Sub-Rules page opens. This page displays policy condition and

actions.


Version 1.0.1

16

10. Policy conditions tell CounterACT how to detect hosts. Unmanageable hosts are

detected according to the following criteria:

Hosts without a MAC address.

Hosts not listed with the MaaS360 service

Hosts not enrolled with the MaaS360 service

The policy condition also verifies that CounterACT has access to the MaaS360 Cloud

service. Hosts are inspected by each sub-rule in the order shown, until a match is

found.

11. Policy actions instruct CounterACT how to respond to endpoints that are not enrolled

or listed.

Add to Group: Endpoints are automatically added to the CounterACT

groups MaaS360 Not Listed and MaaS360 Not Enrolled. You can add

these groups to other policy scopes for further handling.

Virtual Firewall: Blocks all endpoint traffic, with the exception of traffic

transmitted at port 80/TCP. This action is disabled by default.

HTTP Notification: Endpoint web sessions are redirected to a page where

users can register for the purpose of becoming manageable. See About

HTTP Notification Actions. This action is disabled by default.

About Enrollment

This section describes how the device enrollment process works.

When working with the template HTTP redirection actions, unmanageable endpoint web

sessions are redirected to a MaaS360 enrollment site where users can register for the purpose

of becoming manageable, i.e. they are enrolled and listed with the MaaS 360 service. This

action is disabled by default.

The device user is redirected to the following location:

https://services.fiberlink.com/dp/a.htm?c=1016686


Version 1.0.1

17


Version 1.0.1

18

The user will be required to authenticate using Active Directory.

To ensure the enrollment process, verify that you have reviewed System Requirements for the

Cloud Extender for User Authentication and User Visibility Modules (MaaS360 for Mobile

Devices). A link to this information can be found at

http://updates.forescout.com/online/help/mdm/ForeScout_MDM_doc.pdf (ForeScout MDM

Technical Documentation and Support Contacts). Follow the link to Installation Guide for

Cloud Extender.

About HTTP Notification Actions

This section describes automated processes that occur when using HTTP notification actions,

available when working with the Not Listed and Not Enrolled sub-rules.

CounterACT HTTP Redirect Exceptions

Billing ID

CounterACT HTTP Redirect Exceptions

To avoid blocking access to the MDM enrollment site when working with the HTTP

Notification actions, the MDM enrollment link is automatically added to the CounterACT

NAC Redirect exception list. This list is designed to ensure that users can access business

essential Internet sites or important files on the Internet while allowing required HTTP

blocking and redirection. In this case, incorporating an m.dm exception and a fiberlink

exception ensures that devices can enroll with the MaaS360 service and still receive required

HTTP notifications. This redirect exception is automatically created when the plugin is

installed.

MaaS360 Web Service Billing ID

The MaaS360 Web Service Billing ID URL entered in the plugin configuration, MaaS360

Web Service Configuration tab is automatically placed in the HTTP notification sent when

working with the Not Listed and Not Enrolled sub-rules. This sight navigates to the MaaS360

enrollment site.



Version 1.0.1

19

The URL is originally received after activating your registration. See Registration and

Activation Requirements for details.

MaaS360 Device Compliance Policy Template

Use this policy to detect Maas360 compliant devices. Devices that are compliant:

Are not running unauthorized applications

Are not jailbroken or rooted

Are compliant based on MaaS360 criteria

Have installed the Fiberlink App

Remediation options, disabled by default, let you block non-compliant devices from the

corporate network and redirect device user web sessions to a remediation notification page.


Version 1.0.1

20

Prerequisites

In order to detect unauthorized applications you must create an unauthorized

application list in CounterACT. See Creating Unauthorized Application Lists.

Verify that you can detect the MAC address of devices that you are inspecting.

Consider which hosts you want to inspect. The policy does not handle hosts

outside of the Internal Network.

You should run the MaaS360 Device Manageability template before running

this template. The MaaS360 Devices Enrolled group generated when running

the MaaS360 Device Manageability template is included in the MaaS360

Device Compliance template scope.

Using the MaaS360 Device Compliance Template

This section describes how to use the MaaS360 Device Compliance template.

To use the MaaS360 Device Compliance template:

1. Select Add from the Policy Manager.

2. Navigate to the Mobile> MaaS360 folder and select the MaaS360 Device Compliance

template.

3. Select Next. The Name page opens.


Version 1.0.1

21

4. Accept the default name or change it as required and enter a description.

5. Select Next. The Scope dialog box opens.


Version 1.0.1

22

6. Select one of the following from the IP Address Range dialog box. Your selection

appears in the IP Ranges section of the Scope page.

Select the All button to include all IP addresses.

Insert an IP address range.

Select a network segment.

The MaaS360 Devices Enrolled group, generated from the MaaS360 Device

Manageability policy, is automatically included in the Filter by Group section of the

Scope. This ensures that only enrolled (manageable) devices are inspected.

7. Select Next.

8. The Sub-Rules page opens. This page displays policy condition and actions.

9. Policy conditions tell CounterACT how to detect hosts. Devices that are not compliant

are detected according to the following criteria:

Devices that are running unauthorized applications

Devices that are jailbroken (iOS) or rooted (Android)

Devices that are not compliant based on MaaS360 criteria

Devices that have not installed the Fiberlink App

10. Policy actions instruct CounterACT how to respond to endpoints that are not

compliant.

Add to Group: Endpoints are automatically added to the MaaS360 - Non

Compliance Devices group. You can add this group to other policy scopes

for further handling.

Virtual Firewall: Blocks all endpoint traffic, with the exception of traffic

transmitted at port 80/TCP. This action is disabled by default.

HTTP Notification: Endpoint web sessions are redirected. A notification

page is displayed indicating the non-compliant issue detected; warning the

user that access to the corporate network is blocked and instructing the

user to contact IT to remediate the issue. This action is disabled by default.


Version 1.0.1

23

Creating Unauthorized Application Lists

In order to work with the MaaS360 Compliance Policy template, you will need to compile a

list of applications that you want to prohibit on your network.

An unauthorized applications list is automatically created using the CounterACT Lists feature

when the plugin is installed. You will need to add the applications you want to prohibit to the

predefined List. The list is automatically incorporated into the Unauthorized Applications

Installed sub-rule.


Version 1.0.1

24

To add an application to the list:

1. Select the Options icon from the Console toolbar and then select Lists.


Version 1.0.1

25

2. Select the Edit button. The Edit List dialog box opens.

3. Select the Add button. The Add Value dialog box opens.

4. Enter the name of the application you want to prohibit, and select OK.


Version 1.0.1

26

5. Enter a description of the application in the Description field of the Edit List dialog

box, and select OK. The application appears in the Lists Manager.

6. The following options are available for creating lists of unauthorized applications:

Working with CounterACT Policies

This section describes how to use CounterACT policies to detect and control MaaS360

devices. Create or edit a policy and use policy conditions to detect these devices with specific

properties.

To create a policy:

1. Log in to the CounterACT Console.

2. Select the Policy icon from the Console toolbar.

3. Create or edit a policy. For information about working with policies, select the Help

button on the policy wizard.

Detecting MaaS360 Devices - Policy Properties

CounterACT policy conditions and properties let you instruct CounterACT which MaaS360

devices to detect, for example devices with specific restrictions.

Expand the MaaS360 folder from a policy that you have created properties to be included in

the policy condition. An extensive range of properties can be detected. The categories include:

Core Attributes

Security and Compliance

Hardware Inventory

Network Information

Additional Information

Open Property Search


Version 1.0.1

27

Core Attributes

MaaS360

Device ID

Indicates the MaaS360 device ID.

MaaS360

Device Name

Indicates the MaaS360 device name.

MaaS360

Device Online

Indicates if the MaaS360 device is online.

MaaS360

Device Status

Indicates the MaaS360 device active status, including:

Device Active

Device Not Active

MaaS360 Last

Reported

Indicates the date/time of the last reported event on a host.

MaaS360

Managed

Status

Indicates the managed status of the MaaS360 device including:

Enrolled

Not Active

Not Enrolled

Pending Control Removal

User Removed Control

MaaS360

Platform Name

Indicates the platform on which the MaaS360 device is running

Android

iOS


Version 1.0.1

28

MaaS360 User

Name

Indicates the user name associated with the MaaS360 device.

Security and Compliance

MaaS360

Android Device

Rooted

Indicates if an enrolled Android device is rooted.

MaaS360

Android

Settings Failed

to Configure

Indicates if certain settings were not configured on an Android

host.

MaaS360

Compliance

State

Indicates the MaaS360 Compliance state of the host, including:

In Compliance

Not Available

Out of Compliance

MaaS360

Device

Passcode

Status

Indicates the MaaS360 device passcode status including:

Compliant

Not Available

Not Compliant per Profiles

Not Compliant

Not Compliant per all Requirements

Not Enabled

Passcode Policy Configured

Passcode Policy Not Configured

Pending Compliance Confirmation

MaaS360

Device

Restrictions

Indicates restrictions configured on the MaaS360 device

including:

Allow Installing of Applications

Allow Screen Capture

Allow Use of Camera

Allow Use of YouTube

Allow User of iTunes Music Store

Allow User of Safari

MaaS360

Hardware

Encryption

Indicates if certain hardware encryption values were detected on

the host.

MaaS360 MDM

Policy

Indicates an MDM policy applied to the MaaS360 device.

MaaS360 iOS

Mailbox

Approval State

Indicates the mailbox approval status of the MaaS360 device

including:

Approved

Blocked


Version 1.0.1

29

Device Discovery

Not Available

Quarantined

MaaS360 Out

of Compliance

Reasons

Indicates if certain compliance out of compliance reasons were

detected on the host.

MaaS360 iOS

Device

JailBroken

Indicates if the MaaS360 device is jailbroken.

Hardware Inventory

MaaS360

Custom

Attributes

Indicates devices that were detected with specific MaaS360

device attributes, including an attribute or value.

MaaS360 Email

Address

Indicates the Email Address of the MaaS360 device.

MaaS360

Manufacturer

Indicates the manufacturer of the MaaS360 device.

MaaS360

Model

Indicates the model of the MaaS360 device.

MaaS360

Operating

System

Indicates the Operating System running on the MaaS360 device.

MaaS360

Ownership

Indicates the ownership of the MaaS360 device.

Network Information

MaaS360

ICCID

Indicates an ICCID value detected on the MaaS360 device.

MaaS360

Phone Number

Indicates the phone number associated with the MaaS360 device.

Additional Information

Maas360

Software

Installed

Indicates if specific software is installed on the MaaS360 device.

Connectivity to

Maas360 Cloud

Indicates if CounterACT is connected to the MaaS360 cloud

MaaS360

Listed in

Service

Indicates if the device is listed in MaaS360 service.


Version 1.0.1

30

Open Property Search

If the attributes you are looking for do not appear in any of the MaaS360 folders, you

can use the Open Property search options to discover if a certain attribute exists or

does not exist on a host, and fine-tune the search by looking for attributes that were

detected at a certain date/time, with a certain integer or string.

To work with Open Property tools:

1. Select the MaaS360 Plugin from the Plugin pane, and then select the Test button. The

test results generate a list of attributes that can be used when working with open

properties.

2. Copy an attribute name and paste it into the Attribute name section of a MaaS360

Open Properties property and enter the remaining property information.


Version 1.0.1

31

MaaS360 Open

Property

Boolean

Indicates if a specific attribute exists on the device or not.

MaaS360 Open

Property Date

Indicates if a specific attribute exists on the device or not and if

the attribute was detected at a certain date and time.

MaaS360 Open

Property

Integer

Indicates if a specific attribute exists on the device or not and if

the attribute included a certain integer.

MaaS360 Open

Property String

Indicates if a specific attribute exists on the device or not, and if

the attribute included a certain string.

Tag MaaS360 Devices - Policy Actions

Custom Attribute Value Action

Detect devices using a CounterACT policy and tag the devices with a user-defined Attribute

Name and Attribute Value. This information is sent to the MaaS360 service cloud. For

example, use CounterACT to detect devices that were resolved as guests and tag them as:

Attribute Name: East Coast Office

Attribute Value: Guest

Devices will appear as East Coast Office Guests at the MaaS360 Console.


Version 1.0.1

32

Refresh Device Information Action

The Refresh Device Information action triggers the MaaS360 service to refresh MaaS360

attributes on the device.


Version 1.0.1

33

Legal Notice

Copyright © ForeScout Technologies, 2000-2012. All rights reserved.

The copyright and proprietary rights in the guide belong to ForeScout Technologies. It is strictly forbidden to

copy, duplicate, sell, lend or otherwise use this guide in any way, shape or form without the prior consent of

ForeScout Technologies.

This product is based on software developed by ForeScout Technologies. The products described in this

document are protected by U.S. patent # 6,363,489 issued March 2002 and may be protected by other U.S.

Patents and foreign patents.

Redistribution and use in source and binary forms are permitted, provided that the above copyright notice

and this paragraph are duplicated in all such forms and that any documentation, advertising materials and

other materials related to such distribution and use, acknowledge that the software was developed by

ForeScout Technologies.

THIS SOFTWARE IS PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED

WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF

MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

All other trademarks used in this document are the property of their respective owners.

Send comments and questions regarding documentation to: [email protected]

6/5/12


CounterACT Plugin Configuration Guide for … Plugin Configuration Guide for ForeScout Mobile...

Documents

Transcript of CounterACT Plugin Configuration Guide for … Plugin Configuration Guide for ForeScout Mobile...