ExtraHop Reveal(X) 360

ExtraHop 

ExtraHop gives organizations visibility into cyber threats, vulnerabilities, and network performance issues that evade their existing security and IT tools. With this insight, organizations can investigate smarter, stop threats faster, and keep operations running. 

Integration Method: API
Tables: Device Inventory, Detection Finding

DataBee connects to ExtraHop APIs for the purpose of getting data related to Alerts and Devices. This integration has been tested against the ExtraHop API version v1. 

ExtraHop Configuration

1. Login to the Extrahop Dashboard. 

2. Navigate to System Settings and then select All Administration 

3. Navigate to API Access from All Administration page. 

4. Enable the Manage API Access then click create credentials 

5. Click on Create Credentials and enter the credentials Name, and select the access rights. DataBee requires Read Only access 

6. Click on Save and then you’ll see the id , secret and token URL.  Copy the credentials and save it in your machine for Authentication.   

DataBee Configuration

1. In DataBee console, navigate to the Data tab and click on Add new Datasource

2. Search for ExtraHop and select it.

3. Click on API Ingest and enter datasource owner information on the dialog box. Click Next 

4. In the next set of fields, enter the credentials.

   1. Authorization Method: OAuth2

   2. Client Key: Replace with ID saved earlier

   3. Client Secret: Replace with Secret saved earlier

   4. Token URL & API URL: Replace the instance with your specific sub domain

5. Click Submit