ExtraHop RevealX 360

ExtraHop Reveal(x) 360 is a SaaS-based security solution providing unified visibility and protection across hybrid and multicloud environments. ExtraHop helps detect and mitigate threats such as ransomware and software supply chain attacks. For detailed information, refer to the ExtraHop’s official documentation.

Integration Method: API

Tables: Device Inventory Info (5001), Detection Finding (2004)

This integration supports the following events.

This integration supports the following versions.

Note:

ExtraHop Reveal X 360 doesn’t follow a traditional versioning system. Instead, it is a continuously updated cloud service.

Prerequisites

• The user should have system and access administration privileges of ExtraHop.

• The user should have access to the DataBee console.

Configuration Overview

1. Create REST API Credentials with required permissions to fetch the data.

2. Create ExtraHop Reveal X 360 data feed in the DataBee console with the required Client credentials.

   DataBee Parameter	ExtraHop Parameter
   API Base URL <instance>	API Endpoint
   Client Key	ID
   Client Secret	Secret
   Token URL <instance>	API Endpoint

ExtraHop Configuration

1. Login to the ExtraHop Reveal(X) 360 Dashboard.

2. From the Settings icon of top right corner, navigate to System Settings and then select All Administration.
   

3. From “All Administration” page, navigate to API Access.
   

4. Enable the Manage API Access then click Create Credentials.
   

5. Click on Create Credentials, enter the Credential ‘Name’, select the following access rights, and then click on Save.

   Access Type	Access
   System Access	Full read-only
   NDR Module Access	Full access
   NPM Module Access	Full access

   

6. Make sure to copy the credentials and save them in your machine for later use.
   Example API Endpoint: https://yourInstance.api.cloud.extrahop.com
   Here, in the above example, ‘yourInstance’ represents the instance value.
   
   

   Note:

   Make sure to copy and save secret as it will not be shown again.

DataBee Configuration

1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
   

2. Search for the ExtraHop Reveal(X) 360 and click it as shown below.
   

3. Click on the API Ingest option for collection method.
   

4. Enter feed contact information and click Next.
   

5. In the configuration page, confirm the following:

   • Authorization Method: OAuth2

   • API Base URL: replace <instance> with your instance value got from API Endpoint.

   • Client Key: paste the ID generated earlier.

   • Client Secret: paste the Secret generated earlier.

   • Token URL: replace <instance> with your instance value got from API Endpoint.

   • Event Types: preselected for all the event types that integration pulls.

   

6. Click Submit.

Troubleshooting Tips

• If you are facing an invalid client error, it might be due to incorrect credentials. Please ensure that the ID and secret are pasted correctly. Since the secret cannot be viewed after the first time, re-create the API client, paste the generated credentials into a text editor to verify that there are no spaces or unexpected characters, and then reconfigure the DataBee feed.