Login
      Contents x
      Integrate ExtraHop Enterprise with Red Canary
      • 24 Jul 2024
      • 1 Minute to read
      • PDF
      Contents

      Integrate ExtraHop Enterprise with Red Canary

      • Updated on 24 Jul 2024
      • 1 Minute to read
      • PDF
      Article summary

      Integrating ExtraHop Enterprise with Red Canary amplifies threat detection and response capabilities by combining real-time network visibility with advanced threat hunting. We leverage ExtraHop’s comprehensive network traffic analysis to identify suspicious activities, providing you with a robust defense against cyberattacks. To integrate ExtraHop Reveal X  with Red Canary, follow the procedure below from beginning to end.

      Step 1: Red Canary–Create your Red Canary generated URL

      Create a Red Canary generated-URL to send ExtraHop Reveal X alerts for ingestion. 

      1. From your Red Canary homepage, click Integrations, and See all integrations.

      2. Type and select ExtraHop Enterprise.

      3. Click Configure.

      4. Enter a Name for your external alert source.  

      5. Select a Display Category.

      6. Under the Ingest Format/Method dropdown, select ExtraHop via HTTP.

      7. Click Save Configuration.

      8. Click Edit Configuration.

      9. Click Activate.

      10. Copy and save the URL and Port number.

        2.png

      Step 2: ExtraHop Reveal X–Create an open data stream

      Enable your Red Canary alert source endpoint as a valid data export stream from your ExtraHop dashboard.

      1. From your ExtraHop dashboard, click System Settings.

      2. From the Administration section, click All Administration.

        3.png

      3. From the System Configuration section, click Open Data Streams.

      4. Click Add Target.

      5. From the Target Type dropdown, select HTTP

      6. For the Name field, enter RedCanary (all one word).

      7. For the Host field, enter the host name from the URL provided in Step 1.11.

        Example:

        URL: https://testprod-use9-abcdefg.prod1.collectors.redcanary.io:123/random/

        Host name: testprod-use9-abcdefg.prod1.collectors.redcanary.io

      8. For the Port field, enter the Port number from Step 1.11.

      9. From the Type dropdown, select HTTPS.

      10. Scroll down, and then click Save.

        4.png

      Step 3: ExtraHop Reveal X–Upload the Red Canary bundle into ExtraHop

      Upload the Red Canary provided bundle into ExtraHop to start sending telemetry to Red Canary.

      1. Download this ExtraHop bundle.

      2. To upload and install the bundle into your ExtraHop system, follow these instructions.

      3. From your ExtraHop dashboard, click System Settings.

      4. From the Administration section, click Triggers.

        5.png

      5. Click the Red Canary Data Stream trigger.

      6. Click Edit Trigger Script.

      7. Copy and paste the URL from Step 1.11 into the integration URL line.

        Example: https://testprod-use9-abcdefg.prod1.collectors.redcanary.io:123/random/

      8. Copy and paste the Stream name from Step 2.6 into the remoteStreamName line.

        7.png

      9. Click Save.

      Red_Canary_ExtraHop_Enterprise_Integration.json

      Was this article helpful?
      What's Next
      PRODUCTS
      USE RED CANARY
      SUPPORT
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout