Login
      Contents x
      Integrate ExtraHop Reveal(x) 360 with Red Canary
      • 26 Aug 2024
      • 1 Minute to read
      • PDF
      Contents

      Integrate ExtraHop Reveal(x) 360 with Red Canary

      • Updated on 26 Aug 2024
      • 1 Minute to read
      • PDF
      Article summary

      Integrating ExtraHop Reveal(x) 360 with Red Canary provides a powerful combination of advanced network detection and response capabilities. By combining our expert threat hunting and incident response with ExtraHop’s real-time network visibility and threat detection you can significantly enhance your ability to identify, investigate, and neutralize complex cyberattacks. To integrate ExtraHop Reveal(x) 360 with Red Canary, follow the procedure below from beginning to end.

      Step 1: ExtraHop Reveal(x) 360–Create REST API credentials

      Red Canary uses your representational state transfer (REST) API credentials to make REST calls to your cloud instance in order to start receiving your alerts.

      1. From your ExtraHop dashboard, click system settings.

      2. From the Administration section, click API Access.

      3. Click Create Credentials.

        1.png

      4. Name your REST API Credential.

      5. From the System Access section, select Full read-only.

      6. From the NDR Module Access section, select Full access.

      7. From the NPM Module section, select Full access.

      8. From the Packet And Sessions Key Access section, select No access.

      9. Click Save.

      10. Copy and save the API Endpoint, ID and Secret for your REST API Credentials.

        3.png

      Step 2: Red Canary–Connect ExtraHop Reveal(x) 360 API REST credentials to Red Canary

      Connect your ExtraHop API REST credentials to Red Canary to start sending your alerts.

      1. From your Red Canary homepage, click Integrations, and See all integrations.

      2. Type and select ExtraHop Reveal(X) 360.

      3. Click Configure.

      4. Enter a Name for your external alert source.  

      5. Select a Display Category.

      6. Under the Ingest Format/Method dropdown, select ExtraHop via API Poll.

      7. Enter your ExtraHop Client ID from Step 1.10.

      8. Enter your ExtraHop Client Secret from Step 1.10.

      9. Enter your ExtraHop API Host from Step 1.10.

        5.png

      10. Click Save Configuration.

      11. Click Edit Configuration.

      12. Click Activate.

      Was this article helpful?
      What's Next
      PRODUCTS
      USE RED CANARY
      SUPPORT
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout