This article leads you through the process of integrating ExtraHop Reveal(x) 360 with Red Canary. Follow the procedure from beginning to end.
Step 1: ExtraHop Reveal(x) 360–Create REST API credentials
Red Canary uses your representational state transfer (REST) API credentials to make REST calls to your cloud instance in order to start receiving your alerts.
- From your ExtraHop dashboard, click system settings.
- From the Administration section, click API Access.
- Click Create Credentials.
- Name your REST API Credential.
- From the Privileges section, select Full read-only.
- From the Packet Access section, select No Access.
- From the Detections Access section, select All detections.
- Click Save.
- Copy and save the API Endpoint, ID and Secret for your REST API Credentials.
Step 2: Red Canary–Connect ExtraHop Reveal(x) 360 API REST credentials to Red Canary
Connect your ExtraHop API REST credentials to Red Canary to start sending your alerts.
- From your Red Canary homepage, click Integrations.
- From the Integrations section, locate and then click the security product you want to integrate with Red Canary.
Note: If you do not see your security product listed, click See all integrations.
- In the search bar, type and then select your third-party security source.
- Continue onto the next step by configuring your third-party security source in Red Canary.
Note: Your third-party security source may require that you contact Red Canary to configure.
- Enter a Name for your external alert source.
- Select a Display Category.
- Under the Ingest Format/Method dropdown, select ExtraHop via API Poll.
- Enter your ExtraHop Client ID from Step 1.10.
- Enter your ExtraHop Client Secret from Step 1.10.
- Enter your ExtraHop API Host from Step 1.10.
- Click Save Configuration.
- Click Edit Configuration.
- Click Activate.