This article leads you through the process of integrating ExtraHop Reveal(x) 360 with Red Canary. Follow the procedure from beginning to end.
Step 1: ExtraHop Reveal(x) 360–Create REST API credentials
Red Canary uses your representational state transfer (REST) API credentials to make REST calls to your cloud instance in order to start receiving your alerts.
- From your ExtraHop dashboard, click system settings.
- From the Administration section, click API Access.
- Click Create Credentials.
- Name your REST API Credential.
- From the Privileges section, select Full read-only.
- From the Packet Access section, select No Access.
- From the Detections Access section, select All detections.
- Click Save.
- Copy and save the API Endpoint, ID and Secret for your REST API Credentials.
Step 2: Red Canary–Connect ExtraHop Reveal(x) 360 API REST credentials to Red Canary
Connect your ExtraHop API REST credentials to Red Canary to start sending your alerts.
- From the Red Canary homepage, click Integrations, and then click Alert Sources.
- In the search bar, type and select ExtraHop Reveal(x) 360.
- To configure your new alert source, scroll down and click ExtraHop Reveal(x) 360.
- Click Edit Configuration.
- Enter a Name for your external alert source.
- Select a Display Category.
- Under the Ingest Format/Method dropdown, select ExtraHop via API Poll.
- Enter your ExtraHop Client ID from Step 1.10.
- Enter your ExtraHop Client Secret from Step 1.10.
- Enter your ExtraHop API Host from Step 1.10.
- Click Save Configuration.
- Click Edit Configuration.
- Click Activate.
Comments
0 comments
Please sign in to leave a comment.