This article leads you through the process of integrating ExtraHop Reveal X with Red Canary. Follow the procedure from beginning to end.
Step 1: Red Canary–Create your Red Canary generated URL
Create a Red Canary generated-URL to send ExtraHop Reveal X alerts for ingestion.
- From your Red Canary homepage, click Integrations.
- From the Integrations section, locate and then click the security product you want to integrate with Red Canary.
Note: If you do not see your security product listed, click See all integrations. - In the search bar, type and then select your third-party security source.
- Continue onto the next step by configuring your third-party security source in Red Canary.
Note: Your third-party security source may require that you contact Red Canary to configure. - Enter a Name for your external alert source.
- Select a Display Category.
- Under the Ingest Format/Method dropdown, select ExtraHop via HTTP.
- Click Save Configuration.
- Click Edit Configuration.
- Click Activate.
- Copy and save the URL and Port number.
Step 2: ExtraHop Reveal X–Create an open data stream
Enable your Red Canary alert source endpoint as a valid data export stream from your ExtraHop dashboard.
- From your ExtraHop dashboard, click System Settings.
- From the Administration section, click All Administration.
- From the System Configuration section, click Open Data Streams.
- Click Add Target.
- From the Target Type dropdown, select HTTP.
- For the Name field, enter RedCanary (all one word).
- For the Host field, enter the host name from the URL provided in Step 1.11.
Example:
URL: https://testprod-use9-abcdefg.prod1.collectors.redcanary.io:123/random/
Host name: testprod-use9-abcdefg.prod1.collectors.redcanary.io
- For the Port field, enter the Port number from Step 1.11.
- From the Type dropdown, select HTTPS.
- Scroll down, and then click Save.
Step 3: ExtraHop Reveal X–Upload the Red Canary bundle into ExtraHop
Upload the Red Canary provided bundle into ExtraHop to start sending telemetry to Red Canary.
- Download this ExtraHop bundle.
- To upload and install the bundle into your ExtraHop system, follow these instructions.
- From your ExtraHop dashboard, click System Settings.
- From the Administration section, click Triggers.
- Click the Red Canary Data Stream trigger.
- Click Edit Trigger Script.
- Copy and paste the URL from Step 1.11 into the integration URL line.
Example: https://testprod-use9-abcdefg.prod1.collectors.redcanary.io:123/random/
- Copy and paste the Stream name from Step 2.6 into the remoteStreamName line.
- Click Save.
Comments
0 comments
Please sign in to leave a comment.