Skip to main content
Red Canary help

Integrate ExtraHop Reveal X Enterprise with Red Canary

  • Updated .

This article leads you through the process of integrating ExtraHop Reveal X with Red Canary. Follow the procedure from beginning to end.  

Step 1: Red Canary–Create your Red Canary generated URL

Create a Red Canary generated-URL to send ExtraHop Reveal X alerts for ingestion. 

  1. From the navigation menu, click Integrations, and then click Alert Sources.
  2. In the search bar, type and select ExtraHop Enterprise.
    1.png
  3. To configure your new alert source, scroll down and click ExtraHop Enterprise.
  4. Click Edit Configuration.
  5. Enter a Name for your external alert source.  
  6. Select a Display Category.
  7. Under the Ingest Format/Method dropdown, select ExtraHop via HTTP.
  8. Click Save Configuration.
  9. Click Edit Configuration.
  10. Click Activate.
  11. Copy and save the URL and Port number.
    2.png

Step 2: ExtraHop Reveal X–Create an open data stream

Enable your Red Canary alert source endpoint as a valid data export stream from your ExtraHop dashboard.

  1. From your ExtraHop dashboard, click System Settings.
  2. From the Administration section, click All Administration.
    3.png
  3. From the System Configuration section, click Open Data Streams.
  4. Click Add Target.
  5. From the Target Type dropdown, select HTTP
  6. For the Name field, enter RedCanary (all one word).
  7. For the Host field, enter the host name from the URL provided in Step 1.11.

    Example:

    URL: https://testprod-use9-abcdefg.prod1.collectors.redcanary.io:123/random/

    Host name: testprod-use9-abcdefg.prod1.collectors.redcanary.io

  8. For the Port field, enter the Port number from Step 1.11.
  9. From the Type dropdown, select HTTPS.
  10. Scroll down, and then click Save.
    4.png

Step 3: ExtraHop Reveal X–Upload the Red Canary bundle into ExtraHop

Upload the Red Canary provided bundle into ExtraHop to start sending telemetry to Red Canary.

  1. Download this ExtraHop bundle.
  2. To upload and install the bundle into your ExtraHop system, follow these instructions.
  3. From your ExtraHop dashboard, click System Settings.
  4. From the Administration section, click Triggers.
    5.png
  5. Click the Red Canary Data Stream trigger.
  6. Click Edit Trigger Script.
  7. Copy and paste the URL from Step 1.11 into the integration URL line.

    Example: https://testprod-use9-abcdefg.prod1.collectors.redcanary.io:123/random/

  8. Copy and paste the Stream name from Step 2.6 into the remoteStreamName line.
    7.png
  9.  Click Save.

Comments

0 comments

Please sign in to leave a comment.