This article leads you through the process of integrating ExtraHop Reveal X with Red Canary. Follow the procedure from beginning to end.  

Step 1: Red Canary–Create your Red Canary generated URL

Create a Red Canary generated-URL to send ExtraHop Reveal X alerts for ingestion. 

1. From your Red Canary homepage, click Integrations.
   
2. From the Integrations section, locate and then click the security product you want to integrate with Red Canary.
   Note: If you do not see your security product listed, click See all integrations.
    
3. In the search bar, type and then select your third-party security source.
   
4. Continue onto the next step by configuring your third-party security source in Red Canary.
   Note: Your third-party security source may require that you contact Red Canary to configure.
   
5. Enter a Name for your external alert source.  
6. Select a Display Category.
7. Under the Ingest Format/Method dropdown, select ExtraHop via HTTP.
8. Click Save Configuration.
9. Click Edit Configuration.
10. Click Activate.
11. Copy and save the URL and Port number.
    
12.  

Step 2: ExtraHop Reveal X–Create an open data stream

Enable your Red Canary alert source endpoint as a valid data export stream from your ExtraHop dashboard.

1. From your ExtraHop dashboard, click System Settings.
2. From the Administration section, click All Administration.
   
   
3. From the System Configuration section, click Open Data Streams.
4. Click Add Target.
5. From the Target Type dropdown, select HTTP. 
6. For the Name field, enter RedCanary (all one word).
7. For the Host field, enter the host name from the URL provided in Step 1.11.

   Example:
   

   URL: https://testprod-use9-abcdefg.prod1.collectors.redcanary.io:123/random/

   Host name: testprod-use9-abcdefg.prod1.collectors.redcanary.io

8. For the Port field, enter the Port number from Step 1.11.
9. From the Type dropdown, select HTTPS.
10. Scroll down, and then click Save.
    
    

Step 3: ExtraHop Reveal X–Upload the Red Canary bundle into ExtraHop

Upload the Red Canary provided bundle into ExtraHop to start sending telemetry to Red Canary.

1. Download this ExtraHop bundle.
   
2. To upload and install the bundle into your ExtraHop system, follow these instructions.
3. From your ExtraHop dashboard, click System Settings.
4. From the Administration section, click Triggers.
   
   
5. Click the Red Canary Data Stream trigger.
6. Click Edit Trigger Script.
7. Copy and paste the URL from Step 1.11 into the integration URL line.
   

   Example: https://testprod-use9-abcdefg.prod1.collectors.redcanary.io:123/random/

8. Copy and paste the Stream name from Step 2.6 into the remoteStreamName line.
   
   
9.  Click Save.