ExtraHop Trace Admin UI Guide

Introduction to the ExtraHop Trace Admin UI

The ExtraHop Trace Admin UI Guide provides detailed information about the administrator features and functionality of the ExtraHop Trace appliance.

In addition, this guide provides an overview of the global navigation and information about the controls, fields, and options available throughout the Trace Admin UI.

After you have deployed your Trace appliance, see the Trace Post-deployment Checklist.

We value your feedback. Please let us know how we can improve this document. Send your comments or suggestions to documentation@extrahop.com.

Supported Browsers

The following browsers are compatible with all ExtraHop appliances. We recommend that you install the latest version of the browser.

Firefox
Google Chrome
Internet Explorer 11
Safari

You must allow cookies and ensure that Adobe Flash Player is installed and enabled. Visit the Adobe website to confirm that Flash Player is installed and up-to-date.

This section describes the general layout of the Admin UI on a Trace appliance.

The toolbar contains the following controls or links:

Change default password: Opens the Change Password page so that you can specify a new Admin UI password. For more information, see the Change the default password for the setup user section.
Log out: Ends the Admin UI session on the Trace appliance. For more information, see the Log in and log out of the Admin UI section.
Help: Opens the built-in ExtraHop Trace Admin UI Guide.

The administration page contains the following sections:

Status and Diagnostics: Verify how the Trace appliance is functioning on the network.
Network Settings: Configure the network settings for the Trace appliance.
Access Settings: Configure access settings to the Trace appliance.
Appliance Settings: Configure the system-level settings for the Trace appliance.
Trace Cluster Settings: View statistics about currently running packet queries, and a list of all connected Discover and Command appliances.

Log in and log out of the Admin UI

The Admin UI on the Trace appliance is a secure web page that requires a username and a password to access the interface.

In a web browser, navigate to the Admin UI by typing https://<address>/admin, where <address> is the hostname or IP address of your ExtraHop appliance.

Type your username in the Username field and your password in the Password field, and then click Log In.

Note:

For physical appliances, the default username is setup and the password is the service tag number on the pullout tab on the front of the appliance. For virtual appliances, the default password is default.

To log out of the Admin UI, click Log out on the toolbar.

Status and Diagnostics

The Status and Diagnostics section includes metrics and logging data about the current state of the Trace appliance and enables system administrators to view the overall system health.

Health: Provides metrics about the operating efficiency of the Trace appliance.
Audit Log: Enables you to view event logging data and to change syslog settings; .
Fingerprint: Provides the unique hardware fingerprint for the Trace appliance.
Support Scripts: Enables you to upload and run support scripts.
Exception Files: Enable or disable the Trace appliance exception files.

Health

The Health page provides a collection of metrics that enable you check the operation of the Trace appliance. If issues occur with the Trace appliance, the metrics on the Health page help you to troubleshoot the problem and determine why the appliance is not performing as expected.

Help on this page

The metrics on this page can help you troubleshoot problems and determine why the ExtraHop appliance is not performing as expected.

System

Reports the following information about the system CPU usage and disk drives.

CPU User: Displays the percentage of CPU usage associated with the Trace appliance user.
CPU System: Displays the percentage of CPU usage associated with the Trace appliance.
CPU Idle: Displays the CPU idle percentage associated with the Trace appliance.
CPU IO: Displays the percentage of CPU usage associated with the Trace appliance IO functions.

Service Status

Reports the status of Trace appliance system services.

exadmin: Displays the time the Trace appliance web portal service started.
exconfig: Displays the time the Trace appliance config service started.
excap: Displays the time the Trace appliance capture service started.

Interfaces

Reports the status of Trace appliance network interfaces.

RX packets: Displays the number of packets received by the Trace appliance on the specified interface.
RX Errors: Displays the number of received packet errors on the specified interface.
RX Drops: Displays the number of received packets dropped on the specified interface.
TX Packets: Displays the number of packets transmitted by the Trace appliance on the specified interface.
TX Errors: Displays the number of transmitted packet errors on the specified interface.
TX Drops: Displays the number of transmitted packets dropped on the specified interface.
RX Bytes: Displays the number of bytes received by the Trace appliance on the specified interface.
TX Bytes: Displays the number of bytes transmitted by the Trace appliance on the specified interface.

Partitions

Reports the status and usage of Trace appliance components. The configuration settings for these components are stored on disk and retained even when the power to the appliance is turned off.

Name: Displays the Trace appliance settings that are stored on disk.
Options: Displays the read-write options for the settings stored on disk.
Size: Displays the size in gigabytes for the identified component.
Utilization: Displays the amount of memory usage for each of the components as a quantity and as percentage of total disk space.

Audit log

The audit log provides data about the operations of the system, broken down by component. The log lists all known events by timestamp with the most recent events at the top of the list. You can configure where to send these logs in the Syslog Settings section.

The appliance collects the following log data and reports the results on the Audit Log page.

Time: Specifies the time at which the event occurred.
User: Identifies the user who initiated the logged event.
Operation: Specifies the system operation that generated the logged event.
Details: Specifies the outcome of the event. Common results are Success, Modified, Execute, or Failure. Each log entry also identifies the originating IP address if that address is known.
Component: Identifies the appliance component that is associated with the logged event.

To configure the syslog settings:

Click Configure syslog settings.
In the Destination field, type the name of the of remote syslog server.
Click the Protocol drop-down list and select TCP or UDP.
In the Port field, enter the port number.
Click Test Settings to verify that your syslog settings are correct. If the settings are correct, you should see an entry in the syslog log file on the syslog server similar to the following:
```
Jul 27 21:54:56 extrahop name="ExtraHop Test" event_id=1
```
Once the syslog settings are configured, click Save.

Fingerprint

The Fingerprint page displays the device fingerprint for the Trace appliance. When pairing the Trace appliance with a Discover or Command appliance, make sure that the fingerprint displayed is exactly the same as the fingerprint shown on the join or pairing page.

If the fingerprints do not match, communications between the devices might have been intercepted and altered.

Run the default support script

The default support script gathers information about the state of the ExtraHop system for analysis by ExtraHop Support.

Log into the Admin UI on your ExtraHop appliance.
In the Status and Diagnostics section, click Support Scripts.
Click Run Default Support Script.
Click Run.
When the script completes, the Support Script Results page appears.
Click the name of the diagnostic support package that you want to download. The file saves to the default download location on your computer.
Send this file, typically named diag-results-complete.expk, to ExtraHop support.
The .expk file is encrypted and the contents are only viewable by ExtraHop Support. However, you can download the diag-results-complete.manifest file to view a list of the files collected.

View the diagnostic support packages on the system

In the Status and Diagnostics section, click Support Scripts.
Click View Support Script Results.

Download a selected diagnostic support package

Note:

Support script result files are encrypted and can be decrypted only by ExtraHop Support.

In the Status and Diagnostics section, click Support Scripts.
Click View Support Script Results.
Click the name of the diagnostic support package that you want to download. The file is download to your browser's default download location.

Delete a selected diagnostic support script results package

In the Status and Diagnostics section, click Support Scripts.
Click View Support Script Results.
Locate the diagnostic support package that you want to delete.
In the Action column, click the X icon.
At the prompt, click OK.

Run a custom support script

In the Status and Diagnostics section, click Support Scripts.
Click Run Custom Support Script.
Click Choose File.
Navigate to the diagnostic support script that you want to upload.
Select the file and click Open.
Click Upload to run the script on the ExtraHop appliance.

Run a default support script

Some support scripts only perform a function on the ExtraHop appliance, while other support scripts gather information about the state of the system for analysis by ExtraHop Support. If the support script generated a results package to send to ExtraHop Support, then the Admin UI redirects to the View Support Script Results page.

To create a diagnostic support package that can be downloaded and sent to the ExtraHop Support team:

In the Status and Diagnostics section, click Support Scripts.
Click Run Default Support Script.
Click OK.

Enable writing to exception files

When you enable the Exception File setting, a core file of the data stored in memory is written to the disk if the system unexpectedly stops or restarts. This file can help ExtraHop Support diagnose the issue.

Note:

Exception files are encrypted and can be decrypted only by ExtraHop Support.

In the Status and Diagnostics section, click Exception Files.
Click Enable Exception Files.

Disable writing to exception files

In the Status and Diagnostics section, click Exception Files.
Click Disable Exception Files.

Network settings

The Network Settings section provides the following configurable network connectivity settings.

Connectivity: Configure network connections.
SSL Certificate: Generate and upload a self-signed certificate.
Notifications: Set up alert notifications through email and SNMP traps.

The Trace appliance has two 10/100/1000baseT network ports and four 10 GbE SFP+ network ports. By default, the Gb3 port is configured as the management port and requires an IP address. Port 5 is the default monitor (or capture) interface.

Before you begin configuring the network settings, verify that a network patch cable connects the Gb3 port on the Trace appliance to the management network. For more information about installing a Trace appliance, see the ExtraHop Trace appliance deployment guide or contact ExtraHop Support for assistance.

For specifications, installation guides, and more information about your appliance, see the complete ExtraHop documentation set at docs.extrahop.com.

Atlas Services

Atlas Services provide ExtraHop customers with a remote analysis report that is delivered monthly. The report contains specific recommendations for critical components across the application delivery chain.

Connect to Atlas services

Note:

You can connect Discover, Explore, and Trace appliances to Atlas Services, but you cannot connect Command appliances to Atlas Services.

In the Network Settings section, click Atlas Services.
On the Connect to Atlas Services page, click Terms and Conditions to read about the service agreement.
The Atlas subscription services agreement opens in the browser or downloads the file to your computer.
Return to the Connect to Atlas Services page and select the checkbox next to Terms and Conditions.
Click Test Connectivity to make sure the connection is successful. If you have problems connecting to the Atlas service, see the Troubleshoot an Atlas Connection for troubleshooting suggestions.
Click Connect.

Disconnect from Atlas services

If you no longer want to receive Atlas reports, you can disconnect from the subscription service.

In the Network Settings section, click Atlas Services.
Click OK to disconnect, and then click Done.

Connectivity

To connect the appliance to the host network, the following network configuration is required:

Network Settings

Hostname: Specifies the name of the appliance on the network.
Primary DNS: Specifies the IP address of the primary domain name server for the specified domain
Secondary DNS: (Optional) Specifies the IP address of the secondary domain name server for the specified domain.

Interfaces

Interface: Lists the available interfaces on the node.
Mode: Specifies whether the port is enabled or disabled and if enabled, the port assignment.
DHCP: Specifies whether DHCP is enabled or disabled.
IP address: Specifies the static IP address of the appliance on the network
Netmask: Specifies the netmask used to divide the IP address into subnets.
Gateway: Specifies the IP address for the gateway node on the network.
Routes: Specifies network route information if DHCP is disabled.
MAC Address: Specifies the MAC address of the appliance
IPv6: Specifies whether IPv6 is enabled or disabled.

Connectivity

The Connectivity page provides options that enable you to view and modify your network settings.

Interface Status

In physical ExtraHop appliances, an Interface Status section appears on the Connectivity page. This section displays a diagram of the following interface connections on the back of the appliance:

Blue Ethernet Port:: Identifies the management port.
Black Ethernet Port:: Indicates that the port is licensed and enabled but down.
Green Ethernet Port:: Indicates that the licensed port has an active Ethernet cable connected.
Gray Ethernet Port:: Identifies a disabled or unlicensed port.

Network Settings

Hostname: The name of the appliance on the network.
Primary DNS: The IP address of the primary domain name server for the specified domain.
Secondary DNS: (Optional) The IP address of the secondary domain name server for the specified domain.

Proxy Settings

Enable Global Proxy:: Provides the ability to enable proxy support for connection to the Command appliance.
Enable ExtraHop Cloud Proxy:: Provides the ability to enable proxy support for connection to ExtraHop Cloud services and the Atlas Remote UI.

Bond Interface Settings

Create Bond Interface:: Provides the ability to bond multiple interfaces together into a single logical interface that will use a single IP address for the combined bandwidth of the bond members. Only 1GbE ports are supported for bond interfaces. This is also known as link aggregation, port trunking, link bundling, Ethernet/network/NIC bonding, or NIC teaming.

Note:

Creating bond interfaces will cause you to lose connectivity to your ExtraHop appliance. You must make changes to your network switch configuration to restore that connectivity. The changes required depend on which switch you are using. Contact ExtraHop Support for assistance before you create a bond interface.

Interfaces

Interface: Displays the interface number.
Mode: Displays whether the port is enabled or disabled and if enabled, the port assignment.
Link Speed: Displays the link speed for the interface on physical appliances. Virtual appliances always display N/A.
DHCP: Displays whether DHCP is enabled or disabled.
IP Address: Displays the static IP address of the ExtraHop appliance on the network.
Netmask: Displays the netmask configured to divide the IP address into subnets.
Gateway: Displays the IP address for the gateway node on the network.
Routes: Displays configured static route information.
MAC Address: Displays the MAC address of the ExtraHop appliance.
IPv6: Displays whether IPv6 is enabled or disabled.

Change the network settings

To change the network settings:

In the Network Settings section, click Connectivity.
In the Network Settings section, click Change.
The Edit Hostname page appears with the following editable fields:

Hostname

Specifies the descriptive device name for the appliance on the network. Devices on the network can be identified by their IP address, MAC address, or by the descriptive name defined in this setting.

Primary DNS

Specifies the computer that stores the record of the network’s domain name, which is used to translate domain names specified in alpha-numeric characters into IP addresses. Each domain requires a primary domain name server and at least one secondary domain name server.

Secondary DNS

Functions as the backup server to the primary DNS.
Change the settings as needed and click Save.

Configure the RPCAP settings

After you configure an interface as an RPCAP target, configure the RPCAP settings.

Note:

You must specify an interface address or an interface name. If you specify both, then both settings will apply.

In the Network Settings section, click Connectivity.
In the RPCAP Settings section, complete one of the following actions:
- Click the port number in the Port field to edit an existing port definition.
- Click Add to add a new port definition.
In the Add RPCAP Port Definition section, edit the following settings as needed:

Port: Specifies the listening port on the ExtraHop appliance. Each port must be unique for each interface subnet on the same server. You can configure different subnets across servers with the same port, which can be a TCP and UDP port. If you are configuring multiple software taps and multiple software tap listeners, the payload might traverse a range of UDP ports. The range consists of 16 ports, starting with the specified port.

Interface Address: Specifies the subnet on the software tap server. If the server has multiple interfaces that match the interface address, the first interface on the server sends traffic to the ExtraHop appliance unless the interface name is specified. By default, the interface address is set to *, which means the Discover appliance will accept packets from any IP address or CIDR range.
For example, 10.10.0.0/24 forwards all traffic on the system that is part of that CIDR range, * is a wildcard that will match all traffic on the system, or 10.10.0.1 will send traffic that matches the netmask of the local interface.

Interface Name: Specifies the interface on the packet-forwarding server from which to forward packets. For example, eth0 in a Linux environment or \Device\NPF_{2C2FC212-701D-42E6-9EAE-BEE969FEFB3F} in a Windows environment.

Filter: Specifies the traffic to forward with Berkeley Packet Filter (BPF) syntax. For example, tcp port 80 forwards only TCP traffic on port 80, and not tcp port 80 forwards only non-TCP traffic on port 80. For more information about BPF syntax, see http://biot.com/capstats/bpf.html.
Click Save.

Modify an interface

In the Network Settings section, click Connectivity.

In the Interfaces section, click the name of the interface you want to modify.

The Network Settings for Interface page appears with the following editable fields:

Interface Mode

Each interface can be configured as follows:

Interface	Interface mode
Interface 1 (10 GbE)	Disabled Management Port Management Port + RPCAP/ERSPAN/VXLAN Target RPCAP and ERSPAN is processed at a rate of 1 Gbps.
Interface 2 (10 GbE)	Disabled Management Port Management Port + RPCAP/ERSPAN/VXLAN Target RPCAP and ERSPAN is processed at a rate of 1 Gbps.
Interface 3	Disabled Monitoring Port (receive only) Management Port Management Port + RPCAP/ERSPAN/VXLAN Target
Interface 4	Disabled Monitoring Port (receive only) Management Port Management Port + RPCAP/ERSPAN/VXLAN Target
Interface 5	Disabled Monitoring Port (receive only)
Interface 6	Disabled Monitoring Port (receive only)

The ExtraHop system supports the following ERSPAN implementations:

ERSPAN Type I
ERSPAN Type II
ERSPAN Type III
Transparent Ethernet Bridging. ERSPAN-like encapsulation commonly found in virtual switch implementations such as the VMware VDS and Open vSwitch.

Virtual Extensible LAN (VXLAN) packets are received on UDP port 4789.

Important:

If you only have one management interface configured and you set the interface mode to Disabled and click Save, you will lose your access to the node until the appliance is manually restarted.

Interface Speed

Select an interface speed. Auto-negotiate is selected by default, however, you should manually select a speed if it is supported on your appliance, network transceiver, and network switch. Choose from:

Auto-negotiate
10 Gbps
25 Gbps

Important:

When you change the interface speed to Auto-negotiate, you might need to restart the appliance before the change takes effect.

Enable DHCPv4

is enabled by default. When you turn on the system, Interface 3 attempts to acquire an IP address through DHCP. After the DHCP server assigns an IP address to a physical appliance, the IP address appears on the LCD screen on the front of the appliance.

If your network does not support DHCP, you can disable DHCP and configure a static IP address.

To disable DHCP, clear the Enable DHCPv4 checkbox and click Save. When the browser changes to the new network address, log into the Admin UI again.

If you are changing from a static IP address to a DHCP-acquired IP address, the changes occur immediately after clicking Save, which results in a loss of connection to the Admin UI. After the system acquires an IP address, log into the Admin UI again.

IPv4 Address: If you do not have DHCP enabled, you must manually configure a static IP address.
Netmask: If you do not have DHCP enabled, you must enter the netmask for your network.
Gateway: If you do not have DHCP enabled, you must enter the gateway address.
Enable IPv6: For more information about configuring IPv6, see Enable IPv6 for an interface.
Routes: If you do not have DHCP enabled, you can manually set a static route to determine where the traffic goes. For more information about configuring static routes, see Set a static route.

Change the settings as needed and then click Save.

Enable IPv6 for an interface

In the Network Settings section, click Connectivity.
In the Interfaces section, click the name of the interface you want to configure.
On the Network Settings for Interface <interface number> page, select Enable IPv6.
IPv6 configuration options appear below Enable IPv6.
(Optional): Configure IPv6 addresses for the interface.
- To automatically assign IPv6 addresses through DHCPv6, select Enable DHCPv6.
  Note: If enabled, DHCPv6 will be used to configure DNS settings.
- To automatically assign IPv6 addresses through stateless address autoconfiguration, select one of the following options from the Stateless Address Autoconfiguration list:
  
  Use MAC address
  
  Configures the appliance to automatically assign IPv6 addresses based on the MAC address of the appliance.
  
  Use stable private address
  
  Configures the appliance to automatically assign private IPv6 addresses that are not based on hardware addresses. This method is described in RFC 7217.
- To manually assign one or more static IPv6 addresses, type the addresses in the Static IPv6 Addresses field.
To enable the appliance to configure Recursive DNS Server (RDNSS) and DNS Search List (DNSSL) information according to router advertisements, select RDNSS/DNSSL.
Click Save.

Set a static route

Before you begin

You must disable DHCPv4 before you can add a static route.

On the Edit Interface page, ensure that the IPv4 Address and Netmask fields are complete and saved, and click Edit Routes.
In the Add Route section, type a network address range in CIDR notation in the Network field and IPv4 address in the Via IP field and then click Add.
Repeat the previous step for each route you want to add.
Click Save.

Global proxy server

If your network topology requires a proxy server to enable your ExtraHop appliance to communicate either with a Command appliance or with other devices outside of the local network, you can enable your ExtraHop appliance to connect to a proxy server you already have on your network. Internet connectivity is not required for the global proxy server.

Note:

Only one global proxy server can be configured per ExtraHop appliance.

Configure a global proxy server

In the Network Settings section, click Connectivity.
Click Enable Global Proxy or click on the name of an existing global proxy that you want to modify.
On the Global Proxy Settings page, type the following information:

Hostname: The hostname or IP address for your global proxy server.

Port: The port number for your global proxy server.

Username: The name of a user that has for access to your global proxy server.

Password: The password for the user specified above.
Click Save.

Remove the global proxy server

In the Network Settings section, click Connectivity.
Click Change Global Proxy.
Click Delete, and then click OK.

ExtraHop Cloud proxy

If your ExtraHop appliance does not have a direct internet connection, you can connect to the internet through a proxy server specifically designated for ExtraHop Cloud services and Atlas connectivity. Only one proxy can be configured per ExtraHop appliance.

Note:

If no cloud proxy server is enabled, the ExtraHop appliance will attempt to connect through the global proxy. If no global proxy is enabled, the ExtraHop appliance will connect through an HTTP proxy to enable the services.

Configure an ExtraHop Cloud proxy server

In the Network Settings section, click Connectivity.
Click Enable ExtraHop Cloud Proxy. Click Change ExtraHop Cloud Proxy to modify an existing configuration.
Click Enable ExtraHop Cloud Proxy.
Type the hostname or IP address for your proxy server.
Type the port number for your proxy server, such as 8080.
(Optional): If required, type a username and password for your proxy server.
Click Save.

Remove the ExtraHop Cloud proxy server

In the Network Settings section, click Connectivity.
Click Change ExtraHop Cloud Proxy.
Click Delete, and then click OK.

Bond interfaces

You can bond multiple 1GbE interfaces on your ExtraHop appliance together into a single logical interface that has one IP address for the combined bandwidth of the member interfaces. Bonding interfaces enable a larger throughput with a single IP address. This configuration is also known as link aggregation, port channeling, link bundling, Ethernet/network/NIC bonding, or NIC teaming. Only 1GbE interfaces are supported for bond interfaces. Bond interfaces cannot be set to monitoring mode.

Note:

When you modify bond interface settings, you lose connectivity to your ExtraHop appliance. You must make changes to your network switch configuration to restore connectivity. The changes required are dependent on your switch. Contact ExtraHop Support for assistance before you create a bond interface.

Interfaces chosen as members of a bond interface are no longer independently configurable and are shown as Disabled (bond member) in the Interfaces section of the Connectivity page. After a bond interface is created, you cannot add more members or delete existing members. The bond interface must be destroyed and recreated.

Create a bond interface

You can create a bond interface with at least one interface member and up to the number of members that are equivalent to the number of 1GbE interfaces on your ExtraHop appliance.

In the Network Settings section, click Connectivity.
Click Create Bond Interface.
Configure the following options:

Members: Select the checkbox next to each interface you want to include in the bonding. Only 1GbE ports that are currently available for bond membership appear.

Take Settings From: Select the interface that has the settings you want to apply to the bond interface. Settings for all non-selected interfaces will be lost.

Bond Type: Specify whether to create a static bond or a dynamic bond through IEEE 802.3ad Link Aggregation (LACP).

Hash Policy: Specify the hash policy. The Layer 3+4 policy balances the distribution of traffic more evenly across interfaces; however, this policy is not fully compliant with 802.3ad standards. The Layer 2+3 policy balances traffic less evenly and is compliant with 802.3ad standards.
Click Create.

Refresh the page to display the Bond Interfaces section. Any bond interface member whose settings were not selected in the Take Settings From drop-down menu are shown as Disabled (bond member) in the Interfaces section.

Modify bond interface settings

After a bond interface is created, you can modify most settings as if the bond interface is a single interface.

In the Network Settings section, click Connectivity.
In the Bond Interfaces section, click the bond interface you want to modify.
On the Network Settings for Bond Interface <interface number> page, modify the following settings as needed:

Members: The interface members of the bond interface. Members cannot be changed after a bond interface is created. If you need to change the members, you must destroy and recreate the bond interface.

Bond Mode: Specify whether to create a static bond or a dynamic bond through IEEE 802.3ad Link Aggregation (LACP).

Interface Mode: The mode of the bond membership. A bond interface can be Management or Mangement+RPCAP/ERSPAN Target only.

Enable DHCPv4: If DHCP is enabled, an IP address for the bond interface is automatically obtained.

Hash Policy: Specify the hash policy. The Layer 3+4 policy balances the distribution of traffic more evenly across interfaces; however, it is not fully compliant with 802.3ad standards. The Layer 2+3 policy balances traffic less evenly; however, it is compliant with 802.3ad standards.

IPv4 Address: The static IP address of the bond interface. This setting is unavailable if DHCP is enabled.

Netmask: The network netmask for the bond interface.

Gateway: The IP address of the network gateway.

Routes: The static routes for the bond interface. This setting is unavailable if DHCP is enabled.
Click Save.

Destroy a bond interface

When a bond interface is destroyed, the separate interface members of the bond interface return to independent interface functionality. One member interface is selected to retain the interface settings for the bond interface and all other member interfaces are disabled. If no member interface is selected to retain the settings, the settings are lost and all member interfaces are disabled.

In the Network Settings section, click Connectivity.
In the Bond Interfaces section, click the red X next to the interface you want to destroy.
On the Destroy Bond Interface <interface number> page, select the member interface to move the bond interface settings to. Only the member interface selected to retain the bond interface settings remains active, and all other member interfaces are disabled.
Click Destroy.

Notifications

The ExtraHop appliance can send alert notifications through email and SNMP traps. If SNMP is specified, then every alert is sent as an SNMP trap to the specified SNMP server. In addition, you can send alerts to a remote server through a syslog export.

The Notifications section in the Network Settings section of the Admin UI includes the following configurable settings.

Email Server and Sender: Configure the email server and sender settings.
Email Addresses: Add individual email addresses to receive system health notifications.
SNMP: Set up SNMP network monitoring.
Syslog: Send appliance data to another system for archiving and correlation.

Configure the Email Server and Sender settings

In the Network Settings section, click Notifications.
Click Email Server and Sender.

Type the IP address or hostname for the outgoing SMTP mail server in the SMTP Server field.

Note:

The SMTP server should be the fully qualified domain name (FQDN) or IP address of an outgoing mail server that is accessible from the ExtraHop management network. If the DNS server is set, then the SMTP server can be a FQDN, otherwise it needs to be an IP address.

Type the port number for SMTP communication in the SMTP Port field. The default port number is 25.
Select one of the following encryption methods from the Encryption drop-down list:
- None. SMTP communication is not encrypted.
- SSL/TLS. SMTP communication is encrypted through the Secure Socket Layer/Transport Layer Security protocol.
- STARTTLS. SMTP communication is encrypted through STARTTLS.

Type the email address for the notification sender in the Sender Address field.

Note:

The displayed sender address might be changed by the SMTP server. When sending through a Google SMTP server, for example, the sender email is changed to the username supplied for authentication, instead of the originally entered sender address.

Select the Enable SMTP authentication checkbox and then type the SMTP server setup credentials in the Username and Password fields.
Click Save.

Test email settings

To confirm that the ExtraHop appliance can communicate with the SMTP server:

In the Network Settings section, click Notifications.
Click Email Server and Sender.
Click Test Settings.
Enter an email address to receive the test email and then click Send.

Email addresses

You can send system storage alerts to individual recipients. Alerts are sent under the following conditions:

A physical disk is in a degraded state.
A physical disk has an increasing error count.

Add a new notification email address

To add a new disk notification email address:

In the Network Settings section, click Notifications.
Under Notifications, click Email Addresses.
In the Email address text box, type the recipient email address.
Click Save.

Delete a disk notification email address

To delete a disk notification email address:

In the Network Settings section, click Notifications.
Under Notifications, click Email Addresses.
Click the red delete icon (X) to the right of the email address.
On the Delete page, click OK.

The running config changes when you add or remove an email address. To preserve your changes, click View and Save Changes. For more information, see the Running Config section.

SNMP

The state of the network is monitored through the Simple Network Management Protocol (SNMP). SNMP collects information by polling devices on the network or SNMP enabled devices send alerts to SNMP management stations. SNMP communities define the group that devices and management stations running SNMP belong to, which specifies where information is sent. The community name identifies the group.

Note:

Most organizations have an established system for collecting and displaying SNMP traps in a central location that can be monitored by their operations teams. For example, SNMP traps are sent to an SNMP manager, and the SNMP management console displays them.

Configure SNMP settings to send notifications to an SNMP manager

Simple Network Management Protocol (SNMP) is a standard way of monitoring hardware and software on a network. SNMP collects information both by polling devices on the network and when SNMP-enabled devices send alerts to SNMP management stations. SNMP communities specify the group that devices and management stations running SNMP belong to, which specifies where information is sent. The community name identifies the group.

Log into the Admin UI on the ExtraHop appliance.
In the Network Settings section, click Notifications.
Click SNMP.
In the SNMP Monitor field, type the hostname for the SNMP trap receiver. Multiple names can be entered, separated by commas.
In the SNMP Community field, enter the SNMP community name. SNMP community names are case-sensitive.
In the SNMP Port field, type the SNMP port number for your network that the SNMP agent responds back to the source port on the SNMP manager. By default, this value is set to 162.
Click Test Settings to verify that your SNMP settings are correct. If the settings are correct, you should see an entry in the SNMP log file on the SNMP server similar to the following:
```
Connection from UDP: [192.0.2.0]:42164->[ 192.0.2.255]:162
```
Where 192.0.2.0 is the IP address of your ExtraHop appliance and 192.0.2.255 is the IP address of the SNMP server.
Click Save.

Next steps

After you confirm that your new settings are working as expected, preserve your configuration changes through system restart and shutdown events by saving the Running Config file.

Download the ExtraHop SNMP MIB

SNMP does not provide a database of information that an SNMP monitored network reports. SNMP uses information defined by third-party management information bases (MIBs) that describe the structure of the collected data.

To download the ExtraHop SNMP MIB:

Go to the Network Settings section and click Notifications.
Under Notifications, click SNMP.
Under SNMP MIB, click the Download ExtraHop SNMP MIB.
The file is typically saved to the default download location for your browser.

Configure syslog notification settings

The syslog export enables you to send alerts from the ExtraHop appliance to any remote system that receives syslog input for long-term archiving and correlation with other sources.

Note:

To send syslog messages to your remote server, you must first configure the syslog notification settings. Only one remote syslog server can be configured for each ExtraHop appliance.

In the Network Settings section, click Notifications.
Click Syslog.
On the Syslog Notification Settings page, type the following information:

Destination: The IP address of the remote syslog server.

Protocol: From the drop-down, select which protocol to use to send information to your remote syslog server.

Port: The port number for your remote syslog server. By default, this is set to 514.
Click Test Settings to verify that your syslog settings are correct. If the settings are correct, you should see an entry in the syslog log file on the syslog server similar to the following:
```
Jul 27 21:54:56 extrahop name="ExtraHop Test" event_id=1
```
Click Save.

SSL certificate

SSL provides secure authentication to the Admin UI of the ExtraHop appliance. To enable SSL, a SSL certificate must be uploaded to the appliance.

A self-signed certificate can be used in place of a certificate signed by a Certificate Authority. However, be aware that a self-signed certificate generates an error in the client browser reporting that the signing certificate authority is unknown. The browser provides a set of confirmation pages to allow the use of the certificate, even though the certificate is self-signed.

Generate a self-signed certificate

In the Network Settings section, click SSL Certificate.
Click Manage certificates to expand the section.
Click Build SSL self-signed certificate based on hostname.
On the Generate Certificate page, click OK to generate the SSL self-signed certificate.

Note: The default hostname is extrahop.

Upload an SSL certificate

You must upload a .pem file that includes both a private key and either a self-signed certificate or a certificate-authority certificate.

Note:

The .pem file must not be password protected.

In the Network Settings section, click SSL Certificate.
Click Manage certificates to expand the section.
Click Choose File and navigate to the certificate that you want to upload.
Click Open.
Click Upload.

Create a certificate signing request from your ExtraHop appliance

A certificate signing request (CSR) is a block of encoded text that is given to your Certificate Authority (CA) when you apply for an SSL certificate. The CSR is generated on the ExtraHop appliance where the SSL certificate will be installed and contains information that will be included in the certificate such as the common name (domain name), organization, locality, and country. The CSR also contains the public key that will be included in the certificate. The CSR is created with the private key from the ExtraHop appliance, making a key pair.

Log into the Admin UI on your ExtraHop appliance.
In the Network Settings section, click SSL Certificate.
Click Manage certificates and then click Export a Certificate Signing Request (CSR).
In the Subject Alternative Names section, type the DNS name of the ExtraHop appliance. You can add multiple DNS names and IP addresses to be protected by a single SSL Certificate.

In the Subject section, complete the following fields. Only the Common Name field is required.

Field	Description	Examples
Common Name	The fully qualified domain name (FQDN) of the ExtraHop appliance. The FQDN must match one of the Subject Alternative Names.	*.example.com discover.example.com
E-mail Address	The email address of the primary contact for your organization.	webmaster@example.com
Organizational Unit	The division of your organization handling the certificate.	IT Department
Organization	The legal name of your organization. This entry should not be abbreviated and should include suffixes such as Inc, Corp, or LLC.	Example, Inc.
Locality/City	The city where your organization is located.	Seattle
State/Province	The state or province where your organization is located. This entry should not be abbreviated.	Washington
Country Code	The two-letter ISO code for the country where your organization is located.	US

Click Export. The CSR file is automatically downloaded to your computer.

Next steps

Send the CSR file to your certificate authority (CA) to have the CSR signed. When you receive the SSL certificate from the CA, return to the SSL Certificate page in the Admin UI and upload the certificate to the ExtraHop system.

Add a trusted certificate to your ExtraHop appliance

Your ExtraHop appliance only trusts peers who present a TLS certificate that is signed by one of the built-in system certificates or any certificates that you upload. Only SMTP and LDAP connections are validated through these certificates.

Before you begin

You must be a user with unlimited privileges to add or remove trusted certificates.

Important:

To trust the built-in system certificates and any uploaded certificates, you must also enable SSL certificate validation on the LDAP Settings page or Email Settings page.

Log into the Admin UI.
In the Network Settings section, click Trusted Certificates.
The ExtraHop appliance ships with a set of built-in certificates. Select Trust System Certificates if you want to trust these certificates, and then click Save.
To add your own certificate, click Add Certificate and then paste the contents of the PEM-encoded certificate chain into the Certificate field
Type a name into the Name field and click Add.

Important:

ExtraHop appliances only accept modern SSL configurations, which includes TLS 1.2 and the cipher suites listed below. Note that the ExtraHop Web UI will not display in Internet Explorer 11 unless TLS 1.0, TLS 1.1, and TLS 1.2 are turned on in the advanced settings for Internet Explorer 11.

ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256

Next steps

Configure LDAP and SMTP settings to validate outbound connections with the trusted certificates.

Access Settings

In the Access Settings section, you can change passwords, enable the support account, and specify users in the ExtraHop appliances for remote authentication. The Access Settings section has the following configurable settings:

Password: Change the password for user accounts.
Support Account: Enable troubleshooting assistance from ExtraHop Support.
Users: Add and delete users, and modify user privileges.
Sessions: View and terminate user sessions on the Admin UI.
Remote Authentication: Enable users to log on to the Admin UI with their existing credentials.
API Access: Manage the settings that enable you to perform operations through the ExtraHop REST API.
User Groups: View and manage user groups imported from a configured LDAP server. The User Groups page appears only on ExtraHop Discover and Command appliances.

Change password

Users with administrative privileges to the Admin UI on the appliance can change the password for any user that has an account stored locally in the appliance. For more information about privileges for specific Admin UI users and groups, see the Users section.

Change the default password for the setup user

It is recommended that you change the default password for the setup user on the ExtraHop appliance after you log in for the first time. To remind administrators to make this change, there is a blue Change Password button at the top of the page while the setup user is accessing the Admin UI. After the setup user password is changed, the button at the top of the page no longer appears.

Note:

The password must be a minimum of 5 characters.

In the Admin UI, click the blue Change default password button.
The Change Password page displays without the drop-down menu for accounts. The password will change for the setup user only.
Type the default password in the Old password field.
Type the new password in the New password field.
Retype the new password in the Confirm password field.
Click Save.

Support account

Support accounts provide access for the ExtraHop Support team to help customers troubleshoot issues with the ExtraHop appliance and to provide remote analysis reports through Atlas Services.

These settings should be enabled only if the ExtraHop system administrator requests hands-on assistance from the ExtraHop Support team or if your organization is subscribed to Atlas Services.

Enable the Support account

In the Access Settings section, click Support Account.
Click Support Account.

Note: On a Command, Explore, and Trace appliance, this step is unnecessary.
Click Enable Support Account.
Copy the encrypted key from the text box and email the key to support@extrahop.com.
Click Done.

Regenerate the Support account key

In the Access Settings section, click Support Account.
Click Support Account.

Note: On a Command, Explore, and Trace appliance, this step is unnecessary.
Click Regenerate Key.
Click Regenerate.
Copy the encrypted key from the text box and email the key to support@extrahop.com.
Click Done.

Disable the Support account

In the Access Settings section, click Support Account.
Click Support Account.

Note: On a Command, Explore, and Trace appliance, this step is unnecessary.
Click Disable Support Account.

Users

The Users page provides controls to add and delete users, and to change a user's access privileges in the ExtraHop appliance. Users with administrator-level privileges can add other users.

User accounts can be locally or remotely authenticated and authorized. For more information, see the Remote Authentication section.

The following default accounts are configured on the ExtraHop appliance:

setup: The setup account provides full system read and write privileges on the Web UI, Admin UI, and Shell, which is the ExtraHop command-line interface (CLI). For physical appliances, the default password for this account is the service tag number on the right-front bracket of the ExtraHop appliance. For virtual appliances, the password is default.
shell: The shell account permits access to non-administrative shell commands in the ExtraHop command-line interface (CLI). When accessing the privileged system configuration shell commands, the user types in enable and authenticates with the setup user password. For physical appliances, the default password for this account is the service tag number on the right-front bracket of the ExtraHop appliance. For virtual appliances, the password is default.

Note:

The default ExtraHop password for Amazon Web Services (AWS) users is the string of numbers after the -i in the instance ID.

When a user is authenticated and authorized locally, the user appears immediately in the managed users list. User privileges are managed in the ExtraHop appliance.
When user is authenticated remotely but its authorization is managed locally, the user appears in the managed users list after the first login. The user's permissions are managed in the ExtraHop appliance.
When a user is both authenticated and authorized remotely, the user does not appear in the managed users list. The user's permissions are managed in the remote server.

Note:

The local user account overrides all remote user account settings.

Add a user

In the Access Settings section, click Users.
Click Add User.
In the Personal Information section, type the following information:

Login ID: The username for the account. This is the name users will log in with and should not contain any spaces.

Full Name: A display name for the user.

Password: The new user password. The password must be a minimum of 5 characters

Confirm Password: Re-type the password from the previous field.
Click Save.

User privileges

Administrators determine the level of access and functionality users have with the ExtraHop Web and Admin UIs. In addition to setting the privilege level for the user, you can add certain options that can apply to any user privilege level.

For information about user privileges for the REST API, see the REST API Guide.

Privilege Levels

Set the privilege level for your user to determine which areas of the ExtraHop appliance they can access.

	Unlimited	Full Write	Limited Write	Personal Write	Full Read-Only	Restricted Read-Only
Activity Maps
Create, view, and load shared activity maps	Y	Y	Y	Y	Y	N
Save activity maps	Y	Y	Y	Y	N	N
Share activity maps	Y	Y	Y	N	N	N
Alerts
View alert history	Y	Y	Y	Y	Y	N
Create and modify alerts	Y	Y	N	N	N	N
Custom Pages
Create and modify custom pages	Y	Y	N	N	N	N
Dashboards
View and organize dashboards	Y	Y	Y	Y	Y	Y
Create and modify dashboards	Y	Y	Y	Y	N	N
Share dashboards	Y	Y	Y	N	N	N
Detections
View detections and provide feedback	Y	Y	Y	Y	Y	N
Analysis Priorities
View Analysis Priorities page	Y	Y	Y	Y	Y	N
Add and modify analysis levels for groups	Y	Y	N	N	N	N
Add devices to a watchlist	Y	Y	N	N	N	N
Transfer priorities management	Y	Y	N	N	N	N
Device Groups
Create and modify device groups	Y	Y	N	N	N	N
Metrics
View metrics	Y	Y	Y	Y	Y	N
Records (Explore appliance)
View record queries	Y	Y	Y	Y	Y	N
View record formats	Y	Y	Y	Y	Y	N
Create, modify, and save record queries	Y	Y	N	N	N	N
Create, modify, and save record formats	Y	Y	N	N	N	N
Scheduled Reports (Command appliance)
Create, view, and manage scheduled reports	Y	Y	Y	N	N	N
Triggers
Create and modify triggers	Y	Y	N	N	N	N
Administrative Privileges
Access the ExtraHop Admin UI	Y	N	N	N	N	N
Connect to other appliances	Y	N	N	N	N	N
Manage other appliances (Command appliance)	Y	N	N	N	N	N

Privilege Options

The following privilege options can be assigned to users with any privilege level.

View and download packets
View and download packets and session keys
View connected appliances (Command appliance only)

Sessions

The ExtraHop system provides controls to view and delete user connections to the web interface. The Sessions list is sorted by expiration date, which corresponds to the date the sessions were established. If a session expires or is deleted, the user must log in again to access the web interface.

Delete active sessions

When you delete an active session for a user, the user is logged out of the Admin UI. You can not delete the current user session.

In the Access Settings section, click Sessions.
Select the users that you want to delete.
- To delete a specific user, in the sessions table, click the red x at the end of the row for the specific user.
- To delete all active user sessions, click Delete All and then click OK.

Remote authentication

ExtraHop appliances supports remote authentication for user authentication. Remote authentication enables organizations that have authentication systems such as LDAP (such as OpenLDAP or Active Directory), RADIUS, or TACACS+ to enable all or a subset of their users to log on to the appliance with their existing credentials.

Centralized authentication provides the following benefits:

User password synchronization.
Automatic creation of ExtraHop accounts for users without administrator intervention.
Management of ExtraHop privileges based on LDAP groups.
Administrators can grant access to all known users or restrict access by applying LDAP filters.

Next steps

LDAP

The ExtraHop system supports the Lightweight Directory Access Protocol (LDAP) for authentication and authorization. ExtraHop LDAP authentication only queries for user accounts; it does not use any other entities that might be in the LDAP directory.

Users whose credentials are not stored locally are authenticated against the remote LDAP server by their username and password when they attempt to log onto the ExtraHop system. When a user attempts to log onto the ExtraHop UI, the ExtraHop system:

Attempts to authenticate the user locally.
Attempts to authenticate the user through the LDAP server if the user does not exist locally and the ExtraHop system is configured to use LDAP for remote authentication.
Logs the user on to the ExtraHop system if the user exists and the password is validated through LDAP. The LDAP password is not stored locally on the ExtraHop system.

If the user does not exist or an incorrect password is used, an error message appears with the login page.

Ensure that each user to be remotely authorized is in a permission-specific group on the LDAP server before beginning this procedure.

Configure LDAP authentication

In the Access Settings section, click Remote Authentication.
In the Methods section, select the LDAP option and click Continue.

Note: Clicking the back button in your browser during this procedure could result in lost changes.

On the LDAP Settings page, type the following information:

Hostname

Specifies the hostname or IP address of the LDAP server. Make sure that the of the ExtraHop appliance is properly configured if you use a hostname.

Port

Specifies the port on which the LDAP server is listening. Port 389 is the standard cleartext LDAP server port. Port 636 is the standard port for secure LDAP (ldaps/tls ldap).

Base DN

Specifies the base of the LDAP search used to find users. The base DN must contain all user accounts that will have access to the ExtraHop appliance. The users can be direct members of the base DN or nested within an OU within the base DN if the Whole Subtree option is selected for the Search Scope specified below. Consult your LDAP administrator to learn what your organization selects.

Active directory canonical name: example.com/people
LDAP base DN: ou=people,dc=example,dc=com

Server Type

Specifies the type of LDAP server. Select Posix or Active Direcrory.

Search Filter

Specifies the criteria used when searching the LDAP directory for user accounts. Examples include:

objectclass=person
objectclass=*
&(objectclass=person)(ou=webadmins)

A search filter of objectclass=* matches all entities and is the default wildcard.

Search Scope

Specifies the scope of the directory search when looking for user entities. Select one of the following options:

Single level: This option looks for users that exist in the base DN; not any subtrees. For example, with a Base DN value of dc=example,dc=com, the search would find a user uid=jdoe,dc=example,dc=com, but would not find uid=jsmith,ou=seattle,dc=example,dc=com.
Whole subtree: This option looks recursively under the base DN for matching users. For example, with a Base DN value of dc=example,dc=com, the search would find the user uid=jdoe,dc=example,dc=com and uid=jsmith,ou=seattle,dc=example,dc=com.

Bind DN

Specifies the Distinguished Name (DN) used by the ExtraHop appliance to authenticate with the LDAP server to perform the user search. The bind DN must have list access to the base DN and any OU, groups, or user account required for LDAP authentication. If this value is not set, then an anonymous bind is performed. Note that anonymous binds are not enabled on all LDAP servers. To verify whether anonymous binds are enabled, contact your LDAP administrator. Using the active directory canonical name example.com/people, Bind DN examples include: cn=admin, ou=users, dc=example,dc=com uid=nobody,ou=people,dc=example,dc=com

Note:

The standard login attribute for POSIX systems is uid. The standard login attribute for Active Directory systems is sAMAccountName.

Bind Password

Specifies the password used when authenticating with the LDAP server as the bind DN specified above. If you are using an anonymous bind, leave this setting blank. In some cases, an unauthenticated bind is possible, where you supply a Bind DN value but no bind password. Consult your LDAP administrator for the proper settings.

Encryption

Specifies if encryption should be used when making LDAP requests. Options include:

None: This options specifies the use of cleartext TCP sockets, typically port 389.
Warning: All passwords are sent across the network in cleartext in this mode.
LDAPS: This option specifies LDAP wrapped inside SSL, typically on port 636.
StartTLS: This option specifies the use of TLS LDAP, typically on port 389. (SSL is negotiated before any passwords are sent.)

Full Access DN

Specifies which users can access the Explore appliance admin UI. If a DN is specified, only users in the specified DN will be able to log in. If the field is left blank, all users in the base DN will be able to log in.

Refresh Interval

Specifies when LDAP user information is refreshed. Type a time value in the Refresh Interval field or leave the default setting of 1 hour. The refresh interval ensures that any changes made to user or group access on the LDAP server are updated on the ExtraHop appliance.

Click Test Settings.
If the test succeeds, the message LDAP settings test succeeded appears. If the test fails, the message LDAP settings test failed appears. Resolve any errors before continuing.
Click Save & Continue.
Click Done.

RADIUS

The ExtraHop appliance supports Remote Authentication Dial In User Service (RADIUS) for remote authentication and local authorization only. For remote authentication, the ExtraHop appliance supports unencrypted RADIUS and plaintext formats.

Configure RADIUS authentication

In the Access Settings section, click Remote Authentication.
In the Methods section, select RADIUS from the Remote authentication method drop-down, then click Continue.
On the Add RADIUS Server page, type the following information:

Host: The hostname or IP address of the RADIUS server. Make sure that the DNS of the ExtraHop appliance is properly configured if you use a hostname.

Secret: The shared secret between the ExtraHop appliance and the RADIUS server. Contact your RADIUS administrator to obtain the shared secret.

Timeout: The amount of time the ExtraHop appliance will wait for a response from the RADIUS server before it attempts to connect again.
Click Add Server.
Click Save and Finish.
Click Done.

Note: Remote users have full write access permissions to the Admin UI.

TACACS+

The ExtraHop appliance supports Terminal Access Controller Access-Control System Plus (TACACS+) for remote authentication and authorization.

Ensure that each user to be remotely authorized has the ExtraHop service configured on the TACACS+ server before beginning this procedure.

Configure TACACS+ authentication

Go to the Access Settings section and click Remote Authentication.
In the Methods section, select TACACS+ and click Continue.
On the Add TACACS+ Server page, enter the host, secret, and timeout information and click Add Server.
Add multiple servers as needed.
Click Continue.
Click Save & Finish.
Click Done.

Note: By default, remote users have full write access.

API access

The API Access page provides controls to generate, view, and manage access for the API keys that are required to perform operations through the ExtraHop REST API. This page also provides a link to the REST API Explorer.

Administrators, or users with unlimited privileges, control whether users can generate API keys. For example, you can prevent remote users from generating keys or you can disable API key generation entirely. When this functionality is enabled, API keys are generated by users, listed in the Keys section, and can be viewed only by the user who generated the key.

You must generate an API key before you can perform operations through the ExtraHop REST API. API keys can be viewed only by the user who generated the key. After you generate an API key, you must append the key to your request headers.

Note:

Administrators set up user accounts, and then users generate their own API key. Users can delete API keys for their own account, and users with unlimited privileges can delete API keys for any user. For more information, see the Users section.

Click the REST API Explorer link to open a web-based tool that enables you to try API calls directly on your ExtraHop appliance. The ExtraHop REST API Explorer also provides information about each resource and samples in cURL, Python 2.7, and Ruby.

See the ExtraHop REST API Guide for more information.

Manage API access

You can manage which users are able to generate API keys on the ExtraHop appliance.

In the Access Settings section, click API Access.
In the Manage Access section, select one of the following options:
- Allow all users to generate an API key
  Local and remote users can generate API keys.
- Only local users can generate an API key
  Only users created on the appliance can generate API keys.
- No users can generate an API key
  API keys cannot be generated. Selecting this option will delete any
Click Save Settings, then click OK, and then click Done.

Next steps

Save the changes to the running config file.

Enable CORS for the ExtraHop REST API

Cross-origin resource sharing (CORS) allows you to access the ExtraHop REST API across domain-boundaries and from specified web pages without requiring the request to travel through a proxy server.

You can configure one or more allowed origins or you can allow access to the ExtraHop REST API from any origin. Only administrative users with unlimited privileges can view and edit CORS settings.

Add an allowed origin

You can configure one or more allowed origins or you can allow access to the ExtraHop REST API from any origin.

In the Access Settings section, click API Access.
In the CORS Settings section, specify one of the following access configurations.
- To add a specific URL, type an origin URL in the text box, and then click the plus (+) icon or press ENTER.
  The URL must include a scheme, such as HTTP or HTTPS, and the exact domain name. You cannot append a path; however, you can provide a port number.
- To allow access from any URL, select the Allow API requests from any Origin checkbox.
  Note: Allowing REST API access from any origin is less secure than providing a list of explicit origins.
Click Save Settings and then click Done.

Delete an allowed origin

You can delete a URL from the list of allowed origins or disable access from all origins.

In the Access Settings section, click API Access.
In the CORS Settings section, modify one of the following access configurations.
- To delete a specific URL, click the delete (X) icon next to the origin you want to delete.
- To disable access from any URL, clear the Allow API requests from any Origin checkbox.
Click Save Settings.

Generate an API key

After you log into the ExtraHop appliance, if API key generation is enabled, you can generate an API key.

In the Access Settings section, click API Access.
In the API Keys section, enter a description for the key, and then click Generate.

Delete an API key

In the Access Settings section, click API Access.
In the Keys section, click the X next to the API key you want to delete.
Click OK.

Appliance Settings

You can configure the following components of the ExtraHop appliance in the Appliance Settings section.

Running Config: Download and modify the running configuration file.
Services: Enable or disable the Web Shell, management GUI, SNMP service, and SSH access. The Services page appears only on ExtraHop Discover and Command appliances.
Firmware: Upgrade the ExtraHop system firmware.
System Time: Configure the system time.
Shutdown or Restart: Halt and restart system services.
License: Update the license to enable add-on modules.
Disks: Provides information about the disks in the appliance.
Reset Packetstore: Delete all packets stored on the ExtraHop Trace appliance. The Reset Packetstore page appears only on the Trace appliance.

Running config

The Running Config page provides an interface to view and modify the code that specifies the default system configuration and save changes to the current running configuration so the modified settings are preserved after a system restart.

The following controls are available to manage the default running system configuration settings:

Save config or Revert config: Save changes to the current default system configuration. The Revert config option appears when there are unsaved changes.
Edit config: View and edit the underlying code that specifies the default ExtraHop appliance configuration.
Download config as a file: Download the system configuration to your workstation.

Note:

Making configuration changes to the code on the Edit page is not recommended. You can make most system modifications through other pages in the Admin UI.

Saving running config changes

When you modify any of the ExtraHop appliance default system configuration settings, you need to confirm the updates by saving the new settings. If you do not save the new settings, they will be lost when your ExtraHop appliance is rebooted.

The Save page includes a diff feature that displays the changes. This feature provides a final review step before you write the new configuration changes to the default system configuration settings.

When you make a change to the running configuration, either from the Edit Running Config page, or from another system settings page in the Admin UI, changes are saved in memory and take effect immediately, but they are not usually saved to disk. If the system is restarted before the running configuration changes are saved to disk, those changes will be lost.

As a reminder that the running configuration has changed, the Admin UI provides the following three notifications:

Save Configuration: The Admin UI displays a button on the specific page that you modified to remind you to save the change to disk. When you click View and Save Changes, the UI redirects to the Save page described above.
Running Config*: The Admin UI adds a red asterisk (*) next to the Running Config entry on the Admin UI main page. This asterisk indicates that the running configuration has been changed, but it has not been saved to disk.
Save*: The Admin UI adds a red asterisk (*) next to the Save entry on the Running Config page. This asterisk indicates that the running configuration has been changed, but it has not been saved to disk.

After you make changes to the running configuration, the Running Config page displays another entry through which you can revert the changes.

Save system configuration settings

To save any modified system configuration settings:

Click Running Config.
Click Save config.
Review the comparison between the old running config and the current (new) running config.
If the changes are correct, click Save.
Click Done.

Revert system configuration changes

To revert your changes without saving them to disk:

Click Running Config.
Click Revert config.
Click Revert.
Click OK.
Click Done.

Edit running config

The ExtraHop Admin UI provides an interface to view and modify the code that specifies the default system configuration. In addition to making changes to the running configuration through the settings pages in the Admin UI, changes can also be made on the Running Config page.

Note:

Do not modify the code on the Running Config page unless instructed by ExtraHop Support.

Download the running config as a text file

You can download the running config file as a text file to your workstation. We recommend that you save a copy of this file in case of an unexpected system failure. The saved running config file can be uploaded to an ExtraHop appliance to restore system customizations and settings.

Log into the Admin UI on the ExtraHop appliance.
In the Appliance Settings section, click Running Config.
Click Download config as a file.

The current running configuration is downloaded as a text file to the default download location for your browser.

Firmware

The Admin UI provides an interface to upload and delete the firmware on ExtraHop appliances.

The Admin UI includes the following firmware configuration settings:

Upgrade: Upload and install new ExtraHop appliance firmware versions.
Delete: Select and delete installed firmware versions from the ExtraHop appliance.

You can download the latest firmware at the ExtraHop Customer Portal. A checksum of the uploaded firmware is usually available in the same download location as the .tar firmware file. If there is an error during firmware installation, ExtraHop Support might ask you to verify the checksum of the firmware file.

Firmware images that you want to upload must be accessible from the computer on which you are running the web browser.

Note:

If you are upgrading the firmware on a Command appliance, first upgrade the Command appliance, next update all Discover appliances, and finally upgrade each Explore and Trace appliance individually. To function correctly, the Command appliance and Discover appliances must have the same minor version of ExtraHop firmware.

Upgrade the firmware on your ExtraHop appliance

The following procedure shows you how to upgrade your ExtraHop appliance to the latest firmware release. While the firmware upgrade process is similar across all ExtraHop appliances, some appliances have additional considerations or steps that you must address before you install the firmware in your environment. If you need assistance with your upgrade, contact ExtraHop Support.

Pre-upgrade checklist

Here are some important considerations and requirements about upgrading ExtraHop appliances.

If you have multiple types of ExtraHop appliances, you must upgrade them in the following order:
1. Command appliance
2. Discover appliances
3. Explore appliances
4. Trace appliances
If you have a Command appliance, apply the following guidance:
- For large Command appliance deployments (managing 50,000 devices or more), reserve a minimum of one hour to perform the upgrade.
- The Command appliance firmware version must be greater than or equal to the firmware version of all connected appliances.
If you have Explore appliances, apply the following guidance:
- You must halt the ingest of records from Command and Discover appliances before upgrading. Temporarily remove any connected Explore appliances, or alternatively, disable triggers that commit records and disable the automatic flow records setting. You can re-enable these settings after the Explore cluster status returns to green.
- You must upgrade all Explore nodes in an Explore cluster. Note that during the upgrade, any nodes on different firmware versions might be unable to communicate with each other. During the upgrade process, the message "Error determining cluster state" might appear in the Explore Cluster settings section in the Admin UI of any node. After all of the nodes in the cluster are upgraded, the message no longer appears.

Upgrade the firmware

Download the firmware for the appliance from the ExtraHop Customer Portal to your computer.
Log into the Admin UI on the ExtraHop appliance.
In the Appliance Settings section, click Firmware.
Click Upgrade.
On the Upgrade Firmware page, select one of the following options:
- To upload firmware from a file, click Choose File, navigate to the .tar file you want to upload, and click Open.
- To upload firmware from a URL, click retrieve from URL instead and then type the URL in the Firmware URL field.
If you do not want to automatically restart the appliance after the firmware is installed, clear the Automatically restart appliance after installation checkbox.
Click Upgrade.
The ExtraHop appliance initiates the firmware upgrade. You can monitor the progress of the upgrade with the Updating progress bar. The appliance restarts after the firmware is installed.

If you did not choose to automatically restart the appliance, click Reboot to restart the system.

After the firmware update is installed successfully, the ExtraHop appliance displays the version number of the new firmware on the Admin UI.

Note:

Your browser might time out after 5 minutes of inactivity. Refresh the browser page if the update appears incomplete.

If the browser session times out before the ExtraHop appliance is able to complete the update process, you can try the following connectivity tests to confirm the status up the upgrade process:

Ping the appliance from the command line of another appliance or client workstation.
From the Admin UI on a Command appliance, view the appliance status on the Manage Connected Appliances page.
Connect to the appliance through the iDRAC interface.

If you disconnected any Explore appliances from Command and Discover appliances, make sure to reconnect them. If you disabled any triggers or automatic flow records, make sure to re-enable those settings.

Delete firmware versions

The ExtraHop appliance stores every firmware image that has been uploaded to the system. For maintenance purposes, these firmware images can be deleted from the system.

In the Appliance Settings section, click Firmware.
Click Delete.
On the Remove Version page, select the checkbox next to the firmware images that you want to delete or select the Check all checkbox.
Selecting the All option does not allow you to select and delete the active firmware version.
Click Delete Selected.
Click OK.

System time

When capturing data, it is helpful to have the time on the ExtraHop appliance match the local time of the router. The ExtraHop appliance can set time locally or synchronize time with a time server. By default, system time is set locally, but we recommend that you change this setting and set time through a time server.

The System Time page displays the current configuration and the status of all configured NTP servers.

In the System Time section, the following information appears:

Time Zone. Displays the currently selected time zone.
System Time. Displays the current system time.
Time Servers. Displays a comma-separated list of configured time servers.

The following information for each configured NTP server appears in the NTP Status table:

remote: The host name or IP address of the remote NTP server you have configured to synchronize with.
st: The stratum level, 0 through 16.
t: The type of connection. This value can be u for unicast or manycast, b for broadcast or multicast, l for local reference clock, s for symmetric peer, A for a manycast server, B for a broadcast server, or M for a multicast server
when: The last time when the server was queried for the time. The default value is seconds, or m is displayed for minutes, h for hours, and d for days.
poll: How often the server is queried for the time, with a minimum of 16 seconds to a maximum of 36 hours.
reach: Value that shows the success and failure rate of communicating with the remote server. Success means the bit is set, failure means the bit is not set. 377 is the highest value.
delay: The round trip time (RTT) of the ExtraHop appliance communicating with the remote server, in milliseconds.
offset: Indicates how far off the ExtraHop appliance clock is from the reported time the server gave you. The value can be positive or negative, displayed in milliseconds.
jitter: Indicates the difference, in milliseconds, between two samples.

Configure the system time

In the Appliance Settings section, click System Time.
Click Configure Time.
Select your time zone from the drop-down list then click Save and Continue.
On the Time Setup page, select one of the following options:
- Set time manually
- Set time with NTP server
Select the Set time with NTP server radio button, then click Select.
The pool.ntp.org public time server appears in the Time Server #1 field by default.
Type the IP address or fully qualified domain name (FQDN) for the time servers in the Time Server fields. You can have up to nine time servers.

Tip: After adding the fifth time server, click Add Server to display up to four additional timer server fields.
Click Done.

The NTP Status table displays a list of NTP servers that keep the system clock in sync. To sync the current system time a remote server, click the Sync Now button.

Shutdown or restart the system

You can shut down or restart the Trace appliance in the Admin UI.

In the Appliance Settings section, click Shutdown or Restart.
In the Actions column, select one of the following options:
- Click Restart and then on the confirmation page, click Restart to restart the appliance.
- Click Shutdown, and then on the confirmation page, click Shut down to shut down the system and power off the appliance.

License

The Admin UI provides an interface to add and update licenses for add-in modules and other features available in the ExtraHop appliance. The License Administration page includes the following licensing information and settings:

Manage license: Provides an interface to add and update the ExtraHop appliance
System Information: Displays the identification and expiration information about the ExtraHop appliance.
Features: Displays the list of licensed features and whether the licensed features are enabled or disabled.

View the licensing system information

In the Appliance Settings section, click License.
On the License Administration page, under System Information, view the Extra Hop appliance information.

Register an existing license

In the Appliance Settings, click License.
Click Manage license.
(Optional): Click Test Connectivity to ensure that the ExtraHop appliance can communicate with the licensing server.

The ExtraHop license server determines whether a connection is possible through DNS records.

If the test does not pass, open DNS server port 53 to make a connection or contact your network administrator.
Click Register and wait for the licensing server to finish processing.

Note: Register is unavailable on Discover appliances that are managed by a Command appliance.
Click Done.

Update a license

If ExtraHop Support provides you with a license file, you can install this file on your appliance to update the license.

Note:

If you want to update the product key for your appliance, you must register your ExtraHop appliance.

Log into the Admin UI on your ExtraHop appliance.
In the Appliance Settings section, click License.
Click Manage License.
Click Update.

In the Enter License text box, enter the licensing information for the module.

paste the license text provided to you by ExtraHop Support. Be sure to include all of the text, including the BEGIN and END lines, as shown in the example below:

-----BEGIN EXTRAHOP LICENSE-----
serial=ABC123D;
dossier=1234567890abcdef1234567890abcdef;
mod_cifs=1;
mod_nfs=1;
mod_amf=0;
live_capture=1;
capture_upload=1;
...
ssl_decryption=0;
+++;
ABCabcDE/FGHIjklm12nopqrstuvwXYZAB12345678abcde901abCD;
12ABCDEFG1HIJklmnOP+1aA=;
=abcd;
-----END EXTRAHOP LICENSE-----

Click Update.

Disks

The Disks page provides information about the configuration and status of the disks in your Trace appliance as well the disks in any attached storage units.

Note:

We recommend that you configure the settings to receive email notifications about your system health. If a disk is beginning to experience problems, you will be alerted. For more information, see the Notifications section.

The following information displays on the page:

Drive Map

Provides a visual representation of the front of the Trace appliance. The drive map does not appear in the Admin UI on the virtual Trace appliance.

RAID Disk Details

Provides access to detailed information about all the disks in the node.

Datastore

Displays information about disks reserved for data storage and the option to encrypt the datastore disk. For more information, see the Encrypt the packetstore disk section.

Direct Connect Disk

Displays information about the SD memory cards. The memory cards have the following roles:

Firmware: Displays information about disks reserved for the firmware.

Utility: Displays information about disks reserved for system files.

External Packestore Disks: Displays information about ExtraHop extended storage units.

Encrypt the packetstore disk

You can encrypt the disk that packet captures are stored on for increased security. The disk is secured with 128-bit AES keys.

Warning:

You cannot decrypt a packet capture disk after it is encrypted. You can reformat an encrypted disk; however, all data stored on the disk will be lost. To perform a secure delete (secure wipe) of all system data, see the ExtraHop Rescue Media Guide.

In the Appliance Settings section, click Disks.
In the Datastore section, click Disk Encryption Settings.
Click Encrypt Disk.
Specify a disk encryption key by choosing on of the following options.
- To encrypt the disk with a passphrase, type a passphrase into the Passphrase and Confirm fields.
- To encrypt the disk with a key file, click Choose File, and then browse to an encryption key file.
Click Encrypt.

Change the packet capture disk encryption key

In the Status section, click Disks.
In the Datastore section, click Disk Encryption Settings.
Click Change Disk Encryption Key.

Specify the existing encryption key.

Option	Description
If you entered an encryption passphrase	Type a passphrase into the Passphrase field.
If you selected an encryption key file	Click Choose File, and then browse to an encryption key file.

Specify a new disk encryption key.

Option	Description
To enter an encryption passphrase	Type a passphrase into the Passphrase and Confirm fields.
To select an encryption key file	Click Choose File, and then browse to an encryption key file.

Click Change Key.

Add storage capacity to the ExtraHop Trace appliance

Adding additional storage capacity to your Trace appliance enables you to store more packets and extend the amount of lookback available when running packet queries.

Compatibility

The ExtraHop Extended Storage Unit (ESU) is available in two models, the 72 TB ESU and the 96 TB ESU.

ExtraHop Trace Appliance	Extended Storage Unit
ETA 6150	72 TB ESU 96 TB ESU You can attach a mix of 72 TB and 96 TB ESUs to the ETA 6150.
ETA 8250	96 TB ESU
You can attach up to four ESUs to a Trace appliance.

ExtraHop Trace Appliance

Extended Storage Unit

ETA 6150

72 TB ESU
96 TB ESU

You can attach a mix of 72 TB and 96 TB ESUs to the ETA 6150.

ETA 8250

96 TB ESU

You can attach up to four ESUs to a Trace appliance.

Installation prerequisites

Before connecting your extended storage unit (ESU), make sure you have the following items available:

ExtraHop Trace appliance with firmware release 6.2.0 or later. If you have not deployed the Trace appliance, follow the instructions in the Deploy the ExtraHop Trace 6150 Appliance or Deploy the ExtraHop Trace 8250 Appliance guides.
ExtraHop licence for the extended packetstore feature
ExtraHop extended storage unit for the ExtraHop Trace appliance
2U of rack space and 2 x 600W power
Power cables
SAS cables
Rail kit

Set up the extended storage unit

Install the extended storage unit in your data center with the included rack-mounting kit. The mounting kit supports most four-post racks with either round or square holes.
Connect the power cables to the power supply units (PSUs).

Shut down the Trace appliance

Log into the Admin UI on the Trace appliance.
In the Appliance Settings section, click Shutdown or Restart.
In the Actions column, click Shutdown.
On the confirmation page, click Shut down.

Connect the extended storage unit

The extended storage unit connects to the Trace appliance through both of the two enclosure management modules (EMMs). Each EMM has four ports for connecting the SAS cables.

In a redundant configuration, the storage units are linked together in a series, with one of the extended storage units connected to both host bus adapter (HBA) ports on the Trace appliance, as shown in the following figure.

Connect the SAS cables to the EMM SAS connectors on the extended storage unit and to the HBA ports on the Trace appliance. Connect the SAS cable as follows for the first storage unit:

HBA port 0 (on the right) to upper EMM port 1
HBA port 1 (on the left) to lower EMM port 1

Push the cable into the connector until it clicks into place. Green link lights will appear next to the ports when the ESU and Trace appliance are both powered on.

Note:

Connectors on both ends of the SAS cable are universally keyed. You can connect either end of the cable to the EMM or the HBA on the Trace appliance.
Attach the SAS cable to the EMM with the blue pull-tab oriented on the top of the connector.
Attach the SAS cable to the HBA on the Trace appliance with the blue pull-tab oriented on the bottom of the connector.
To remove the SAS cable, pull the pull-tab to release the cable from the connector on the EMM and the Trace appliance.

Cable any additional storage units as illustrated above.
Make sure that the power switch on both PSUs is turned off and then connect the PSUs to the power source.
Power on the PSUs and wait 60 seconds before powering on the Trace appliance.

Validate the configuration

Power on the Trace appliance.
Log into the Admin UI.
In the Appliance Settings section, click Disks.
Confirm that all drives in the Drive Map section are colored green, indicating they are healthy. If any disk is unhealthy, contact ExtraHop Support.
At the bottom of the Disks page, click External Packetstore Disks.
In the RAID Info section for the extended storage unit, click Attach, and then click OK.
After the configuration is complete, confirm that all drives in the extended storage unit are colored green, indicating they are healthy. If any disk is unhealthy, contact ExtraHop Support.
Repeat steps 6 and 7 for any additional extended storage units.

Managing extended storage units with a foreign packetstore status

When an extended storage unit with an existing RAID configuration is connected to a RAID controller on the Trace appliance, the extended storage unit is designated as “foreign”. This status can occur when an extended storage unit was previously connected and then disconnected from the RAID controller on the Trace appliance and when the extended storage unit was configured on a RAID controller other than the Trace appliance it was originally connected to.

For extended storage units disconnected and then reconnected to the same Trace appliance

Log into the Admin UI on the Trace appliance.
In the Appliance Settings section, click Disks.
Click External Packetstore Disks.
Click Import foreign packetstore disks.
The extended storage unit is automatically configured and ready to store packets.

For extended storage units configured on a device other than the Trace appliance

Log into the Admin UI on the Trace appliance.
In the Appliance Settings section, click Disks.
Click External Packetstore Disks.
Click Import foreign packetstore disks, and then click OK.
In the RAID Info section, click Unconfigure, and then click OK.
After the packetstore disk is deleted, click Attach and then click OK.
The extended storage unit is automatically configured and ready to store packets.

Reset the packetstore

In certain circumstances, you might want to reset the packetstore on the Trace appliance. For example, if you accidentally collected packets with sensitive data or from the wrong data feed, you can reset the datastore so the packets do not appear in any packet queries.

Warning:

If you reset the packetstore, all existing packets stored on the Trace appliancewill be inaccessible to packet queries.

In the Appliance Settings section, click Reset Packetstore.
Type YES in the confirmation field and then click Reset Packetstore.

It typically takes less than a minute to reset the packetstore.

Trace cluster settings

The Trace Cluster Settings section includes the following sections:

Managers and Connected Appliances: View the hostname of the Command appliance that is configured to manage the Trace appliance as well as a list of all Discover appliances and Command appliances connected to the Trace appliance.
Packet Query Status: View a list of all packet queries generated from connected Command and Discover appliances.
Connect to a Command Appliance: Configure settings to enable a Command appliance to remotely run support scripts and upgrade firmware on theTrace appliance.

Manager and Connected Appliances

The Manager and Connected Appliances page contains the following information and controls:

Manager

Displays the hostname of the Command appliance that is configured to manage the Trace appliance. To connect a Command appliance through a tunneled connection, click Connect to a Command Appliance. A tunneled connection might be required if a direct connection cannot be established through the Command appliance.

Click Remove Manager to remove the Command appliance as the manager.

Note:

The Trace appliance can be managed by only one Command appliance.

Connected Appliances

Displays a table of all Discover appliances and Command appliances connected to the Trace appliance. The table includes the hostname of the connected and the client product key.

Packet Query Status

The Packet Query Status page provides a collection of metrics about the Trace appliance.

Help on this page

The metrics on this page can help you troubleshoot problems and determine why the ExtraHop appliance is not performing as expected.

Packet Query Status: Displays statistics about packet queries run in the ExtraHop Web UI.
If the number of simultaneous packet queries exceeds the maximum allotted system memory, errors might occur and you must delete in-progress or completed queries by clicking the Remove or Remove All button before you can create new queries. Queries are cached until you navigate away from the Packet Query page in the Web UI.
Packetstore Disks: Displays statistics about packet storage disks.
SSL Session Key Storage: Displays statistics about session keys stored on the Trace appliance. For information about session key storage, see Store SSL session keys on connected Trace appliances.

Remove packet queries

You can remove one or more packet queries to clear query memory and disk cache.

In the Trace Cluster Settings section, click Packet Query Status.
Do one of the following:
- To remove a single query, click Remove in the Actions column of the query you want to remove.
- To remove all listed queries, click Remove All.

Connect to a Command appliance

Connect the Trace appliance to a Command appliance to remotely run support scripts and upgrade firmware on the Trace appliance.

The Trace appliance connects to the Command appliance through a tunneled connection. Tunneled connections are required in network environments where a direct connection from the Command appliance is not possible because of firewalls or other network restrictions.

In the Trace Cluster Settings section, click Connect to a Command Appliance.
Configure the following settings:

Command appliance hostname: Type the hostname or IP address of the Command appliance.

Command appliance setup password: Type the setup user password for the Command appliance.

Trace node nickname (Optional): Type a friendly name for the Trace appliance. If no nickname is entered, the node is identified by the hostname.
Select the Manage with Command appliance checkbox and then click Connect.

Published 2020-08-10 09:56

Documentation

Products

Differentiation

Solutions

Security Operations

Cloud-Native Security

Application Analytics

Network Performance

Customers

Community

Partners

Support

Training

Resources

More Resources

Company

Events and Information

ExtraHop Trace Admin UI Guide

Introduction to the ExtraHop Trace Admin UI

Supported Browsers

Navigation

Log in and log out of the Admin UI

Status and Diagnostics

Health

Help on this page

Audit log

Fingerprint

Run the default support script

View the diagnostic support packages on the system

Download a selected diagnostic support package

Delete a selected diagnostic support script results package

Run a custom support script

Run a default support script

Enable writing to exception files

Disable writing to exception files

Network settings

Atlas Services

Connect to Atlas services

Disconnect from Atlas services

Connectivity

Network Settings

Interfaces

Connectivity

Interface Status

Network Settings

Proxy Settings

Bond Interface Settings

Interfaces

Change the network settings

Configure the RPCAP settings

Modify an interface

Enable IPv6 for an interface

Set a static route

Global proxy server

Configure a global proxy server

Remove the global proxy server

ExtraHop Cloud proxy

Configure an ExtraHop Cloud proxy server

Remove the ExtraHop Cloud proxy server

Bond interfaces

Create a bond interface

Modify bond interface settings

Destroy a bond interface

Notifications

Configure the Email Server and Sender settings

Test email settings

Email addresses

Add a new notification email address

Delete a disk notification email address

SNMP

Configure SNMP settings to send notifications to an SNMP manager

Download the ExtraHop SNMP MIB

Configure syslog notification settings

SSL certificate

Generate a self-signed certificate

Upload an SSL certificate

Create a certificate signing request from your ExtraHop appliance

Add a trusted certificate to your ExtraHop appliance

Access Settings

Change password