Set up Reveal(x) Cloud Control Plane in AWS

This guide provides instructions for connecting Reveal(x) Cloud Control Plane (CCP) to your on-premises Reveal(x) Discover appliances.

Before you begin

  • You must have an Okta user account with OktaAdmin privileges to configure CCP. Details for setting up this account are in the introduction email sent from ExtraHop Networks.
  • You must have a Discover appliance user account with Unlimited privileges.
  • Your Discover appliance must be connected to ExtraHop Cloud Services. For more information, see Connect to ExtraHop Cloud Services.

Generate a token

Generate a token for each Discover appliance that you want to connect to CCP.

  1. Open a web browser to the URL provided in your introduction email..
  2. On the ExtraHop Reveal(x) Admin Login page, click Log in with Okta.
    You are redirected to the ExtraHop Okta login page.
  3. Type your Okta username and password and then click Sign In.
    You are redirected to the Reveal(x) Connected Appliance Administration page.
  4. Click Generate Token.
  5. Click Generate Token.
    Note:Each Discover appliance you want to connect to CCP requires a unique token.
  6. Copy the generated token.

Connect your Discover appliance to Reveal(x) Cloud

  1. Log into the Admin UI on your on-premises Discover appliance.
  2. In the Connected Appliances section, click Manage Command Appliances.
  3. Click Connect Appliance.
  4. Under Host Type, select Cloud Control Plane.
  5. Paste the token you generated from Reveal(x) Cloud into the Generated Token field.
  6. Type a name into the Device Nickname field to identify this Discover appliance in Reveal(x) Cloud Control Plane.
  7. Click Connect.

Create and manage CCP users

Reveal(x) Cloud Control Plane users are managed through Okta, a cloud-based identity management system. As a Reveal(x) Cloud Control Plane administrator with OktaAdmin privileges, you can add users and assign them to pre-defined groups with different privilege levels.

  1. Open a web browser and go to https://extrahop-cloud.okta.com.
  2. Type your email address in the Username field and then click Next.
  3. Click Admin.
  4. From the Directory drop-down menu, click People.
  5. Click Add Person and fill in all fields. The Secondary email field is optional.
    1. In the Groups field, add one of the following groups.
      Note:Note: A person can be a member of only one group.
      • FullReadOnly-NoPackets
      • FullWrite-NoPackets
      • LimitedWrite-NoPackets
      • OktaAdmin
      • PersonalWrite-NoPackets
      • RestrictedReadOnly-NoPackets
    2. Select the Send user activation email now checkbox.
    Note:Each group is preceded by your customer-specific domain name and customer ID. For example: example_company-a0O1E00001Lfn4LUAR-FullReadOnly-NoPackets.

    For more information about privileges, see User privileges.

  6. Click Save. Alternatively, click Save and Add Another to add additional people.
    The user is sent an activation email with instructions about how to complete their account setup. After the account is set up, the user can log into Reveal(x) Cloud Control Plane at https://extrahop-cloud.okta.com.

Test the configuration

Verify that you can view traffic from your connected Discover appliances on Reveal(x) Cloud Control Plane.

  1. Navigate to the Reveal(x) Cloud Control Plane URL.
  2. Click Log in with ExtraHop Okta. Do not type a username and password.
    If you are not already signed in to Okta, you are redirected to the Okta sign in page. Type your email address in the Username field, type your password, and then click Sign In.

    The ExtraHop Overview page appears.

  3. Click Dashboards at the top of the page.
  4. In the left pane, under System Dashboards, click Network. The charts should display data from the traffic.
    Note:It can take up to ten minutes after the traffic session is created before data appears.

Learn more about Reveal(x) Cloud

After traffic data appears, you can begin exploring Reveal(x) Cloud. Check out our documentation website, which includes general concepts, how-to guides, and walkthroughs. For example, you can learn how to create a dashboard or activity map, prioritize the devices on your network for advanced analysis, and investigate security detections.

Published 2020-07-07 15:55