Connect to Reveal(x) 360 from self-managed sensors

This guide provides instructions for connecting Reveal(x) 360 to the self-managed sensors and Trace appliances that are deployed on-premises or in AWS, Azure, and Google Cloud Platform (GCP) cloud service providers.

Before you begin

  • You must have an Okta user account with OktaAdmin privileges to configure Reveal(x) 360. The details about setting up this account are in the introduction email sent from ExtraHop Networks.
  • You must have a Reveal(x) 360 user account with Unlimited privileges.
  • Your Discover and Trace appliances must be connected to ExtraHop Cloud Services before connecting to Reveal(x) 360. For more information, see Connect to ExtraHop Cloud Services.
  • If you have a firewall, all traffic must be permitted outbound to TCP 443 to connect to ExtraHop Cloud Services and the ExtraHop Cloud Recordstore.
Note:For ExtraHop-managed sensors, see Deploy Reveal(x) 360 sensors for AWS.

Generate a token

Generate a token for each sensor that you want to connect to Reveal(x) 360 Cloud Control Plane.

  1. Open a web browser and go to the URL provided in your introduction email.
  2. Click Log in with ExtraHop Okta. Do not type a username and password. If you are not already signed in to Okta, you are redirected to the Okta sign in page. Type your email address in the Username field, type your password, and then click Sign In.
    The ExtraHop Overview page appears.
  3. Click the System Settings icon at the top right of the page and then click Administration.
  4. On the Connected Appliance Administration page, click Generate Token.
  5. Click Generate Token.
    Note:Each sensor or Trace appliance that you want to connect to Reveal(x) 360 requires a unique token.
  6. Copy the generated token.

Connect your sensor

  1. Log in to the Admin UI on your self-managed sensor through https://<extrahop-hostname-or-IP-address>/admin.
  2. In the ExtraHop Command Settings section, click Connect Command Appliances.
  3. Click Add Appliance.
  4. Paste the token you generated from Reveal(x) Cloud into the Generated Token field.
  5. Type a name into the Device Nickname field to identify this sensor in Reveal(x) 360 Cloud Control Plane.
  6. Click Connect.

Connect your Trace appliance

  1. Log in to the Admin UI on your self-managed Trace appliance through https://<extrahop-hostname-or-IP-address>/admin.
  2. In the Trace Cluster Settings section, click Connect to Reveal(x) 360.
  3. Paste the token you generated from Reveal(x) 360 into the Generated Token field.
  4. Type a name into the Trace Appliance Nickname field to identify this appliance in Reveal(x) 360.
  5. Click Connect.

Create and manage Reveal(x) 360 users

Reveal(x) 360 Cloud Control Plane users are managed through Okta, a cloud-based identity management system. As a Reveal(x) 360 administrator with OktaAdmin privileges, you can add users and assign them to pre-defined groups with different privilege levels.

  1. Open a web browser and go to https://extrahop-cloud.okta.com.
  2. Type your email address in the Username field and then click Next.
  3. Click Admin.
  4. From the Directory drop-down menu, click People.
  5. Click Add Person and fill in all fields. The Secondary email field is optional.
    1. In the Groups field, add one of the following groups.
      Note:Note: A person can only be a member of one group.
      • OktaAdmin
      • ApplianceAdmin
      • FullWrite-FullPacketsWithKeys
      • FullWrite-FullPackets
      • FullWrite-NoPackets
      • LimitedWrite-FullPacketsWithKeys
      • LimitedWrite-FullPackets
      • LimitedWrite-NoPackets
      • PersonalWrite-FullPackets
      • PersonalWrite-NoPackets
      • FullReadOnly-FullPackets
      • FullReadOnly-NoPackets
      • RestrictedReadOnly-NoPackets
    2. Select the Send user activation email now checkbox.
    Note:Each group is preceded by your customer-specific domain name and customer ID, similar to the following example: example_company-a0O1E00001Lfn4LUAR-FullReadOnly-NoPackets.

    For more information about privileges, see User privileges.

  6. Click Save. Alternatively, click Save and Add Another to add additional users.
    The user is sent an activation email with instructions about how to complete their account setup. After the account is set up, the user can log in to Reveal(x) 360 through https://extrahop-cloud.okta.com.

Test the configuration

Verify that you can view traffic from your connected sensors on Reveal(x) 360 Cloud Control Plane.

  1. Navigate to the Reveal(x) 360 Cloud Control Plane URL.
  2. Click Log in with ExtraHop Okta. Do not type a username and password.
    If you are not already signed in to Okta, you are redirected to the Okta sign in page. Type your email address in the Username field, type your password, and then click Sign In.

    The ExtraHop Overview page appears.

  3. Click Dashboards at the top of the page.
  4. In the left pane, under System Dashboards, click Network. The charts should display data from the traffic.
    Note:It can take up to ten minutes after the traffic session is created before data appears.

Learn more about Reveal(x) 360

After traffic data appears, you can begin exploring Reveal(x) 360. Check out our documentation website, which includes general concepts, how-to guides, and walkthroughs. For example, you can learn how to create a dashboard or activity map, prioritize the devices on your network for advanced analysis, and investigate security detections.

Published 2020-10-14 20:01