Reveal(x) 360 Setup and Administration Guide

After you receive your initial email from ExtraHop Networks, there are a few procedures you must complete before you can start analyzing your traffic. This guide provides procedures for basic setup and administration of the Reveal(x) 360 system.

If your Reveal(x) 360 system is configured to manage users through the built-in ExtraHop Okta identity provider, see ExtraHop Okta in Reveal(x) 360.

Activate your administrator account

The System and Access Administration privilege is granted to the email address that you provided during sign up.

  1. Open your Welcome to ExtraHop Reveal(x) 360 email.
  2. Click the URL link to your Reveal(x) 360 environment.
  3. At the login page, enter your email address and temporary password included in the email.
  4. Click Sign In.
  5. On the Change Password screen, enter a new password in both password fields and then click Send.
  6. From the Multi-Factor Authentication Setup page, scan the QR code or manually enter the code that appears into your authenticator app.
  7. Enter the code provided by your authentication app into the Code field and then click Complete Setup.
  8. On the Success page, click Continue.

Configure your firewall rules

If your ExtraHop system is deployed in an environment with a firewall, you must open access to ExtraHop Cloud Services. For Reveal(x) 360 systems that are connected to self-managed sensors, you must also open access to the ExtraHop Cloud Recordstore.

Open access to Cloud Services

For access to ExtraHop Cloud Services, your sensors must be able to resolve DNS queries for *.extrahop.com and access TCP 443 (HTTPS) from the IP address that corresponds to your sensor license:

  • 35.161.154.247 (Portland, U.S.A.)
  • 54.66.242.25 (Sydney, Australia)
  • 52.59.110.168 (Frankfurt, Germany)

Open access to Cloud Recordstore

For access to the ExtraHop Cloud Recordstore, your sensors must be able to access outbound TCP 443 (HTTPS) to these fully-qualified domain names:

  • bigquery.googleapis.com
  • oauth2.googleapis.com
  • www.googleapis.com
  • www.mtls.googleapis.com
  • iamcredentials.googleapis.com

You can also review the public guidance from Google about computing possible IP address ranges for googleapis.com.

In addition to configuring access to these domains, you must also configure the global proxy server settings.

Add and manage users

  1. From the Reveal(x) 360 Overview page, click System Settings and then click Administration.
  2. Click User Access.
  3. In the Users section, click View Users.
  4. Click Create.
  5. Enter the email address, first name, and last name of the new user.
  6. In the Privileges section, select one of the following privileges.
    Privilege Description
    System and access administration Create and modify all objects and settings, including Administration pages, in Reveal(x) 360.
    System administration Create and modify objects and settings, excluding User Access and API Access on the Administration page.
    Full write Create and modify all objects and settings, excluding Administration pages.
    Limited write Create, modify, and share dashboards.
    Personal write Create personal dashboards and modify dashboards shared with the logged-in user.
    Full read-only View objects in the ExtraHop system.
    Restricted read-only View dashboards shared with the logged-in user.
  7. In the Packet and Session Key Access section, select one of the following privileges:
    Privilege Description
    Packets and session keys Search and download packets and associated session keys.
    Packets only Search and download packets.
    No access No access to packets.
  8. In the Detection Access section, select one of the following privileges.
    Privilege Description
    Full access Access to detections.
    No access No access to detections.
  9. Click Save.
    The user is sent an email that includes the URL of the Reveal(x) 360 environment and their temporary password. The temporary password expires in 7 days.
  10. Click Done.
delete the user, transfer dashboards click delete

Change user settings

You can change the assigned privilege levels, reset the multi-factor authentication configuration, or delete the user.

Change user privileges

  1. In the Users section, click the name of the user you want to modify.
  2. In the left pane, select the new privilege level for the user and then click Save.

Reset multi-factor authentication

  1. In the Users section, click the name of the user you want to modify.
  2. Click Reset MFA configuration for this user.
    The user is required to configure multi-factor authentication the next time they log in to Reveal(x) 360.

Delete a user

  1. In the Users section, click the name of the user you want to modify.
  2. Click Delete.
  3. Select one of the following options:
    • Transfer dashboards, collections, and activity maps owned by <username> to the following user: and then select a new user from the drop-down list.
    • Delete all dashboards, collections, and activity maps owned by <username>
  4. Click Delete.

Connect sensors

Add sensors to Reveal(x) 360 to monitor your network traffic.

ExtraHop-managed Reveal(x) sensors for AWS can be selected and deployed from within the Reveal(x) 360 Console.

Self-managed sensors and Trace appliances can also be connected from within the Reveal(x) 360 Console. Note that if you have an existing Command appliance, you must disconnect the Command appliance before connecting your self-managed sensors to Reveal(x) 360.

Multi-factor authentication

Multi-factor Authentication (MFA) is a security enhancement that requires you to provide two forms of credentials when you log in to your account. In addition to your ExtraHop credentials, you must supply credentials from a 3rd-party authenticator app.

Select and download an authentication application to your device and generate secure, six-digit codes when you log in to your Reveal(x) 360 system.

There are many authenticator apps to select from. The following steps are a general guideline, but you should also review the help documentation for the app you select.

  1. Choose a device, such as a computer or mobile device (phone or tablet), on which you can install apps.
  2. Download and install an authentication app on the device. Here are some popular options:
    • Android and iOS: Google Authenticator, Authy
    • Windows and macOS: 1Password, OTP Manager
    • Chrome extensions: Authenticator
  3. Open a new browser and sign in to your ExtraHop Reveal(x) 360 system.
  4. Follow the instructions to scan or enter the code that appears on the ExtraHop Multi-Factor Authentication setup screen, and then enter the credentials provided by your authenticator app.
Published 2022-01-14 20:14