Specify high value devices through the REST API

The ExtraHop REST API enables you to specify that a device is high-value. You can specify the device through the REST API Explorer or automate the procedure by reading device criteria from a CSV or similar file through a REST API script.

Specify a high value device through the REST API Explorer

Important:The REST API Explorer is not available on Reveal(x) 360.

Retrieve the ID of the device

Before you can specify a high value device, you must retrieve the REST API ID of the device.

  1. In a browser, navigate to the REST API Explorer.
    The URL is the hostname or IP address of your ExtraHop system, followed by /api/v1/explore/. For example, if your hostname is seattle-eda, the URL is https://seattle-eda/api/v1/explore/.
  2. Click Enter API Key and then paste or type your API key into the API Key field.
  3. Click Authorize and then click Close.
  4. Click GET /devices.
  5. Click Try it out.
  6. Click the search_type drop-down and select a search filter. Then, enter a criterion that identifies the device in the value field.
    For example, to search for a device by IP address, select ip address and then type the IP address in the value field.
  7. Click Send Request.
    In the Response body section, note the id field of the device.

Specify a high value device

  1. Click PATCH /devices/{id}.
  2. Click Try it out.
  3. In the body field, type the following JSON object:
    {
        "custom_criticality": "critical"
    }
  4. In the id field, type the ID of the device that you retrieved in the previous procedure.
  5. Click Send Request.
    If the request is successful, a 204 response code appears in the Server response section.

Retrieve and run the example Python script

The ExtraHop GitHub repository contains an example Python script that reads a list of IP addresses from a CSV file and specifies all devices with those addresses as high value.

Important:The example python script authenticates to the ExtraHop system through an API key, which is not compatible with the Reveal(x) 360 REST API. To run this script with Reveal(x) 360, you must modify the script to authenticate with API tokens. See the py_rx360_auth.py script in the ExtraHop GitHub repository for an example of how to authenticate with API tokens.
  1. Go to the ExtraHop code-examples GitHub repository and download the contents of the specify_high_value directory to your local machine.
  2. In a text editor, open the ip_list.csv file and replace the IP addresses with the IP addresses of the devices you want to specify as high value.
  3. In a text editor, open the specify_high_value.py file and replace the following configuration variables with information from your environment:

    HOST: The IP address or hostname of the ExtraHop system

    API_KEY: The API key

  4. Run the following command:
    python3 specify_high_value.py
    Note:If the script returns an error message that the SSL certificate verification failed, make sure that a trusted certificate has been added to your ExtraHop system. Alternatively, you can add the verify=False option to bypass certificate verification. However, this method is not secure and not recommended. The following code sends an HTTP GET request without certificate verification:
    requests.get(url, headers=headers, verify=False)
Last modified 2023-11-07