Integrate Reveal(x) 360 with QRadar

This integration enables you to view metrics from Reveal(x) 360 in IBM Security QRadar to gain behavioral insights about your environment.

To configure this integration, you must create QRadar credentials and then add them to the configuration of the ExtraHop App for QRadar.

System requirements

ExtraHop Reveal(x) 360

  • Your user account must have privileges on Reveal(x) 360 for System and Access Administration or Cloud Setup.
  • Your Reveal(x) 360 system must be connected to an ExtraHop sensor with firmware version 8.8 or later.
  • Your Reveal(x) 360 system must be connected to ExtraHop Cloud Services.

QRadar

  • You must have IBM Security QRadar version 7.4.1 FP2 or later.

Create QRadar integration credentials

  1. Log in to Reveal(x) 360.
  2. Click the System Settings icon and then click Integrations.
  3. Click the IBM Security QRadar tile.
  4. Click Create Credential.
    The page displays the generated ID and secret.
  5. Copy and store the ID and secret, which you will need to configure the ExtraHop App for QRadar.
  6. Click Done.
The credential is also added to the ExtraHop REST API Credentials page where you can view the credential status, copy the ID, or delete the credential.

Install and configure the ExtraHop App for QRadar

  1. Download the ExtraHop App for QRadar from the IBM App Exchange site.
  2. In the right panel of the download site, click View next to Documentation to download a PDF of the app user guide.
  3. Install and configure the add-on according to the instructions in the user guide.
  4. In the following configuration fields, enter the credentials you created and copied for the QRadar integration:
    • Authentication ID
    • Secret Key

Next steps

Export Reveal(x) 360 metrics and view them in QRadar according to the instructions in the ExtraHop App for QRadar user guide.
Last modified 2023-11-07