Admin Guides
Reveal(x) 360
- Connect to Reveal(x) 360 from self-managed sensors
- Reveal(x) 360 Setup and Administration Guide
- Migrate from ExtraHop Okta
- ExtraHop Okta in Reveal(x) 360
- Forward session keys to ExtraHop-managed sensors
- Add your own identity provider to Reveal(x) 360
- Integrate Reveal(x) 360 with CrowdStrike
- Integrate Reveal(x) 360 with Splunk
- Integrate Reveal(x) 360 with QRadar
System Configuration
- Register your ExtraHop system
- Connect to ExtraHop Cloud Services
- Enable ExtraHop Remote Access
- Configure the system time
- Upgrade the firmware on your ExtraHop system
- Save system settings to the running config file
- Download the running config as a text file
- Configure the iDRAC IP address with a monitor, keyboard, and mouse
- Enable network overlay decapsulation
- Enable L2 Discovery
- Configure Device Discovery
- Configure IP address discovery through TTL values
- Configure a global packet capture
- Analyze a packet capture file
- Configure a static IP address through the CLI
- Collect traffic from NetFlow and sFlow devices
- Set up shared SNMP credentials for your NetFlow or sFlow networks
- Automate traffic mirroring with AWS Lambda
- Mirror Wire Data with VMware
- Configure ERSPAN with the Nexus 1000V
- Configure ERSPAN with VMware
- Configure RSPAN with VMware
- Configure the iDRAC Remote Access Console
- Repair a Degraded RAID 10 Configuration on the EH8000
- Analyze Lync Traffic
- Add a CPU Core to an EDA 1000v on Hyper-V
- Add a CPU Core to the EDA 1000v with VMware
- Apply an MS SQL key to the ExtraHop system
- Install the SSL Decryption Board
- Configure packet capture
- Port Channeling
- Packet Forwarding with RPCAP
- Configure packet forwarding for Kubernetes pods
- Configure packet forwarding for pods in EKS
- Configure RPCAP for a Trace Appliance
- Replace the Datastore Hard Drive
- Replace the firmware disk in an ExtraHop Discover appliance
- ExtraHop Rescue Media Guide
- Upgrade from RAID 0 to RAID 10
- ExtraHop Open Data Stream for ELK
- ExtraHop System Notices
Connected Appliances
- Connect a Command appliance to Discover appliances
- Connect the Discover and Command appliances to Explore appliances
- Connect the Discover and Command appliances to the Trace appliance
- Create an Explore cluster
- Disable record ingest on an Explore cluster
- Increase the capacity of your ExtraHop Explore cluster in VMware
User Management
- Add a local user account
- Add an account for a remote user
- Configure remote authentication through LDAP
- Configure remote authentication through SAML
- Configure SAML single sign-on with Azure AD
- Configure SAML single sign-on with Google
- Configure SAML single sign-on with JumpCloud
- Configure SAML single sign-on with Okta
- Configure remote authentication through RADIUS
- Configure remote authentication through TACACS+
- Manage imported LDAP user groups
- Migrate to SAML from LDAP
Decryption
- Decrypt SSL traffic with certificates and private keys
- Create a certificate signing request from your ExtraHop system
- Add a trusted certificate to your ExtraHop system
- Decrypt domain traffic with a Windows domain controller
- Install the ExtraHop session key forwarder on a Windows server
- Install the ExtraHop session key forwarder on a Linux server
- Set up decryption on an MS Exchange server
- Download session keys with packet captures
- Store SSL session keys on connected Trace appliances
- Session key forwarding from an F5 LTM
API Guides
REST API
- ExtraHop REST API Guide
- ExtraHop Explore REST API Guide
- ExtraHop Trace REST API Guide
- Reveal(x) 360 REST API Guide
- Add device cloud instance properties through the REST API
- Add observations through the REST API
- Automate virtual appliance deployment with VMware and Ansible
- Back up the ExtraHop system through the REST API
- Change a dashboard owner through the REST API
- Connect to Reveal(x) 360 from self-managed sensors through the REST API
- Create a device group through the REST API
- Create a trusted SSL certificate through the REST API
- Create custom devices through the REST API
- Enable the REST API for Reveal(x) 360
- Extract metrics through the REST API
- Extract the device list through the REST API
- Migrate tuning rules
- Migrate to SAML from LDAP through the REST API
- Query for records through the REST API
- Roll back firmware through the REST API
- Search for a device through the REST API
- Specify custom device makes and models through the REST API
- Specify high value devices through the REST API
- Tag a device through the REST API
- Upgrade ExtraHop firmware through the REST API
- Upgrade ExtraHop firmware through the REST API with ExtraHop Cloud Services
- Upload STIX files through the REST API
Concepts
References
- Security Overview
- Network Overview
- Perimeter Overview
- Activity dashboard
- Network dashboard
- Security dashboard
- System Health dashboard
- Chart types
- ExtraHop System User Guide
- Protocol Metrics Reference
- Default Port Specifications Reference
- ExtraHop Glossary
- Bundles Best Practices Guide
- Supported browsers
Deployment
Discover Appliance
- Deploy the ExtraHop Discover 10200 Appliance
- Deploy the ExtraHop Discover 9200 Appliance
- Deploy the ExtraHop Discover 8200 Appliance
- Deploy the ExtraHop Discover 4200 or 6200 Appliance
- Deploy the ExtraHop Discover 1200 Appliance
- Deploy the ExtraHop Discover Appliance 1100
- Deploy the ExtraHop Discover Appliance in AWS
- Deploy the ExtraHop Discover Appliance in Azure
- Deploy the ExtraHop Discover Appliance on Google Cloud Platform
- Deploy the ExtraHop Discover Appliance with Hyper-V
- Deploy the ExtraHop Discover Appliance on Linux KVM
- Deploy the ExtraHop Discover Appliance with VMware
- Discover and Command Post-deployment Checklist
- Safety information for the ExtraHop Discover 1200 appliance
Command Appliance
- Deploy the ExtraHop Command Appliance in AWS
- Deploy the ExtraHop Command Appliance in Azure
- Deploy the ExtraHop Command Appliance in Google Cloud Platform
- Deploy the ExtraHop Command Appliance with Hyper-V
- Deploy the ExtraHop Command Appliance on Linux KVM
- Deploy the ExtraHop Command Appliance with VMware
- Command Appliance Performance Guidelines
- Discover and Command Post-deployment Checklist
Explore Appliance
- Deploy the ExtraHop Explore 5200 Appliance
- Deploy the ExtraHop Explore Appliance in AWS
- Deploy the ExtraHop Explore Appliance in Azure
- Deploy the ExtraHop Explore Appliance with Hyper-V
- Deploy the ExtraHop Explore Appliance on Linux KVM
- Deploy the ExtraHop Explore Appliance with VMware
- Increase the capacity of your ExtraHop Explore cluster in VMware
- Explore Post-deployment Checklist
Trace Appliance
- Deploy the ExtraHop Trace 8250 Appliance
- Deploy the ExtraHop Trace 6150 Appliance
- Deploy the ExtraHop Trace Appliance in AWS
- Deploy the ExtraHop Trace Appliance in Azure
- Deploy the ExtraHop Trace Appliance on Google Cloud Platform
- Deploy the ExtraHop Trace Appliance with VMware
- Trace Post-deployment Checklist
How To's
Charts
- Create a chart
- Copy a chart
- Edit a chart with the Metric Explorer
- Drill down
- Display a rate or count in a chart
- Display percentiles or a mean in a chart
- Edit metric labels in a chart legend
- Add a dynamic baseline to a chart
- Add a static threshold line to a chart
- Display device group members in a chart
- Create regular expression filters
- Find all devices talking to external IP addresses
- Monitor a device for external IP address connections
Dashboards
- Create a dashboard
- Copy a dashboard
- Display a dashboard in a NOC or SOC
- Create a dashboard with dynamic sources
- Edit a dashboard layout
- Edit a chart with the Metric Explorer
- Edit a text box widget
- Edit a dashboard region
- Change the time interval for a dashboard region
- Edit dashboard properties
- Create a dashboard collection
- Share a dashboard
- Share a dashboard collection
- Share a dashboard with a restricted user
- Present a dashboard
- Export data
- Create a PDF file
Detections
- Tune detections
- Optimizing detections
- Track a detection
- Create an investigation
- Acknowledge detections
- Create a detection notification rule
- Create a threat briefing notification rule
- Create a custom detection
- Specify tuning parameters for detections
- Investigate performance detections
- Investigate security detections
- Share a detection
- Configure ticket tracking for detections
- Enable or disable detection markers
Devices
- Find a device
- Create a device group
- Create a device group based on discovery time
- Change a device name
- Change a device role
- Change a device model
- Manually identify a device as high value
- Create a device tag
- Create a custom device
- Delete or disable a custom device
- Configure remote sites for custom devices
- Prioritize groups for Advanced Analysis
- Prioritize groups for Standard Analysis
- Add a device to the watchlist
- Remove a device from the watchlist
- Transfer management of analysis priorities
- Classify IP addresses and trusted domains