Download PDF

View Table of Contents

Product Requirements

Reveal(x) Enterprise only

Thank you! We will contact you soon to ask how we can improve our documentation. We appreciate your feedback.

Was this topic helpful?

Yes No

Thank you for your feedback. Can we contact you to ask follow up questions?

How can we improve?

Need more help?

Ask the Community

Integrate Reveal(x) Enterprise with QRadar

This integration enables you to view metrics from Reveal(x) Enterprise in IBM Security QRadar to gain behavioral insights about your environment.

Before you can configure this integration, you must generate an ExtraHop REST API key and then add the key when you configure the ExtraHop App for QRadar.

System requirements

ExtraHop Reveal(x) Enterprise

Your user account must have full write privileges or higher on Reveal(x) Enterprise.
Your Reveal(x) Enterprise system must be connected to an ExtraHop sensor with firmware version 8.8 or later.
Your Reveal(x) Enterprise system must be connected to ExtraHop Cloud Services.
Your Reveal(x) Enterprise system must be configured to allow REST API key generation.

QRadar

You must have IBM Security QRadar version 7.4.1 FP2 or later.

Generate a REST API key

You must generate an ExtraHop API key before you can configure the ExtraHop App for QRadar. The API key enables you to gain access to the integration and perform operations from QRadar.

Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
Click the User icon at the top right corner of the page, and then click API Access.
In the Generate an API Key section, type a description for the new key, and then click Generate.
Scroll down to the API Keys section and copy the API key that matches your description.

Install and configure the ExtraHop App for QRadar

Download and install the ExtraHop App for QRadar from the IBM Exchange site.
From the right panel of the download page, click View next to Documentation to download a PDF of the user guide.
From the installed app, click Add ExtraHop System.
From the Instance Type drop-down list, select On Prem Instance.
In the ExtraHop System field, type the hostname of the Reveal(x) Enterprise system this app will connect to.
Enter the key that you generated from your Reveal(x) Enterprise system in the API Key field.
Complete the configuration of the ExtraHop App for QRadar according to the downloaded documentation.

Last modified 2023-11-07

Documentation

Products

Differentiation

Solutions

Security Operations

Cloud-Native Security

Application Analytics

Network Performance

Customers

Community

Partners

Support

Training

Resources

More Resources

Company

Events and Information