Admin Guides
Reveal(x) 360
- Connect to Reveal(x) 360 from self-managed sensors
- Reveal(x) 360 Setup and Administration Guide
- Forward session keys to ExtraHop-managed sensors
- Add your own identity provider to Reveal(x) 360
- Integrate Reveal(x) 360 with Cortex XSOAR
- Integrate Reveal(x) 360 with CrowdStrike
- Integrate Reveal(x) 360 with CrowdStrike Falcon LogScale
- Integrate Reveal(x) 360 with QRadar
- Integrate Reveal(x) 360 with Splunk
- Integrate Reveal(x) 360 with Splunk SOAR
- Integrate Reveal(x) 360 with Microsoft 365
System Configuration
- Register your ExtraHop system
- Connect to ExtraHop Cloud Services
- Enable ExtraHop Remote Access
- Configure the system time
- Upgrade the firmware on your ExtraHop system
- Save system settings to the running config file
- Download the running config as a text file
- Configure the iDRAC IP address with a monitor, keyboard, and mouse
- Enable network overlay decapsulation
- Enable L2 Discovery
- Configure Device Discovery
- Device name precedence
- Configure endpoint lookup links
- Configure IP address discovery through TTL values
- Configure a global packet capture
- Analyze a packet capture file
- Configure a static IP address through the CLI
- Collect traffic from NetFlow and sFlow devices
- Set up shared SNMP credentials for your NetFlow or sFlow networks
- Automate AWS Traffic Mirroring with CloudFormation
- Forward GENEVE-encapsulated traffic from an AWS Gateway Load Balancer
- Mirror Wire Data with VMware
- Configure ERSPAN with the Nexus 1000V
- Configure ERSPAN with VMware
- Configure RSPAN with VMware
- Configure the iDRAC Remote Access Console
- Repair a Degraded RAID 10 Configuration on the EDA 6200
- Analyze Lync Traffic
- Apply an MS SQL key to the ExtraHop system
- Install the SSL Decryption Board
- Configure packet capture
- Port Channeling
- Packet Forwarding with RPCAP
- Configure packet forwarding for Kubernetes pods
- Configure packet forwarding for pods in EKS
- Configure RPCAP for an ExtraHop packetstore
- Replace the Datastore Hard Drive
- Replace the firmware disk in an ExtraHop Discover appliance
- ExtraHop Rescue Media Guide
- Upgrade from RAID 0 to RAID 10
- ExtraHop Open Data Stream for ELK
- ExtraHop System Notices
- Module Migration
User Management
- Add a local user account
- Add an account for a remote user
- Configure remote authentication through LDAP
- Configure remote authentication through SAML
- Configure SAML single sign-on with Azure AD
- Configure SAML single sign-on with Google
- Configure SAML single sign-on with JumpCloud
- Configure SAML single sign-on with Okta
- Configure remote authentication through RADIUS
- Configure remote authentication through TACACS+
- Manage imported LDAP user groups
- Migrate to SAML from LDAP
Decryption
- Decrypt SSL traffic with certificates and private keys
- Create a certificate signing request from your ExtraHop system
- Add a trusted certificate to your ExtraHop system
- Decrypt domain traffic with a Windows domain controller
- Install the ExtraHop session key forwarder on a Windows server
- Install the ExtraHop session key forwarder on a Linux server
- Set up decryption on an MS Exchange server
- Download session keys with packet captures
- Store SSL session keys on connected packetstores
- Session key forwarding from an F5 LTM
Import or Export Data
- Import external data to your ExtraHop system
- Configure an HTTP target for an open data stream
- Configure a Kafka target for an open data stream
- Configure a MongoDB target for an open data stream
- Configure a raw data target for an open data stream
- Configure a syslog target for an open data stream
- Export logs for Machine Learning Service API interactions
3rd-Party Integrations
- Send records from ExtraHop to Google BigQuery
- Send records from ExtraHop to Splunk
- Integrate Reveal(x) Enterprise with Splunk
- Integrate Reveal(x) Enterprise with Splunk SOAR
- Integrate Reveal(x) Enterprise with Cortex XSOAR
- Integrate Reveal(x) Enterprise with QRadar
- Integrate ExtraHop with AWS CloudFormation
- Deploy ERSPAN with an ExtraHop sensor and Brocade 5600 vRouter in AWS
API Guides
REST API
- ExtraHop REST API Guide
- ExtraHop Explore REST API Guide
- ExtraHop Trace REST API Guide
- Reveal(x) 360 REST API Guide
- IDS Sensor REST API Guide
- Add device cloud instance properties through the REST API
- Add observations through the REST API
- Automate virtual appliance deployment with VMware and Ansible
- Back up a sensor or console through the REST API
- Change a dashboard owner through the REST API
- Connect to Reveal(x) 360 from self-managed sensors through the REST API
- Create a device group through the REST API
- Create a trusted SSL certificate through the REST API
- Create custom devices through the REST API
- Enable the REST API for Reveal(x) 360
- Extract metrics through the REST API
- Extract the device list through the REST API
- Migrate tuning rules
- Migrate to SAML from LDAP through the REST API
- Query for records through the REST API
- Roll back firmware through the REST API
- Search for a device through the REST API
- Specify custom device makes and models through the REST API
- Specify high value devices through the REST API
- Tag a device through the REST API
- Update network localities
- Upgrade ExtraHop firmware through the REST API
- Upgrade ExtraHop firmware through the REST API with ExtraHop Cloud Services
- Upload IDS rules to the ExtraHop system through the REST API
- Upload STIX files through the REST API
Concepts
References
- Security Overview
- Network Overview
- Perimeter Overview
- Network Activity dashboard
- Network Performance dashboard
- Security Hardening dashboard
- Generative AI Tools dashboard
- Active Directory dashboard
- System Health dashboard
- System Usage dashboard
- Chart types
- ExtraHop System User Guide
- Protocol Metrics Reference
- Default Port Specifications Reference
- ExtraHop Glossary
- Bundles Best Practices Guide
- Supported SSL/TLS cipher suites
- Supported browsers
FAQs
- Activity Maps FAQ
- Alerts FAQ
- Analysis Priorities FAQ
- Collective Threat Analysis FAQ
- Attack Simulation FAQ
- Detections FAQ
- ExtraHop Hardware FAQ
- Applications FAQ
- Charts FAQ
- Default User Accounts FAQ
- Device Discovery FAQ
- Geomaps FAQ
- License FAQ
- Metrics FAQ
- Reports FAQ
- Remote Access FAQ
- System Health FAQ
- Triggers FAQ
Deployment
Packet Sensors
- Deploy Reveal(x) Ultra in AWS
- Deploy Reveal(x) Ultra on Google Cloud Platform
- Deploy the EDA 10200 sensor
- Deploy the EDA 9200 sensor
- Deploy the EDA 8200 sensor
- Deploy the EDA 4200 or 6200 sensor
- Deploy the EDA 1200 sensor
- Deploy an ExtraHop sensor in AWS
- Deploy an ExtraHop sensor in Azure
- Deploy an ExtraHop sensor on Google Cloud Platform
- Deploy an ExtraHop sensor with Hyper-V
- Deploy an ExtraHop sensor on Linux KVM
- Deploy the ExtraHop sensor with VMware
- Sensor and console post-deployment checklist
- Safety information for the EDA 1200 sensor
Consoles
- Deploy the ECA VM in AWS
- Deploy the ExtraHop ECA VM console in Azure
- Deploy the ExtraHop ECA VM console in Google Cloud Platform
- Deploy the ExtraHop ECA VM console with Hyper-V
- Deploy the ExtraHop ECA VM console on Linux KVM
- Deploy the ExtraHop ECA VM console with VMware
- ECA VM Console Performance Guidelines
- Sensor and console post-deployment checklist
Recordstores
- Deploy the EXA 5200 recordstore
- Deploy an ExtraHop recordstore in AWS
- Deploy an ExtraHop recordstore in Azure
- Deploy an ExtraHop recordstore with Hyper-V
- Deploy an ExtraHop recordstore on Linux KVM
- Deploy the ExtraHop Explore Appliance with VMware
- Increase the capacity of your ExtraHop Explore cluster in VMware
- Recordstore Post-deployment Checklist
- Send records from ExtraHop to Google BigQuery
- Send records from ExtraHop to Splunk
How To's
Charts
- Create a chart
- Copy a chart
- Edit a chart with the Metric Explorer
- Drill down
- Display a rate or count in a chart
- Display percentiles or a mean in a chart
- Edit metric labels in a chart legend
- Add a dynamic baseline to a chart
- Add a static threshold line to a chart
- Display device group members in a chart
- Create regular expression filters
- Find all devices talking to external IP addresses
- Monitor a device for external IP address connections
Dashboards
- Create a dashboard
- Copy a dashboard
- Display a dashboard in a NOC or SOC
- Create a dashboard with dynamic sources
- Edit a dashboard layout
- Edit a chart with the Metric Explorer
- Edit a text box widget
- Edit a dashboard region
- Change the time interval for a dashboard region
- Edit dashboard properties
- Create a dashboard collection
- Set a personal default dashboard
- Share a dashboard
- Share a dashboard collection
- Share a dashboard with a restricted user
- Present a dashboard
- Export data
- Create a PDF file
- Create a scheduled dashboard report
Detections
- Tune detections
- Filter and Tune Hardening Detections
- Optimizing detections
- Suppress detections with tuning parameters
- Hide detections with tuning rules
- Add a trusted domain
- Track a detection
- Create an investigation
- Acknowledge detections
- Create a detection notification rule
- Create a threat briefing notification rule
- Create a custom detection
- Contain CrowdStrike devices from a detection
- Investigate performance detections
- Investigate security detections
- Share a detection
- Configure ticket tracking for detections
- Enable or disable detection markers
Devices
- Find a device
- Create a device group
- Create a device group based on discovery time
- Change a device name
- Change a device role
- Change a device model
- Manually identify a device as high value
- Create a device tag
- Create a custom device
- Delete or disable a custom device
- Configure remote sites for custom devices
- Prioritize groups for Advanced Analysis
- Prioritize groups for Standard Analysis
- Add a device to the watchlist
- Remove a device from the watchlist
- Transfer management of analysis priorities
- Specify network localities and trusted domains
- Configure endpoint lookup links