Configure endpoint lookup links

Endpoint lookup enables you to specify external IP address tools that are available for retrieving up information about endpoints within the ExtraHop system. For example, when you click or hover over an IP address, lookup tool links are displayed so that you can easily find information about that endpoint.

The following lookup links are configured by default and can be modified or deleted:
  • ARIN Whois Lookup
  • VirusTotal Lookup
  1. Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
  2. From the System Configuration section, click Endpoint Lookup.
  3. In the URL Template field, type the URL of the lookup tool.

    The URL must include the $ip variable, which is replaced with the IP address of the endpoint upon lookup. For example, https://search.arin.net/rdap/?query=$ip

  4. In the Display Name field, type the name link as you want it to appear.
  5. Select one of the following Display Options:
    • Show this link on all endpoints
    • Show this link on external endpoints
    • Show this link on internal endpoints
    • Do not show this link
  6. Click Save.
Last modified 2024-05-03