Add device cloud instance properties through the REST API
Device cloud properties enable you to view information about your cloud environment in the ExtraHop system. You can identify the cloud instance name, type, and ID of a device along with the cloud account that owns the device and the ID of the Virtual Private Cloud that the device is in.
This guide provides instructions for adding an observation through the ExtraHop API Explorer, an AWS CloudFormation template, an AWS Lambda function, and a Python script for Microsoft Azure. If you update cloud properties automatically through the REST API, you can continuously retrieve information from your cloud provider to make sure that your cloud property information is always up to date.
Add cloud instance properties through the ExtraHop API Explorer
Before you begin
- For sensors and ECA VMs, you must have a valid API key with full write privileges or higher. (See Generate an API key.)
- For RevealX 360, you must have valid REST API credentials with full write privileges or higher. (See Create REST API credentials.)
Add AWS properties to RevealX 360 with CloudFormation
You can add AWS device cloud instance properties to RevealX 360 with a CloudFormation template that is publicly available on Amazon S3. The CloudFormation template creates a Lambda function that retrieves AWS EC2 instance properties and sends them to RevealX 360 through the REST API. The Lambda function maps network interfaces of EC2 instances to devices discovered on the ExtraHop system by MAC address.
- The AWS EventBridge service runs the Lambda function every 30 minutes.
- The function only imports cloud instance properties for EC2 instances.
- You must deploy the CloudFormation template in each AWS account that you want to import properties from.
- You can only deploy the function in the following AWS regions:
- US East (Ohio)
- US East (Northern Virginia)
- US West (Oregon)
- US West (Northern California)
- RevealX Enterprise does not support the CloudFormation template. For information about importing properties into RevealX Enterprise, see Add AWS properties to RevealX Enterprise with Lambda.
Add AWS properties to RevealX Enterprise with Lambda
You can add AWS device cloud instance properties to RevealX Enterprise with an example Python script. The script maps network interfaces of EC2 instances to devices discovered on the ExtraHop system by MAC address.
Note: | For information about importing AWS properties into RevealX 360, see Add AWS properties to RevealX 360 with CloudFormation. |
The script is designed to run as a Lambda function within AWS. Here are some important considerations for running the script in AWS:
- The script is designed to run on a set time interval. Each time the script is run, it scans each instance on the VPC and updates the corresponding devices in the ExtraHop system. For information about configuring a Lambda function to run periodically, see the AWS tutorial here.
- The Lambda function must be able to access resources on your VPC. For more information, see the AWS tutorial here.
- The Lambda function must have list and read access to the DescribeInstances action for the EC2 service. For more information, see the AWS tutorial here.
Note: | If the script returns an error message that the SSL
certificate verification failed, make sure that a trusted certificate has
been added to your sensor or console. Alternatively, you can add the
verify=False option to bypass certificate verification. However, this
method is not secure and not recommended. The following code sends an HTTP GET request
without certificate
verification:requests.get(url, headers=headers, verify=False) |
Before you begin
- You must have a valid API keywith full write privileges or higher.
Add Azure properties to ExtraHop with Python
The ExtraHop GitHub repository contains an example Python script that imports Azure device properties into the ExtraHop system. The script assigns cloud device properties to every device discovered by the ExtraHop system with a MAC address that belongs to an Azure VM network interface. The script is designed to be run on a set time interval. Each time the script is run, it scans each VM and updates the corresponding devices in ExtraHop.
The script requires the following modules from the Azure Python SDK:
The script also requires you to have configured Azure authentication credentials in the following environment variables on the machine that runs the script:
- AZURE_SUBSCRIPTION_ID
- AZURE_CLIENT_ID
- AZURE_CLIENT_SECRET
- AZURE_TENANT_ID
For information about generating these credentials, see the Azure documentation.
Important: | The example python script authenticates to the sensor or console through an API key, which is not compatible with the Reveal(x) 360 REST API. To run this script with Reveal(x) 360, you must modify the script to authenticate with API tokens. See the py_rx360_auth.py script in the ExtraHop GitHub repository for an example of how to authenticate with API tokens. |
Thank you for your feedback. Can we contact you to ask follow up questions?