Download PDF

View Table of Contents

Product Requirements

Reveal(x) 360 only

Thank you! We will contact you soon to ask how we can improve our documentation. We appreciate your feedback.

Was this topic helpful?

Yes No

Thank you for your feedback. Can we contact you to ask follow up questions?

How can we improve?

Need more help?

Ask the Community

Integrate Reveal(x) 360 with Cortex XSOAR

This integration enables you to export Reveal(x) 360 detections to Cortex XSOAR and run response playbooks, as well as query Reveal(x) 360 packets and device activity.

To configure this integration, you must create Cortex XSOAR credentials and then add those credentials when you configure the ExtraHop Reveal(x) integration for Cortex XSOAR.

System requirements

ExtraHop Reveal(x) 360

Your user account must have privileges on Reveal(x) 360 for System and Access Administration.
Your Reveal(x) 360 system must be connected to an ExtraHop sensor with firmware version 9.2 or later.
Your Reveal(x) 360 system must be connected to ExtraHop Cloud Services.

Cortex XSOAR

You must have Cortex XSOAR version 6.5 or later.
You must have the following Cortex XSOAR content packs:
- Base version 1.31.62 or later
- Common Playbooks version 2.2.4 or later
- Common Scripts version 1.11.22 or later
- Filters and Transformers version 1.0.2 or later
- CVE Search version 1.0.14 or later

Create Cortex XSOAR integration credentials

Log in to Reveal(x) 360.
Click the System Settings icon and then click Integrations.
Click the Cortex XSOAR tile.
Click Create Credential.
The page displays the generated ID and secret.
(Optional): If you have already created a credential for REST API access, you can apply it to the integration. Click Select Existing Credential, select a credential from the drop-down list and then click Select.
Copy and store the ID and secret, which you will need to configure the ExtraHop Reveal(x) integration for Cortex XSOAR.
Click Done.

The credential is also added to the ExtraHop REST API Credentials page where you can view the credential status, copy the ID, or delete the credential.

Install and configure the ExtraHop integration for Cortex XSOAR

Download and install the ExtraHop integration for Cortex XSOAR from the XSOAR Marketplace according to the Cortex XSOAR Marketplace Overview documentation.
From the installed integration, click Add Instance.
Type a unique Name for the integration instance.
Type the URL of the Reveal(x) 360 system this integration instance will connect to.
Select On Cloud and enter the Client ID and Client Secret credentials that you created and copied from your Reveal(x) 360 system.
Complete configuration of the integration instance according to the ExtraHop integration for Cortex XSOAR Reference documentation.

Last modified 2024-04-09

Documentation

Products

Differentiation

Solutions

Security Operations

Cloud-Native Security

Application Analytics

Network Performance

Customers

Community

Partners

Support

Training

Resources

More Resources

Company

Events and Information