Download PDF

View Table of Contents

Product Requirements

RevealX 360 only

Thank you! We will contact you soon to ask how we can improve our documentation. We appreciate your feedback.

Was this topic helpful?

Yes No

Thank you for your feedback. Can we contact you to ask follow up questions?

How can we improve?

Need more help?

Ask the Community

Integrate RevealX 360 with Cortex XSOAR

This integration enables you to export RevealX 360 detections to Cortex XSOAR and run response playbooks, as well as query RevealX 360 packets and device activity.

To configure this integration, you must create Cortex XSOAR credentials and then add those credentials when you configure the ExtraHop RevealX integration for Cortex XSOAR.

System requirements

ExtraHop RevealX 360

Your user account must have privileges on RevealX 360 for System and Access Administration.
Your RevealX 360 system must be connected to an ExtraHop sensor with firmware version 9.2 or later.
Your RevealX 360 system must be connected to ExtraHop Cloud Services.

Cortex XSOAR

You must have Cortex XSOAR version 6.5 or later.
You must have the following Cortex XSOAR content packs:
- Base version 1.31.62 or later
- Common Playbooks version 2.2.4 or later
- Common Scripts version 1.11.22 or later
- Filters and Transformers version 1.0.2 or later
- CVE Search version 1.0.14 or later

Create Cortex XSOAR integration credentials

Log in to RevealX 360.
Click the System Settings icon and then click Integrations.
Click the Cortex XSOAR tile.
Click Create Credential.
The page displays the generated ID and secret.
(Optional): If you have already created a credential for REST API access, you can apply it to the integration. Click Select Existing Credential, select a credential from the drop-down list and then click Select.
Copy and store the ID and secret, which you will need to configure the ExtraHop RevealX integration for Cortex XSOAR.
Click Done.

The credential is also added to the ExtraHop REST API Credentials page where you can view the credential status, copy the ID, or delete the credential.

Install and configure the ExtraHop integration for Cortex XSOAR

Download and install the ExtraHop integration for Cortex XSOAR from the XSOAR Marketplace according to the Cortex XSOAR Marketplace Overview documentation.
From the installed integration, click Add Instance.
Type a unique Name for the integration instance.
Type the URL of the RevealX 360 system this integration instance will connect to.
Select On Cloud and enter the Client ID and Client Secret credentials that you created and copied from your RevealX 360 system.
Complete configuration of the integration instance according to the ExtraHop integration for Cortex XSOAR Reference documentation.

Last modified 2024-05-15

Documentation

Products

Differentiation

Solutions

Security Operations

Cloud-Native Security

Application Analytics

Network Performance

Customers

Community

Partners

Support

Training

Resources

More Resources

Company

Events and Information