Connect to ExtraHop Cloud Services
ExtraHop Cloud Services provides access to ExtraHop cloud-based services through an encrypted connection.
After the connection is established, information about the available services appear on the ExtraHop Cloud Services page.
- By sharing data with ExtraHop Machine Learning Service, you can enable features that
enhance the ExtraHop system and your user experience.
- Enable AI Search Assistant to find devices with natural language user prompts, which
are shared with ExtraHop Cloud Services for product improvement. See the AI Search Assistant FAQ for more
information. AI Search Assistant cannot currently be enabled for the following
regions:
- Asia Pacific (Singapore, Sydney, Tokyo)
- Europe (Frankfurt, Paris)
- Opt in to Expanded Threat Intelligence to enable the Machine Learning Service to review data such as IP addresses and hostnames against threat intelligence provided by CrowdStrike, benign endpoints, and other network traffic information. See the Expanded Threat Intelligence FAQ for more information.
- Contribute data such as file hashes and external IP addresses to Collective Threat Analysis to improve the accuracy of detections. See the Collective Threat Analysis FAQ for more information.
- Enable AI Search Assistant to find devices with natural language user prompts, which
are shared with ExtraHop Cloud Services for product improvement. See the AI Search Assistant FAQ for more
information. AI Search Assistant cannot currently be enabled for the following
regions:
- ExtraHop Update Service enables automatic updates of resources to the ExtraHop system, such as ransomware packages.
- ExtraHop Remote Access enables you to allow ExtraHop account team members and ExtraHop Support to connect to your ExtraHop system for configuration help. See the Remote Access FAQ for more information about remote access users.
Video: | See the related training: Connect to ExtraHop Cloud Services |
Before you begin
- RevealX 360 systems are automatically connected to ExtraHop Cloud Services, however, you might need to allow access through network firewalls.
- You must apply the relevant license on the ExtraHop system before you can connect to ExtraHop Cloud Services. See the License FAQ for more information.
- You must have setup or system and access administration privileges to access Administration settings.
Configure your firewall rules
If your ExtraHop system is deployed in an environment with a firewall, you must open access to ExtraHop Cloud Services. For RevealX 360 systems that are connected to self-managed sensors, you must also open access to the cloud-based recordstore included with RevealX Standard Investigation
Open access to Cloud Services
For access to ExtraHop Cloud Services, your sensors must be able to resolve DNS queries for *.extrahop.com and access TCP 443 (HTTPS) at one of the following IP addresses that correspond to your sensor license. We recommend opening access to both IP addresses to safeguard against service interruption.
Region | IP Addresses |
---|---|
North, Central, South America (AMER) | 35.161.154.247 54.191.189.22 |
Asia, Pacific (APAC) | 54.66.242.25 13.239.224.80 |
Europe, Middle East, Africa (EMEA) | 52.59.110.168 18.198.13.99 |
United States Federal (US-FED) | 3.135.6.11 3.139.111.240 |
Open access to RevealX 360 Standard Investigation
For access to RevealX 360 Standard Investigation, your sensors must be able to access outbound TCP 443 (HTTPS) to these fully-qualified domain names:
- bigquery.googleapis.com
- bigquerystorage.googleapis.com
- oauth2.googleapis.com
- www.googleapis.com
- www.mtls.googleapis.com
- iamcredentials.googleapis.com
You can also review the public guidance from Google about computing possible IP address ranges for googleapis.com.
In addition to configuring access to these domains, you must also configure the global proxy server settings.
Connect to ExtraHop Cloud Services through a proxy
If you do not have a direct internet connection, you can try connecting to ExtraHop Cloud Services through an explicit proxy.
Before you begin
Verify whether your proxy vendor is configured to perform machine-in-the-middle (MITM) when tunneling SSH over HTTP CONNECT to localhost:22. ExtraHop Cloud Services deploys an encrypted inner SSH tunnel, so traffic will not be visible to MITM inspection. We recommend that you create a security exception and disable MITM inspection for this traffic.Important: | If you are unable to disable MITM on your proxy, you must disable certificate validation in the ExtraHop system running configuration file. For more information, see Bypass certificate validation. |
- Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
- In the Network Settings section, click Connectivity.
- Click Enable ExtraHop Cloud Proxy.
- In the Hostname field, type the hostname for your proxy server, such as proxyhost.
- In the Port field, type the port for your proxy server, such as 8080.
- (Optional): If required, in the Username and Password fields, type a user name and password for your proxy server.
- Click Save.
Bypass certificate validation
Some environments are configured so that encrypted traffic cannot leave the network without inspection by a third-party device. This device can act as an TLS endpoint that decrypts and re-encrypts the traffic before sending the packets to ExtraHop Cloud Services.
Note: | The following procedure requires familiarity with modifying the ExtraHop running configuration file. |
Disconnect from ExtraHop Cloud Services
You can disconnect an ExtraHop system from ExtraHop Cloud Services.
- Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
- In the Network Settings section, click ExtraHop Cloud Services.
- In the Cloud Services Connection section, click Disconnect.
Manage ExtraHop Cloud Services enrollment
If you want to move an existing license from one ExtraHop system to another, you can manage system enrollment from the ExtraHop Cloud Services page. Unenrolling a system deletes all data and historical analysis for the Machine Learning Service from the system and will no longer be available.
- Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
- In the Network Settings section, click ExtraHop Cloud Services.
- In the Cloud Services Connection section, click Unenroll.
Thank you for your feedback. Can we contact you to ask follow up questions?