Create a custom device

Collect metrics for a segment of traffic across multiple IP addresses and ports by creating a custom device. Custom devices are useful for monitoring traffic outside of your local broadcast domain, such as branch offices, stores, or clinics.

Here are some important considerations about custom devices:

  • Custom devices only appear in the ExtraHop system after traffic that matches your specified criteria is observed.
  • Avoid creating multiple custom devices for the same IP addresses or ports. Custom devices that are configured with overlapping criteria might degrade system performance.
  • Avoid creating a custom device for a broad range of IP addresses or ports, which might degrade system performance.
  • A single custom device counts as one device towards your licensed capacity for Advanced Analysis and Standard Analysis.
  • You can also automate this task through the REST API.

Before you begin

You must have full write privileges or higher.
  1. Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
  2. Click the System Settings icon and then click Custom Devices.
  3. Click Create.
  4. In the Name field, type a unique name for the custom device.
  5. In the Discovery ID field, type a unique identifier.
    If this field is left blank, a Discovery ID is generated from the custom device name. The Discovery ID cannot contain spaces and cannot be changed after the custom device is saved.
  6. From the Sensor drop-down list, select the sensor that you want to associate with the custom device. (Command appliance and Reveal(x) 360 only.)
  7. Select the Enable custom device checkbox to enable or disable the custom device.
  8. (Optional): In the Description field, add information about the custom device.
  9. Click Add Criteria to specify an IP address, port range, or VLAN range as match criteria for the custom device.

    You can specify a single option, such as an IP address, or specify a combination of criteria options; you do not need to complete each field.

    1. In the IP Address field, type an IP address or a CIDR notation. If you specify an IP address, you can also specify the direction of traffic and a peer IP address.
      • (Optional): From the Traffic Direction drop-down list, select Outbound from IP Address or Inbound from IP address as a match criterion. These options enable you to create a custom device that collects metrics only from traffic sent to or sent from this IP address. The default selection is Bidirectional.
      • (Optional): In the Peer IP Address field, specify an IP address or CIDR notation that communicates with the address specified in the IP Address field. This option enables you to create a custom device that collects metrics only from traffic between specific source and destination IP addresses.
        Note:If you specify a peer IP address, you cannot select Bidirectional for the traffic direction.
    2. In the Destination Port Range fields, type a minimum and a maximum destination port number. If no range is specified, all ports are considered match criteria.
  10. (Optional): Click Show Advanced Options to configure a source port or VLAN range.
    1. In the Source Port Range fields, type a minimum and a maximum source port number. If no range is specified, all ports are considered match criteria.
    2. In the VLAN Range fields, type a minimum and a maximum VLAN ID.
  11. (Optional): Click Add Criteria to configure additional IP addresses, port ranges, or VLAN ranges.
  12. Click Save.
    Tip:Click Save All Changes to save all custom devices that have unsaved configuration changes.
Published 2021-10-22 09:15