Display a dashboard in a NOC or SOC

Some Network Operation Center (NOC) or Security Operation Center (SOC) applications require a URL to display or embed third-party content on large-screen monitors. However, before you can access your ExtraHop dashboard with a URL, you must first authenticate to your appliance.

Instead of logging into your Discover or Command appliance with a username and password, you can configure access for a user account through an API key. You can then add the API key to your dashboard URL and then share the URL with any person or application you want.

We recommend that you create a dedicated user account with restricted access to minimize security risks.

To enable access to a dashboard with a URL, you will complete the following steps:

  • Enable API key authentication.
  • Create a read-only user with shared access to the dashboard you want to display.
  • Generate an API key for the user.
  • Modify the dashboard URL to add the API key.

Prerequisites

Enable login access through the API

Before you can access a dashboard with a URL, you must enable authentication with an API key by modifying the Running Config file.

  1. Log into the Admin UI of the Discover or Command appliance.
  2. In the Appliance Settings section, click Running Config.
  3. Click Edit config.
  4. Add an entry to the Running Config file by completing the following steps:
    1. Add a comma after the second to last curly brace (}).
    2. Press ENTER to create a new line.
    3. Paste the following code on the new line before the final curly brace (}):
          "ui": {
              "allow_apikey_sessions": true,
              "set_extrahop_sessionid_cookie_from_url": true
          }
    Your entry should look similar to the following image, though the contents of your Running Config file might vary:

  5. Click Update.
  6. Click Done.
  7. Optional: To preserve these changes after a system restart, click Save config and then click Save.

Create a restricted read-only user account

  1. Log into the Admin UI of the Discover or Command appliance that has the dashboards you want to share.
  2. In the Access Settings section, click Users.
  3. Click Add User.
  4. In the Personal Information section, complete the information about your new user.
  5. In the User Privileges section, click Restricted read-only privileges.
  6. Click Save.

Share your dashboard with the restricted read-only user

  1. Log into the Web UI of the Discover or Command appliance. (You can click the appliance logo in the top-left section of the page to quickly return to the Web UI.)
  2. Click Dashboards at the top of the page.
  3. In the left pane, select the dashboard that you want to share.
  4. Click the command menu (icon) in the upper-right corner of the dashboard page, and then select Share.
  5. Select Only specified users or groups can view or edit.
  6. In the Specify users and groups field, type the name of your new user, and then select the user name from the drop-down list.
  7. From the drop-down list, select Can view.
  8. Click Add User.
  9. Click Save.

Create an API key for the read only user

  1. Log out of the Admin UI of the Discover or Command appliance, and then log into the Web UI of the appliance through the user account you created in the previous step.
    Note:It is important to log into the Web UI because the restricted user does not have access to the Admin UI.
  2. Click the User icon .
  3. Click API Access.
  4. In the Generate an API Key section, type a description for the new key, and then click Generate.
  5. Scroll down to the Keys section, and make a note of the API key that matches your description.
    You will need this API key when specifying the dashboard URL in your browser.

Modify your dashboard URL

Dashboard URLs are composed of a series of parameters, such as your appliance hostname, a dashboard ID, and the time interval for the current view. Before your dashboard can be accessed with a URL, you must add an API key. For large-screen displays, we also recommend setting a parameter for slideshow mode.

Warning:It is important to remember that by sharing a dashboard with a URL and API key, you are granting access to your ExtraHop appliance. Be sure to restrict access per your security guidelines.

For this topic, we will start with the following example URL, where the dashboard ID is KXK9C and the time interval is set for 30 minutes:

https://hostname.example.com/extrahop/#/Dashboard/KXK9C/?from=30&interval_type=MIN&until=0
  1. In your Discover or Command appliance, navigate to the dashboard you want to share.
  2. Set the time interval for the range of time you want to display.
  3. Add the parameter for API key access to your dashboard URL before the pound sign (#), similar to the following example:
    https://hostname.example.com/extrahop/?set_extrahop_sessionid=apikey:<api-key>#/Dashboard/KXK9C/?from=30&interval_type=MIN&until=0
  4. Replace the <api-key> variable with the API key you generated for the user in the previous section. If the API key is 9824023840239, the URL will look similar to the following example:
    https://hostname.example.com/extrahop/?set_extrahop_sessionid=apikey:9824023840239#/Dashboard/KXK9C/?from=30&interval_type=MIN&until=0
  5. Add the slideshow parameter after the dashboard ID to optimize the dashboard for large-screen display, similar to the following example:
    https://hostname.example.com/extrahop/?set_extrahop_sessionid=apikey:9824023840239#/Dashboard/KXK9C/slideshow?from=30&interval_type=MIN&until=0
Your modified dashboard URL can now be added to any application that requires a URL or sent to any user who does not have access to your ExtraHop appliance. The dashboard view is restricted to the privilege level for the user associated with the API key.
Tip:You can quickly modify the time interval for your dashboard directly in the URL. The string at the end of the URL determines the time displayed.

For example, in the following URL, the time interval is set for 30 minutes:

https://hostname.example.com/extrahop/#/Dashboard/KXK9C/?from=30&interval_type=MIN&until=0

You can modify that time to two months by changing the number to 2 and the interval_type to MON:

https://hostname.example.com/extrahop/#/Dashboard/KXK9C/?from=2&interval_type=MON&until=0

Similarly, to change to a weekly or daily interval, change the interval_type to WK or DAY.

Published 2018-11-09 13:57