Integrate RevealX 360 with Cisco XDR

Integrate ExtraHop RevealX 360 with Cisco XDR, a cloud-based detection and response tool, to enhance endpoint visibility and accelerate detection response. By creating ExtraHop REST API credentials, you can export RevealX device and detection data to Cisco XDR through ExtraHop REST API operations.

1. Complete the following steps to create ExtraHop REST API credentials for the integration:
   1. Log in to RevealX 360.
   2. Click the System Settings icon and then click Integrations.
   3. Click the tile of the integration you want to configure.
   4. Click Create Credential.
      The page displays the generated ID and secret.
   5. (Optional): If you have already created a credential for REST API access, you can apply it to the integration. Click Select Existing Credential, select a credential from the drop-down list and then click Select.
   6. Copy and store the ID and secret, which you will need to configure the ExtraHop app.
   7. Click Done.
      The credential is added to the ExtraHop REST API Credentials page where you can view the credential status, copy the ID, or delete the credential.
2. Complete the following steps to add the ExtraHop integration to Cisco XDR:
   1. From your Cisco XDR, click Administration, and then select Integrations.
   2. Click the Third-Party tab, and then click Get Started or Enable from the ExtraHop RevealX 360 card.
   3. Click the expand icon to open the integration guide.
   4. Complete the fields according to the expanded integration guide, which includes entering the ExtraHop REST API credentials that you created and copied for the integration.
   5. Click Add.
3. Export RevealX device and detection data to your Cisco XDR through the ExtraHop REST API.