Integrate Reveal(x) 360 with QRadar

This integration enables you to view network threat detections and behavioral insights from Reveal(x) 360 in QRadar.

System requirements

ExtraHop Reveal(x) 360

  • You must have Reveal(x) 360 Cloud Setup privileges.
  • Your Reveal(x) 360 system must be connected to an ExtraHop sensor with firmware version 8.7 or later.
  • Your Reveal(x) 360 system must be connected to ExtraHop Cloud Services and configured to export detections through webhooks.

QRadar

  • Webhook targets must be open to external traffic. Reveal(x) 360 systems cannot send detections to targets on your internal network.
  • Webhook targets must have a certificate signed by a certificate authority (CA) from the Mozilla CA Certificate Program. See https://wiki.mozilla.org/CA/Included_Certificates for certificates from trusted public CAs.
  • You must create a dedicated QRadar log source configured for the HTTP Receiver protocol.

Configure the integration

  1. Log in to the Reveal(x) 360 system with an account that has Cloud Setups privileges.
  2. Click the System Settings icon and then click Integrations.
  3. Click the IBM Security QRadar tile.
  4. Connect to QRadar.
    1. In the QRadar Log SourceURL field, enter the full target URL and port number that will receive detections from Reveal(x) 360 .
      The following example is correctly formatted:

      https://mysql1.seaprod.example.com:3306

    2. Click Test Connection to ensure that Reveal(x) 360 can communicate with QRadar.
      Verify the test event is sent to the specified URL in QRadar.
    3. Click Connect.
  5. (Optional): Specify which detections to export to QRadar.
    1. Select the Export Reveal(x) 360 detections into QRadar checkbox.
    2. Click Add Criteria and specify one of the following criteria:
      • Site
      • Minimum Risk Score
      • Type
      • Category
      • Technique
      • Device Role
    3. Click Save.
    4. Click Add Criteria to specify additional criteria.
      The Reveal(x) 360 system exports only detections that match all specified criteria. If no criteria is specified, all new detections are exported.
  6. Click Save.
Published 2022-01-14 20:14