Reveal(x) 360 Setup and Administration Guide

After you receive your initial email from ExtraHop Networks, there are a few procedures you must complete before you can start analyzing your traffic. This guide provides procedures for basic setup and administration of the Reveal(x) 360 system.

Activate your Okta administrator account

The Okta administrator role is granted to the email address provided during sign up.

Important:You cannot change the user who is granted the Okta administration privilege (OktaAdmin) or assign that privilege to additional users. If you want to grant Okta administration privileges to multiple users, contact ExtraHop support.
  1. Open your Welcome to ExtraHop Reveal(x) 360 email.
  2. Click Activate Now.
    The user setup page appears.
  3. Type your desired password in the password fields.
  4. Select a forgotten password question from the drop-down list and then type your answer.
  5. Select a security image.
  6. Click Create My Account.
    You are redirected to the Okta User Home page and can begin adding users.
Note:The ExtraHop Okta implementation includes a subset of Okta features. Some features, such as removing users, are not available.

Configure your firewall rules

If your ExtraHop system is deployed in an environment with a firewall, you must open access to ExtraHop Cloud Services. For Reveal(x) 360 systems that are connected to on-premises sensors, you must also open access to the ExtraHop Cloud Recordstore.

Open access to Cloud Services

For access to ExtraHop Cloud Services, your sensor must be able to resolve DNS queries for *.extrahop.com and access TCP 443 (HTTPS) from the IP address that corresponds to your sensor license:

  • 35.161.154.247 (Portland, U.S.A.)
  • 54.66.242.25 (Sydney, Australia)
  • 52.59.110.168 (Frankfurt, Germany)

Open access to Cloud Recordstore

For access to the ExtraHop Cloud Recordstore, your on-premises sensors must be able to access outbound TCP 443 (HTTPS).

To restrict your outbound HTTPS traffic further, you can optionally add these fully-qualified domain names: bigquery.googleapis.com and oauth2.googleapis.com. You can also review the public guidance from Google about computing possible IP address ranges for googleapis.com.

Manage Users in ExtraHop Okta

Before users can log in to Reveal(x) 360, the Okta administrator must create users and assign them to groups that determine their privileges.

You cannot remove a user, but you can deactivate a user to remove their ability to access the Reveal(x) system.

Add a user

  1. Log in to Okta through https://extrahop-cloud.okta.com with the Okta administrator account credentials.
  2. At the top of the user home page, click Admin.
  3. From the Directory drop-down menu, select People.
  4. Click Add Person and complete all fields. The Secondary email field is optional.
  5. In the Groups field, start by typing your customer-specific domain name and select one of the following groups. A user can only be a member of one group.
    Note:Each group is preceded by your customer-specific domain name and customer ID, similar to the following example: example_company-a0O1E00001Lfn4LUAR-FullReadOnly-NoPackets. For more information about privileges, see User privileges.
    Privilege Description
    OktaAdmin Add, activate, deactivate, and unlock users. Reset passwords.
    ApplianceAdmin Create and modify all objects and settings on the Sensor Console, including Administration pages.
    FullWrite-NoPackets Create and modify all objects and settings on the Sensor Console, excluding Administration pages.
    FullWrite-FullPackets FullWrite privileges, plus view and download packets. Requires Ultra package.
    FullWrite-FullPacketsWithKeys FullWrite privileges, plus view and download packets and any associated stored SSL session keys. Requires Ultra package.
    LimitedWrite-NoPackets Create, modify, and share dashboards.
    LimitedWrite-FullPackets LimitedWrite privileges, plus view and download packets. Requires Ultra package.
    LimitedWrite-FullPacketsWithKeys LimitedWrite privileges, plus view and download packets and any associated stored SSL session keys. Requires Ultra package.
    FullReadOnly-NoPackets View objects in the ExtraHop Web UI.
    FullReadOnly-FullPackets FullReadOnly privileges, plus view and download packets. Requires Ultra package.
  6. Select the Send user activation email now checkbox.
  7. Click Save. Alternatively, click Save and Add Another to add additional users. The user is sent an activation email with instructions about how to complete their account setup. After the account is set up, the user can log in to Reveal(x) 360 through https://extrahop-cloud.okta.com with their email address.

Deactivate a user

You cannot remove a user, but you can deactivate a user to remove their ability to access the Reveal(x) system.

  1. In the Okta Admin Console, from the Directory drop-down menu, select People.
  2. From the More Actions drop-down menu, click Deactivate.
  3. Select the checkbox next to the name of the user or users you want to deactivate.
  4. Click Deactivate Selected.
  5. In the Deactivate Person dialog box, click Deactivate.

Manage sensors

After you have activated your Okta administrator account, log into your Reveal(x) 360 environment and add sensors to monitor your network traffic.

ExtraHop-managed Reveal(x) sensors for AWS can be selected and deployed from within the Reveal(x) 360 Console.

Self-managed sensors and Trace appliances can also be connected from within the Reveal(x) 360 Console. Note that if you have an existing Command appliance, you must disconnect the Command appliance before connecting your self-managed sensors to Reveal(x) 360.

Published 2020-10-14 20:01