extrahop/revealx
| Vendor | ExtraHop Networks, Inc. |
| Author | ExtraHop |
| Version | 0.1.4 |
| Minimum LogScale Version | 1.50.0 |
This ExtraHop Reveal(x) package parses incoming flow data and detections from your Reveal(x) sensors. Integrate your ExtraHop system with CrowdStrike Falcon LogScale from a pre-built bundle or a native integration to gain valuable insights and comprehensive visibility.
For Reveal(x) Enterprise systems, install the pre-built ExtraHop bundle integration for Falcon LogScale to easily ingest and parse incoming flow data from your ExtraHop Reveal(x) sensors, providing you with peer, protocol, and geolocation metrics for unmanaged systems that do not have the CrowdStrike Falcon agent installed.
For Reveal(x) 360 systems, install the native integration for Falcon LogScale to export filtered security detections and view detection data in a centralized system, enhancing context around detections and decreasing the time to confirm threats.
Package Prerequisites
For Reveal(x) Enterprise systems:
Your Reveal(x) Enterprise user account must have full write privileges
Your Reveal(x) Enterprise system must be connected to an ExtraHop sensor with firmware version 8.8 or later.
Your Reveal(x) Enterprise system must be connected to ExtraHop Cloud Services.
You must create an Open Data Stream (ODS) target for LogScale on your ExtraHop system to ingest flow data via JSON files.
For Reveal(x) 360 systems:
Your Reveal(x) 360 user account must have System and Access Administration or Cloud Setup privileges.
Your Reveal(x) 360 system must be connected to an ExtraHop sensor with firmware version 9.3 or later.
Your Reveal(x) 360 system must be connected to ExtraHop Cloud Services.
Setup and Installation
To install the pre-built bundle for ExtraHop Reveal(x) Enterprise,follow the download and configuration instructions in CrowdStrike Falcon LogScale: ExtraHop Detection & Record Connector. If needed, your ExtraHop Sales Engineer can assist you with the configuration.
To install the native integration for ExtraHop Reveal(x) 360, follow the instructions in Integrate Reveal(x) 360 with CrowdStrike Falcon LogScale.
Installing the Package in LogScale
Find the repository where you want to send the ExtraHop Reveal X data, or create a new one.
Navigate to your repository in the LogScale interface, click Settings and then on the left.
Click and install the LogScale package for ExtraHop (i.e. extrahop/revealx).
When the package has finished installing, click on the left (still under the ).
In the right panel, click to create a new token. Give the token an appropriate name (e.g. the name of the server the token is ingesting logs for).
Before leaving this page, view the ingest token and copy it to your clipboard — to save it temporarily elsewhere.
Now that you have a repository set up in LogScale along with an ingest token you're ready to send logs to LogScale.