ExtraHop

ExtraHop™ is integrated with LogScale through the following:

ExtraHop Reveal(X) package parses incoming flow data and detections from your Reveal(x) sensors. See ExtraHop Reveal (X) Package

Package Prerequisites

For Reveal(x) Enterprise systems:

Your Reveal(x) Enterprise user account must have full write privileges
Your Reveal(x) Enterprise system must be connected to an ExtraHop sensor with firmware version 8.8 or later.
Your Reveal(x) Enterprise system must be connected to ExtraHop Cloud Services.
You must create an Open Data Stream (ODS) target for LogScale on your ExtraHop system to ingest flow data via JSON files.

For Reveal(x) 360 systems:

Your Reveal(x) 360 user account must have System and Access Administration or Cloud Setup privileges.
Your Reveal(x) 360 system must be connected to an ExtraHop sensor with firmware version 9.3 or later.
Your Reveal(x) 360 system must be connected to ExtraHop Cloud Services.

Setup and Installation

To install the pre-built bundle for ExtraHop Reveal(x) Enterprise,follow the download and configuration instructions in CrowdStrike Falcon LogScale: ExtraHop Detection & Record Connector. If needed, your ExtraHop Sales Engineer can assist you with the configuration.

To install the native integration for ExtraHop Reveal(x) 360, follow the instructions in Integrate Reveal(x) 360 with CrowdStrike Falcon LogScale.

Installing the Package in LogScale

Find the repository where you want to send the ExtraHop Reveal X data, or create a new one.

Navigate to your repository in the LogScale interface, click Settings and then Packages on the left.
Click Marketplace and install the LogScale package for ExtraHop (i.e. extrahop/revealx).
When the package has finished installing, click Ingest tokens on the left (still under the Settings).
In the right panel, click + Add Token to create a new token. Give the token an appropriate name (e.g. the name of the server the token is ingesting logs for).
Before leaving this page, view the ingest token and copy it to your clipboard — to save it temporarily elsewhere.
Now that you have a repository set up in LogScale along with an ingest token you're ready to send logs to LogScale.

Package Contents

The package contains the following:

Parser for flow logs, detections, and records (JSON)
Reveal(x) Unmanaged Systems dashboard
ExtraHop Detection Summary dashboard

Integrations

Integrations

Packages

LogScale APIs 1.118.0-1.137.0

APIs

API Authentication

Cluster Management API

Health Check API

Ingest API

Lookup API

Redact Events API

Search API

Software Libraries

LogScale Third-Party Log Shippers

Third-Party Log Shippers

ExtraHop

Package Prerequisites

Setup and Installation

Installing the Package in LogScale

Package Contents

Enter search term