This guide helps you connect your ExtraHop installation to the Expel Workbench.

You must have:

  • ExtraHop Reveal(x) Enterprise. Expel does not support ExtraHop Reveal(x) 360.

  • An ExtraHop user account with admin-level permissions to create another account.

Step 1: Enable console access

Note

Expel secures all login information our SOC analysts need about your devices in a MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.

  1. Login to the ExtraHop console using the admin account.

  2. Create a new user account named Expel-Integration with these permissions:

    • Full Read-only permissions.

    • "write" : "personal" This is required for API key generation.

  3. Login to the ExtraHop console using the Expel-Integration account.

  4. Click the user bubble to open a list with an API access option, then select API access. If you need instructions on creating an API key in ExtraHop, click here.

  5. Type a description for the API key, then click Generate. Make a note of the key for later use.

Step 2: Configure the technology in Workbench

  1. Click this link to open Workbench. The link opens the Add Security Device screen directly. You may need to log in first.

    ExtraHop_AddSecDev.png
  2. Fill in the Connection Settings fields like this:

    • Add a Name and Location that are meaningful to you.

    • For Server address, use the ExtraHop server URL.

    • For API key, use the key generated in Step 1.

  3. (Optional) To grant console access, fill in the Console Login fields like this:

    • For Console URL, use the ExtraHop console URL.

    • For Username and Password, use the username and password created for the Expel-Integrations account.

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!