This guide helps you connect your ExtraHop installation to the Expel Workbench.
You must have:
-
ExtraHop Reveal(x) Enterprise. Expel does not support ExtraHop Reveal(x) 360.
-
An ExtraHop user account with admin-level permissions to create another account.
Step 1: Enable console access
Note
Expel secures all login information our SOC analysts need about your devices in a MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.
-
Login to the ExtraHop console using the admin account.
-
Create a new user account named Expel-Integration with these permissions:
-
Full Read-only permissions.
-
"write" : "personal"
This is required for API key generation.
-
-
Login to the ExtraHop console using the Expel-Integration account.
-
Click the user bubble to open a list with an API access option, then select API access. If you need instructions on creating an API key in ExtraHop, click here.
-
Type a description for the API key, then click Generate. Make a note of the key for later use.
Step 2: Configure the technology in Workbench
-
Click this link to open Workbench. The link opens the Add Security Device screen directly. You may need to log in first.
-
Fill in the Connection Settings fields like this:
-
Add a Name and Location that are meaningful to you.
-
For Server address, use the ExtraHop server URL.
-
For API key, use the key generated in Step 1.
-
-
(Optional) To grant console access, fill in the Console Login fields like this:
-
For Console URL, use the ExtraHop console URL.
-
For Username and Password, use the username and password created for the Expel-Integrations account.
-