<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

ExtraHop Reveal(x) Integrations

extrahop reveal(x) integrations

ExtraHop is an industry leader in network detection and response (NDR), providing complete network visibility, real-time threat detection, and intelligent response at scale through their products.

ExtraHop Reveal(x) can block and quarantine threats through their response automation features. Their integration-driven approach allows Reveal(x) to interface with security orchestration and automation (SOAR) products, ticketing systems, network access controls, and firewalls.

 

Ingestion Integrations

Amazon Web Services

Amazon Web Services (AWS) partnered with ExtraHop to bring NDR to the hybrid cloud. Reveal(x) Cloud combines the insights and event data with AWS CloudWatch to deliver visibility at scale and identify events of interest, disabled log systems and suspicious file execution.

ExtraHop is also a member of the AWS Consulting Partner Private Offer (CPPO) program and is readily available on the AWS Marketplace.

 

Microsoft Azure

ExtraHop partnered with Microsoft Azure to integrate with Virtual Network TAP. Reveal(x) can analyze and decode over 50 protocols at 10 Gbps of data per virtual appliance. Machine learning also provides rich, high-fidelity insights.

Their product offers full support of Azure SQL Databases and Azure Blob Storage protocols. Wire data detections can be integrated through Azure Security Center metrics and Structured Threat Information Expresttion (STIX) data.

 

Correlation Integrations

Splunk

The ExtraHop add-on for Splunk uses the ExtraHop REST APO to provide security and performance events to Splunk that would otherwise be difficult to log. The app for Splunk gives context to data provided by the add-on. Additional information includes: IP addresses, MAC addresses, hostnames, and three pre-configured dashboards (for DNS, Storage, and HTTP).

 

IBM QRadar

ExtraHop Reveal(x) integrates with QRadar SIEM immediately, no agents.

Use ExtraHop to give QRadar data not available from log sources for additional compliance reporting. Additionally, use ExtraHop to capture data from unreported public SaaS or on-prem application and forward to QRadar for analysis.

 

ArcSight

ExtraHop can integrate seamlessly with ArcSight’s platform to forward full-fidelity security events.

 

LogRhythm

ExtraHop enables you to fully analyze every packet in your environment in real time and forward precisely what you want to LogRhythm.

 

Response Integrations

Fully Automated

CrowdStrike

Using ExtraHop Reveal(x), CrowdStrike Falcon Insight, and the bundle, users have NDR and EDR technology seamlessly integrated. Benefits include:

  • Discovering and identifying all devices communicating on the network, even those not instrumented with the CrowdStrike Falcon Insight agent.
  • Detecting threats on the network, including ransomware, strange VPN and VDI access patterns, data exfiltration and credential abuse
  • Automatically quarantining devices impacted by network or endpoint attack behaviors

Palo Alto Networks

ExtraHop detects suspicious activity and then extracts relevant information to add it to an address group in Palo Alto Networks firewall or in Panorama. Palo Alto Network’s firewall policies will automatically block traffic to and from a compromised device.

 

Check Point Software Technologies Ltd.

Integrate Check Point Identity Awareness and Reveal(x) on AWS for automated response capabilities. By natively integrating with Check Point Identity Awareness gateways, Amazon SNS, and AWS Lambda, Reveal(x) for AWS eliminates the need to use direct API calls to target individual firewalls.

 

Cisco

Cisco Identity Services Engine, Cisco Tetration, and ExtraHop integrate to detect and response to threats in real-time. ExtraHop also works with Cisco UCS and UCS-E to provide continuous, real-time application analytics.

 

Augmented Workflow

Phantom

Reveal(x) adds analytics to Phantom’s intelligent orchestration platform. Send event details to Phantom and trigger playbooks to automate the response process.

 

ServiceNow

ExtraHop passively discovers everything communicating with an organization’s network and streams the information into the ServiceNow Configuration Management Database (CMDB) with no manual configuration required.

 

Slack

Add ExtraHop performance and security anomalies to your Slack channel to streamline your information flow.

 

The Datashield Advantage

Datashield has helped our clients implement ExtraHop using our proprietary orchestration tool, SHIELDVision. Our security engineers can architect and deploy Reveal(x) in multiple cloud and hybrid environments.

Our experts are able to fine tune reports and provide security reporting in a single pane of glass, 24x7x365. Learn more about our cloud-native managed detection and response (MDR) service here.

If your organization is considering Reveal(x), contact us for a no-cost consultation to see if Datashield is right for you.

We have experience migrating, building from scratch and hybridizing cloud security as well as serving as a complete outsourced SOC or co-managed environment.

Contact Us

Topics from this Article

SIEM, Cloud Security, Firewall, Cloud SIEM, NDR, Network Detection and Response, ExtraHop

Cassidy Trowbridge
Cassidy Trowbridge
Cassidy is a marketing specialist at Datashield. She manages Datashield's content and social marketing strategies.

Related Posts

How to Deploy ExtraHop Reveal(x) on Amazon Web Services (AWS)

As business operations expand and move to the cloud, so does security. ExtraHop’s Reveal(x) platform can be deployed on a variety of cloud infrastructures. It makes sense for ExtraHop, leader in Network Detection and Response, to partner with tech giant Amazon Web Services (AWS).

ExtraHop Reveal(x) Integrations

ExtraHop is an industry leader in network detection and response (NDR), providing complete network visibility, real-time threat detection, and intelligent response at scale through their products.

ExtraHop Reveal(x) Enterprise

ExtraHop Reveal(x) Enterprise is the large-scale solution for network detection and response (NDR), providing complete east-west visibility, real-time threat detection inside the perimeter, and intelligent response at scale. For a full feature breakdown of the Reveal(x) platform, visit our feature review here.