ExtraHop Reveal(x) 360 Integration

Note: This integration requires Cisco XDR Advantage or Cisco XDR Premier licensing tier.

ExtraHop Reveal(x) Enterprise is a network detection and response (NDR) solution that provides east-west visibility, real-time threat detection inside the perimeter, and intelligent response. With SaaS-based ExtraHop Reveal(x) 360, you can unify across hybrid, multicloud, containerized and IoT environments with NDR.

Integrating with ExtraHop Reveal(x) Enterprise allows you to automatically search for devices, add or remove devices from a watchlist, and search for detections. This integration also creates an HTTP target automatically in Automation for out-of-box workflows.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Third-Party tab and navigate to the ExtraHop Reveal(x) 360 integration.

  3. Click the plus sign (+) in the lower-right corner of the card. The ExtraHop Reveal(x) 360 integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the ExtraHop Reveal(x) 360 integration in Cisco XDR.

You can perform the following tasks after you integrate ExtraHop Reveal(x) 360 with Cisco XDR:

  • Pivot Menu - Install the ExtraHop Reveal(x) 360 workflows from the Automation Exchange to use the Pivot menu to access actions in ExtraHop Reveal(x) 360. Available actions include removing a device from the ExtraHop watchlist.

  • Automation:

    • Atomic Actions - The atomic actions for ExtraHop Reveal(x) 360 can be used as building blocks in custom workflows. These can be found as available Actions in the left menu of the Workflow Editor. See Atomic Actions and Workflows.

    • Workflows - The workflows for ExtraHop Reveal(x) 360 can be installed from the Automation Exchange. See Workflows and Exchange.

    • Target - The ExtraHop Reveal(x) 360 target is automatically created for out-of-box and custom workflows. See Targets Created From Integrations.