Page tree
Skip to end of metadata
Go to start of metadata

You can configure the ExtraHop integration to post data to Moogsoft AIOps when an alert occurs in ExtraHop.

Refer to the REST LAM Reference to see the integration's default properties. When you use the integrations UI, you can only configure the visible properties.

If you want to implement a more complex ExtraHop LAM with custom settings, see Configure the ExtraHop LAM.

See the ExtraHop documentation for details on ExtraHop components.

Before You Begin

The ExtraHop integration has been validated with ExtraHop 7.4. Before you start to set up your ExtraHop integration, ensure you have met the following requirements:

  • You have an active ExtraHop account.
  • You have the necessary permissions to access system configuration and add data stream targets in ExtraHop.
  • ExtraHop can make requests to external endpoints over port 443. 

Configure the ExtraHop Integration

Configure the ExtraHop integration in Moogsoft AIOps as follows:

  1. Navigate to the Integrations tab.
  2. Click ExtraHop in the Monitoring section.
  3. Provide the connection details to create the integration.

Configure ExtraHop

Log in to ExtraHop to configure a data stream target and trigger to send alert data to your system. For more help, see the ExtraHop docs.

  1. Create a new data stream target connection in ExtraHop with the following details:

    FieldValue
    NameMoogsoft AIOps
    Host

    <your ExtraHop integration URL>

    Copy the URL and paste into ExtraHop without https://, for example:
    https://examplehost.com becomes examplehost.com.

    Port443
    TypeHTTPS
    AuthenticationBasic
    Username

    <Username that Moogsoft AIOps generates in the UI>

    Password

    <Password that Moogsoft AIOps generates in the UI>

  2. Test the target configuration with the following details:

    FieldValue
    MethodGET
    Options

    {
    "path": "/",
    "payload": "",
    "headers": {}
    }

  3. Ensure new configuration has been saved and is running.

  4. Create an ExtraHop trigger with the following details:

    FieldValue
    NameMoogsoft AIOps
    EventsALERT_RECORD_COMMIT
  5. Add the following trigger script. The value of REST_DEST must match the name of your data stream target.

    // The name of the HTTP destination defined in the ODS config
    var REST_DEST = "Moogsoft AIOps";
    
    var headers = { "Content-Type": "application/json" };
    
    var msg = {
        "time": AlertRecord.time/1000,
        "description": AlertRecord.description,
        "id": AlertRecord.id,
        "name": AlertRecord.name,
        "severityLevel": AlertRecord.severityLevel,
        "object": AlertRecord.object
    };
    
    //debug(JSON.stringify(msg));
    Remote.HTTP(REST_DEST).post( {path: "/", headers: headers, payload:
    JSON.stringify(msg) } );

Once you complete the configuration, ExtraHop sends new alerts to Moogsoft AIOps.

  • No labels