Skip to main content

ExtraHop

You can configure the ExtraHop integration to post data to Moogsoft Onprem when an alert occurs in ExtraHop.

Refer to the LAM and Integration Reference to see the integration's default properties. When you use the integrations UI, you can only configure the visible properties.

If you want to implement a more complex ExtraHop LAM with custom settings, see Configure the ExtraHop LAM.

See the ExtraHop documentation for details on ExtraHop components.

Before You Begin

The ExtraHop integration has been validated with ExtraHop v7.4. Before you start to set up your ExtraHop integration, ensure you have met the following requirements:

  • You have an active ExtraHop account.

  • You have the necessary permissions to access system configuration and add data stream targets in ExtraHop.

  • ExtraHop can make requests to external endpoints over port 443.

Configure the ExtraHop Integration

To configure the ExtraHop integration:

  1. Navigate to the Integrations tab.

  2. Click ExtraHop in the Monitoring section.

  3. Provide a unique integration name. You can use the default name or customize the name according to your needs.

  4. Set a Basic Authentication username and password.

Configure ExtraHop

Log in to ExtraHop to configure a data stream target and trigger to send alert data to your system. For more help, see the ExtraHop documentation.

  1. Create a new data stream target connection in ExtraHop with the following details:

    Field

    Value

    Name

    Moogsoft Onprem

    Host

    <your ExtraHop integration URL>

    Copy the URL and paste into ExtraHop without https://, for example:

    https://examplehost.com becomes examplehost.com.

    Port

    443

    Type

    HTTPS

    Authentication

    Basic

    Username

    <Username that Moogsoft Onprem generates in the UI>

    Password

    <Password that Moogsoft Onprem generates in the UI>

  2. Test the target configuration with the following details:

    Field

    Value

    Method

    GET

    Options

    {
    "path": "/",
    "payload": "",
    "headers": {}
    }
  3. Ensure the new configuration has been saved and is running.

  4. Create an ExtraHop trigger with the following details:

    Field

    Value

    Name

    Moogsoft Onprem

    Events

    ALERT_RECORD_COMMIT

  5. Add the following trigger script. The value of REST_DEST must match the name of your data stream target.

    // The name of the HTTP destination defined in the ODS config
    var REST_DEST = "Moogsoft AIOps";
    
    var headers = { "Content-Type": "application/json" };
    
    var msg = {
        "time": AlertRecord.time/1000,
        "description": AlertRecord.description,
        "id": AlertRecord.id,
        "name": AlertRecord.name,
        "severityLevel": AlertRecord.severityLevel,
        "object": AlertRecord.object
    };
    
    //debug(JSON.stringify(msg));
    Remote.HTTP(REST_DEST).post( {path: "/", headers: headers, payload:
    JSON.stringify(msg) } );

Once you complete the configuration, ExtraHop sends new alerts to Moogsoft Onprem.