Start Demo

The Platform

For Security

For Cloud

For IT Ops

More

Start the Democaret-right

Contact Uscaret-right
caret-left Back

ExtraHop Reveal(x)

Cloud-native visibility, detection, and
response for the hybrid enterprise.

Reveal(x) 360

SaaS-based network detection
and response.

Learn More

How It Workscaret-right

Reveal(x) Enterprise

Self-managed network detection
and response.

Learn More

How It Workscaret-right
caret-left Back

For Security

Protect and scale your business with complete visibility, real-time threat detections, and intelligent response.

Learn More

Threat Detection and Response

Secure Decryption

Enterprise IoT Security

Secure Remote Access & Availability

Hygiene and Compliance

SecOps and NetOps Integration
caret-left Back

For Cloud

Secure rapid cloud adoption and maintain control of applications, workloads, and data in cloud or multi-cloud environments.

Learn More

Security for AWS

Security for Azure

Security for Google Cloud

Hybrid Security

Secure Remote Access & Availability

Shared Responsibility Assurance
caret-left Back

For IT Ops

Boost NOC/SOC collaboration and ensure availability and performance across your hybrid enterprise.

Learn More

Secure Remote Access & Availability

SecOps and NetOps Integration

Triage and Troubleshooting

Customer Experience Monitoring

Commercial Application Visibility

Monitoring Virtualization and SDN
caret-left Back

Customers

Partners

Resources

About Us

Blogcaret-right
caret-left Back

Customers

Customer resources, training,
case studies, and more.

Visit Customer Portal

Support

Professional Services

Training

Solution Bundles Gallery

Community Forums

caret-left Back

Partners

Partner resources and information about our channel and technology partners.

Visit Partner Portal

Channel Partner Program

Find a Technology Partner

Become a Partner

caret-left Back

Resources

Find white papers, reports, datasheets, and more by exploring our full resource archive.

All Resources

Customer Stories

Network Attack Library

Protocol Library

Documentation

Firmware

Training Videos

caret-left Back

About Us

See what sets ExtraHop apart, from our innovative approach to our corporate culture.

Learn More

The ExtraHop Difference

What Is Cloud-Native?

Careers

Newsroom

Upcoming Webinars and Events

Back Arrow Bundle Library

Azure Integration

Supported Bundle

Description

The ExtraHop supported Azure integration delivers unparalleled visibility into real-time IT operations that help you make the most of Microsoft Azure and gain control over your cloud and hybrid IT environments. While ExtraHop delivers insights from all data in flight observed on your network, by integrating with Azure Monitor and Activity Logs, you get a centralized view of all IT assets in a way that's never been possible before.

This integration includes visibility over your entire Azure subscription for Virtual Machines, Storage Accounts, SQL Server Databases, Load Balancers, and Activity Logs. From resource utilization to performance, access changes to Azure Security Center events, we surface the information that matters.

Azure Storage Dashboard

Azure Virtual Machines Dashboard

Azure Databases Dashboard

Bundle Contents

  • (5) Dashboards
    • Azure: Activity Log
    • Azure: Databases
    • Azure: Load Balancers
    • Azure: Storage
    • Azure: Virtual Machines
  • (1) Record Formats
    • Azure Activity Log
  • (5) Triggers
    • Azure: Activity Log
    • Azure: Databases
    • Azure: Load Balancers
    • Azure: Storage Accounts
    • Azure: Virtual Machines

Requirements

ExtraHop version 7.4 or later

Installation Instructions

Here is an overview of the steps you must complete to integrate Azure with ExtraHop:

  1. Deploy an ExtraHop EDA and EXA in Azure
  2. Create an Azure Virtual Machines Device Group on the EDA

  3. Install the ExtraHop Azure Integration bundle on the EDA

  4. Enable Open Data Context on the EDA

  5. Deploy the Azure Integration

    a. Set up the VNET Integration

    b. Grant read permission to the App Service

    c. Tag the Azure resources that you want to monitor

    d. Send wire data from all tagged Azure Virtual Machines

  6. Add Azure Virtual Machines to the device group on the EDA

1. Deploy an ExtraHop EDA and EXA in Azure

If you don't already have an EDA and EXA deployed in Azure, you must complete the following steps:

  1. Log into Azure and complete the instructions in the following topic: Deploy the ExtraHop Discover Appliance in Azure.

  2. Log into Azure and complete the instructions in the following topic: Deploy the ExtraHop Explore Appliance in Azure.

2. Create an Azure Virtual Machines Device Group on the EDA

  1. Create a static device group named Azure Virtual Machines.

3. Install the ExtraHop Azure Integration bundle on the EDA

  1. Download the bundle on this page.

  2. Log into the ExtraHop Web UI on your EDA and complete the instructions in the following topic: Upload and Apply the Bundle. Be sure to enable each of the Azure triggers.

4. Enable Open Data Context on the EDA

  1. Log into the ExtraHop Admin UI on your EDA and complete the instructions in the following topic: Enable Open Data Context.

    Note: For this integration, you only need to enable default TCP port 11211.

5. Deploy the Azure Integration

  1. Click the Deploy to Azure button to begin the Azure Integration deployment.

  2. Sign into your Azure account.

  3. In the Basics section, complete the following steps:

    a. In the Subscription field, select the subscription where the EDA is deployed.

    b. In the Resource group field, select Use existing and then select the resource group where the EDA is deployed.

    c. In the Location field, select a desired region.

  4. In the Settings section, fill out each of the required fields. Hover over the ( i ) on each field to see an explanation about the field.

  5. Accept the terms and conditions.

  6. Click Purchase.

The deployment will take approximately 30 minutes. After the deployment is complete, continue onto the next step.

Setup the VNET Integration

Before the deployed Function App can communicate with the EDA, you must configure a Point-to-Site VPN, which Azure refers to as a VNET integration.

  1. Navigate to Function Apps.

  2. Select the Function App Name that was specified in the deployment.

  3. Click Platform features.

  4. Click Networking.

    Click Networking

  5. In the VNET Integration section, click Setup.

  6. Select the Virtual Network that was specified in the deployment.

    Adding VNet to Web App

    If the operation fails due to a timeout (such as in the figure below), you must sync the network through the following steps before proceeding to the next section:

    Failed to add VNet

    a. In the Function App Platform features section, click App Service plan.

    Click App Service Plan

    b. In the App Service plan Settings section, click Networking.

    c. In the VNET Integration section, click Click here to manage.

    d. Select the Virtual Network that was specified in the deployment.

    e. Click Sync Network.

    Click Sync Network

    Wait until all of the sync operations are complete and then verify that they were successful.

    If any of the sync operations were unsuccessful, wait a few minutes and click Sync Network again. Repeat this process until all of the sync operations complete successfully.

Grant read permission to the App Service

Before the deployed Function App can access metrics from all of the resources in the subscription, you must add a reader permission on the subscription level.

  1. Navigate to Subscriptions.

  2. Select the subscription specified in the deployment.

  3. Click Access Control (IAM).

  4. Click + Add.

  5. Configure the permission with the following configuration steps:

    a. In the Role field, select Reader.

    b. In the Assign access to field, select Function App.

    c. In the subscription field, ensure that the subscription specified in the deployment is selected.

    d. Select the Function App Name that was specified in the deployment.

Grant Permission

Tag the Azure resources that you want to monitor

You must go through each of the following Azure services supported by this integration and bulk assign a tag to the specific resources that you are interested in having Azure monitor metrics.

  • Virtual machines
  • Storage accounts
  • Load balancers
  • SQL databases

You must complete the following steps for each Azure Service above.

  1. Navigate to the service within Azure.

  2. Select all of the resources that you would like to monitor.

  3. Click Assign tags.

  4. In the Name field, type extrahop-azure-integration.

  5. In the Value field, type true.

  6. Click Assign

Tag Resources

Note: If you would like to add all resources within a particular resource group, complete the following steps:

  1. Navigate to the Resource Group.

  2. Check Select All.

  3. Click Assign Tags.

  4. Enter the tag information from above.

Send wire data from all tagged Azure Virtual Machines

Before the Azure Integration can properly correlate virtual machine metrics with the associated devices within the EDA, you must be receiving wire data from those virtual machines.

You can either complete the steps in the Packet Forwarding with RPCAP guide or use Azure virtual network TAP by completing the steps in the Work with a virtual network TAP using the Azure CLI guide.

6. Add Azure Virtual Machines to the device group on the EDA

The source for the Virtual Machines dashboard on the EDA depends on a device group that contains all of the tagged Azure Virtual Machine devices that are sending wire data.

  1. Add devices to the Azure Virtual Machines group for each of the tagged Azure Virtual Machines that are sending wire data to the EDA.

Note: The time it takes for the EDA to discover the L3 devices for each of the Azure Virtual Machines can vary depending on how active the devices are and how much traffic is generated.

+

ExtraHop uses cookies to improve your online experience. By using this website, you consent to the use of cookies. Learn More