Start Demo

The Platform

Solutions

Customers

Partners

Blog

More

Start the Democaret-right

Contact Uscaret-right
caret-left Back

ExtraHop
Reveal(x) 360

Cloud-native visibility, detection, and response
for the hybrid enterprise.

Learn More

How It Works

Competitive Comparison

ExtraHop Integrations and Automations

Cybersecurity Services

What is Network Detection and Response (NDR)?

Cloud-Native Security Solutions

Reveal(x) Enterprise: Self-Managed NDR
caret-left Back

Solutions

Learn More

Security

Cloud

IT Ops

Use Cases

Explore By Industry Vertical
caret-left Back

Customers

Customer resources, training,
case studies, and more.

Learn More

Customer Portal Login

Cybersecurity Services

Training

ExtraHop Support
caret-left Back

Partners

Partner resources and information about our channel and technology partners.

Learn More

Channel Partners

ExtraHop Integrations and Automations

Partners
caret-left Back

Blog

Learn More
caret-left Back

About Us

News & Events

Careers

Resources

caret-left Back

About Us

See what sets ExtraHop apart, from our innovative approach to our corporate culture.

Learn More

The ExtraHop Advantage

What Is Cloud-Native?

Contact Us

caret-left Back

News & Events

Get the latest news and information.

Learn More

Take the Hunter Challenge

Upcoming Webinars and Events

caret-left Back

Careers

We believe in what we're doing. Are you ready to join us?

Learn More

Careers at ExtraHop

Search Openings

Connect on LinkedIn

caret-left Back

Resources

Find white papers, reports, datasheets, and more by exploring our full resource archive.

All Resources

Customer Stories

Remote Access Resource Hub

Network Attack Library

Protocol Library

Documentation

Firmware

Training Videos

Back Arrow Bundle Library

Reveal(x) Extras

Supported Bundle

Description

The Reveal(x) Extras bundle provides quick insight into common security concerns in your network. The bundle includes a dashboard that summarizes information about the cryptographic strength of secure connections, Kerberos and LDAP authentication errors, threat intelligence indicators in north-south traffic, and traffic detected over deprecated network protocols. The bundle also provides detail metrics, records, and alerts.

Requirements

Reveal(x) Summer 2018 or later

Installation Instructions

  1. Download the bundle on this page.
  2. Log into the ExtraHop Web UI and complete the following procedures:
    • Upload and Apply a Bundle
    • Enable each of the Reveal(x) Extras alerts, which begin with "RXE". Click Alerts from the System Settings icon and then click on the alert name. Clear the Disable Alert checkbox. Optionally, you can configure notification settings and alert thresholds to fit your environment.
      • Enable each of the Reveal(x) Extras triggers, which begin with "RXE". Click Triggers from the System Settings icon and select the checkboxes next to the trigger. Then, click Enable from the toolbar.
  3. Configure the RXE: Authentication trigger script by modifying the following settings:
    • Set the failedLoginDisableInterval variable to match your Reset account lockout counter after policy setting in Active Directory.
    • Set the accountLockoutDuration variable to match your Account lockout duration policy setting in Active Directory.
    • Add the names of any privileged accounts in your environment to the priv_names array.
    • Optionally, set the commit_exa_record variable to true to send Kerberos Request (RXE) and Kerberos Response (RXE) records to an ExtraHop Explore appliance. If you are unfamiliar with triggers, learn how to build a trigger.
  4. Configure the RXE: North-South Monitoring trigger script by modifying the following settings:
    • To receive alerts when traffic is detected from specific countries, add those countries to the 'countryAlerts' array. Country names must match GeoLite2 naming conventions. For example, the following array contains Canada and North Korea: const countryAlerts = ['Canada', 'North Korea'];
    • To send North-South Monitor (RXE) records to an ExtraHop Explore appliance, set the 'commit_exa_record' variable to 'true'.
  5. Configure the RXE: TLS Auditing trigger script by modifying the following settings:
    • Set the notifyAt variable to the number of days that you would like to be notified before a certificate expires. Certificates that expire in less than the specified number of days are classified as expiring certificates.
    • Add the subject names of any certificates that you want to exclude from metrics to the whitelist array.

+

ExtraHop uses cookies to improve your online experience. By using this website, you consent to the use of cookies. Learn More