Start Demo

Products

Solutions

Customers

Resources

Company

Blog

Start the Democaret-right

Contact Uscaret-right
caret-left Back

Products

Security

Cloud

Performance

The ExtraHop Differencecaret-right

Machine Learningcaret-right

Competitive Comparisoncaret-right

Professional Servicescaret-right

Integration and Automationcaret-right
caret-left Back

Solutions

Security Operations

Cloud-Native Security

Application Analytics

Network Performance

caret-left Back

Customers

Community

Partners

Support

Training

caret-left Back

Resources

Customer Stories

Resources

Integrations

Partner Programcaret-right

Protocol Librarycaret-right

Documentationcaret-right

Firmwarecaret-right

Training Videoscaret-right
caret-left Back

Company

About Us

Careers

Newsroom

Eventscaret-right

Leadershipcaret-right

Boardcaret-right

Investorscaret-right

Partnerscaret-right
caret-left Back

Security Operations

Secure your hybrid attack surface with complete visibility, real-time detection, and intelligent response.

Learn More

Threat Detection and Response

Secure Decryption

Enterprise IoT Security

Hygiene and Compliance
caret-left Back

Cloud-Native Security

Manage risk and drive growth in AWS with an agile, cloud-native approach to cybersecurity.

Learn More

Security for AWS

Security for Azure

Security for Google Cloud Platform

Cloud Migration
caret-left Back

Application Analytics

Ensure the availability and performance of your enterprise from the cloud, to the data center, to the customer.

Learn More

Commercial Application Visibility

Customer Experience Monitoring

Application Upgrade & Cloud Migration
caret-left Back

Network Performance

Take control of SDN, the cloud, and more with complete visibility, real-time detection, and intelligent response.

Learn More

NOC/SOC Integration

Remote Site Visibility

Triage & Troubleshooting

SDN & Virtualization
caret-left Back

Community

Learn about the innovative ways our customers are succeeding with ExtraHop, plus the latest news from R&D.

Learn More

Customer Stories

Solution Bundles Gallery

Community Forums

Customer Portal
caret-left Back

Partners

Explore the Panorama Partner Program, meet our channel partners, or search for a technology partner.

Learn More

Partner Portal

Channel Partners

Technology Partners
caret-left Back

Support

Compare support packages, check out our Professional Services offerings, or log into the Customer Portal.

Learn More

Support Overview

Professional Services

Documentation

Policies
caret-left Back

Training

Watch free training videos and courses, or schedule a visit from an ExtraHop expert for specialized training.

Learn More

Training Overview

Training Sessions

Back Arrow Bundle Library

Reveal(x) Extras

Supported Bundle

Description

The Reveal(x) Extras bundle provides quick insight into common security concerns in your network. The bundle includes a dashboard that summarizes information about the cryptographic strength of secure connections, Kerberos and LDAP authentication errors, threat intelligence indicators in north-south traffic, and traffic detected over deprecated network protocols. The bundle also provides detail metrics, records, and alerts.

Requirements

Reveal(x) Summer 2018 or later

Installation Instructions

  1. Download the bundle on this page.
  2. Log into the ExtraHop Web UI and complete the following procedures:
    • Upload and Apply a Bundle
    • Enable each of the Reveal(x) Extras alerts, which begin with "RXE". Click Alerts from the System Settings icon and then click on the alert name. Clear the Disable Alert checkbox. Optionally, you can configure notification settings and alert thresholds to fit your environment.
      • Enable each of the Reveal(x) Extras triggers, which begin with "RXE". Click Triggers from the System Settings icon and select the checkboxes next to the trigger. Then, click Enable from the toolbar.
  3. Configure the RXE: Authentication trigger script by modifying the following settings:
    • Set the failedLoginDisableInterval variable to match your Reset account lockout counter after policy setting in Active Directory.
    • Set the accountLockoutDuration variable to match your Account lockout duration policy setting in Active Directory.
    • Add the names of any privileged accounts in your environment to the priv_names array.
    • Optionally, set the commit_exa_record variable to true to send Kerberos Request (RXE) and Kerberos Response (RXE) records to an ExtraHop Explore appliance. If you are unfamiliar with triggers, learn how to build a trigger.
  4. Configure the RXE: North-South Monitoring trigger script by modifying the following settings:
    • To receive alerts when traffic is detected from specific countries, add those countries to the 'countryAlerts' array. Country names must match GeoLite2 naming conventions. For example, the following array contains Canada and North Korea: const countryAlerts = ['Canada', 'North Korea'];
    • To send North-South Monitor (RXE) records to an ExtraHop Explore appliance, set the 'commit_exa_record' variable to 'true'.
  5. Configure the RXE: TLS Auditing trigger script by modifying the following settings:
    • Set the notifyAt variable to the number of days that you would like to be notified before a certificate expires. Certificates that expire in less than the specified number of days are classified as expiring certificates.
    • Add the subject names of any certificates that you want to exclude from metrics to the whitelist array.

Community discussion about this bundle

+

ExtraHop uses cookies to improve your online experience. By using this website, you consent to the use of cookies. Learn More