- ExtraHop Detection SIEM Connector Bundle
-
Bundle Overview
-
Instructions and Download
ExtraHop Detection SIEM Connector Bundle
This connector bundle allows users to integrate ExtraHop with SIEMs to share detection data via syslog.
ExtraHop Detection SIEM Connector Bundle
Description
The ExtraHop Detection SIEM Connector supports ExtraHop integrations with security information and event management systems (SIEMs) by formatting and transmitting detection data over syslog. This bundle sends messages in LEEF 2.0 or CEF formats and can be accepted by any SIEM or system that accepts syslog input. Note that if you install this bundle on a Command appliance/the Cloud Control Plane, you must configure ODS Syslog targets for each connected sensor and modify the trigger included in the bundle.
This bundle is required for the following third-party applications:
- ExtraHop App for QRadar (LEEF)
- ExtraHop Data Connector for Azure Sentinel (CEF)
Requirements
You must have:
- An ExtraHop sensor or Command appliance/Cloud Control Plane on Reveal(x) version 7.8 or later with a user account that has Unlimited privileges
- Access to a SIEM system that accepts syslog input
Contents
- 2x Triggers
- ExtraHop Detection SIEM Connector - LEEF
- ExtraHop Detection SIEM Connector - CEF