ExtraHop Detection SIEM Connector Bundle

ExtraHop Detection SIEM Connector Bundle

Description

The ExtraHop Detection SIEM Connector supports ExtraHop integrations with security information and event management systems (SIEMs) by formatting and transmitting detection data over syslog. This bundle sends messages in LEEF 2.0 or CEF formats and can be accepted by any SIEM or system that accepts syslog input. Note that if you install this bundle on a Command appliance/the Cloud Control Plane, you must configure ODS Syslog targets for each connected sensor and modify the trigger included in the bundle.

This bundle is required for the following third-party applications: 

• ExtraHop App for QRadar (LEEF)
• ExtraHop Data Connector for Azure Sentinel (CEF)

Requirements

You must have:

• An ExtraHop sensor or Command appliance/Cloud Control Plane on Reveal(x) version 7.8 or later with a user account that has Unlimited privileges
• Access to a SIEM system that accepts syslog input

Contents

•  2x Triggers
  • ExtraHop Detection SIEM Connector - LEEF
  • ExtraHop Detection SIEM Connector - CEF