Extrahop

extrahop is a network detection and response platform that provides real time visibility and analytics for enhanced security operations extrahop provides advanced network detection and response capabilities, enabling organizations to monitor and secure their network environments effectively the extrahop connector for swimlane turbine allows users to automate the extraction of device lists, retrieval of alerts, and querying of records from extrahop, enhancing visibility and response times by integrating extrahop with swimlane turbine, users can streamline their security operations, improve threat detection, and automate responses to network anomalies, all within a low code environment prerequisites before you can use the extrahop connector for turbine, you'll need access to the extrahop api this requires the following an api key authentication using the following parameters url the endpoint url for accessing the extrahop api api key a valid api key for authenticating requests to the extrahop platform capabilities this connector provides the following capabilities extract device list get alerts query records search for device notes extrhop documentation https //docs extrahop com/current/rest api guide/ additional documentation extrahop connector documentation https //docs swimlane com/connectors/extrahopextrahop api documentation https //docs extrahop com/current/rest api guide/ configurations extrahop api key authentication authenticates using an extrahop api key configuration parameters parameter description type required url a url to the target host ie https //seattle eda/ https //seattle eda/ string required x apikey api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions extract device list extract the list of devices discovered by the extrahop sensor or console endpoint url /api/v1/devices method get input argument name type required description parameters limit number optional parameters for the extract device list action parameters offset number optional parameters for the extract device list action parameters search type string optional parameters for the extract device list action input example {"parameters" {"limit" 10,"offset" 0,"search type" "any"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get alerts retrieve all alerts from extrahop for monitoring and analysis endpoint url /api/v1/alerts method get output parameter type description status code number http status code of the response reason string response reason phrase apply all boolean output field apply all author string output field author categories array output field categories cc array output field cc cc file name string name of the resource cc file string output field cc file description string output field description disabled boolean output field disabled field name string name of the resource field name2 string name of the resource field op string output field field op id number unique identifier interval length number output field interval length mod time number time value name string name of the resource notify snmp boolean output field notify snmp object type string type of the resource operand string output field operand operator string output field operator param object output field param param2 object output field param2 protocols array output field protocols refire interval number output field refire interval output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"apply all"\ true,"author" "string","categories" \["string"],"cc" \[],"description" "string","disabled"\ true,"field name" "string","field name2" "string","field op" "string","id" 0,"interval length" 0,"mod time" 0,"name" "string","notify snmp"\ true,"object type" "string"}} query records query records stored on an extrahop recordstore using the provided data body endpoint url /api/v1/records/search method post input argument name type required description data body object required response data data body context ttl number optional response data data body from string optional response data data body filter object optional response data data body filter field string optional response data data body filter operator string optional response data data body filter operand object optional response data data body filter operand type string optional response data data body filter operand value string optional response data input example {"data body" {"context ttl" 10,"from" " 30m","filter" {"field" "ex issuspicious","operator" "=","operand" {"type" "boolean","value" "true"}}}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} search for device search through all discovered devices on your extrahop sensor or console by specifying your criteria endpoint url /api/v1/devices/search method post input argument name type required description data body object required response data data body filter object optional response data data body filter field string optional response data data body filter operand string optional response data data body filter operator string optional response data input example {"data body" {"filter" {"field" "ipaddr","operand" "10 10 10 200","operator" "="}}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt