ExtraHop

this connector integrates with the extrahop rest api and enables you to automate administration and configuration tasks on your extrahop system you can send requests to the extrahop api through a representational state transfer (rest) interface, which is accessed through resource uris and standard http methods prerequisites your extrahop system must be configured to allow api key generation for the type of user you are (remote or local) you must generate a valid api key you must have a user account on the extrahop system with appropriate privileges set for the type of tasks you want to perform capabilities this connector provides the following capabilities extract device list get alerts query records search for device notes extrhop documentation https //docs extrahop com/current/rest api guide/ configurations extrahop api key authentication authenticates using an extrahop api key configuration parameters parameter description type required url a url to the target host ie https //seattle eda/ https //seattle eda/ string required x apikey api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions extract device list extract the list of devices discovered by the sensor or console endpoint url /api/v1/devices method get input argument name type required description parameters limit number optional parameters for the extract device list action parameters offset number optional parameters for the extract device list action parameters search type string optional parameters for the extract device list action input example {"parameters" {"limit" 10,"offset" 0,"search type" "any"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get alerts retrieve all alerts endpoint url /api/v1/alerts method get output parameter type description status code number http status code of the response reason string response reason phrase apply all boolean output field apply all author string output field author categories array output field categories cc array output field cc cc file name string name of the resource cc file string output field cc file description string output field description disabled boolean output field disabled field name string name of the resource field name2 string name of the resource field op string output field field op id number unique identifier interval length number output field interval length mod time number time value name string name of the resource notify snmp boolean output field notify snmp object type string type of the resource operand string output field operand operator string output field operator param object output field param param2 object output field param2 protocols array output field protocols refire interval number output field refire interval output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"apply all"\ true,"author" "string","categories" \["string"],"cc" \[],"description" "string","disabled"\ true,"field name" "string","field name2" "string","field op" "string","id" 0,"interval length" 0,"mod time" 0,"name" "string","notify snmp"\ true,"object type" "string"}} query records query for records stored on a recordstore endpoint url /api/v1/records/search method post input argument name type required description data body object required response data data body context ttl number optional response data data body from string optional response data data body filter object optional response data data body filter field string optional response data data body filter operator string optional response data data body filter operand object optional response data data body filter operand type string optional response data data body filter operand value string optional response data input example {"data body" {"context ttl" 10,"from" " 30m","filter" {"field" "ex issuspicious","operator" "=","operand" {"type" "boolean","value" "true"}}}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} search for device you can search through all discovered devices on your sensor or console by specifying your criteria endpoint url /api/v1/devices/search method post input argument name type required description data body object required response data data body filter object optional response data data body filter field string optional response data data body filter operand string optional response data data body filter operator string optional response data input example {"data body" {"filter" {"field" "ipaddr","operand" "10 10 10 200","operator" "="}}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt