ExtraHop 8.8
ExtraHop Trace Admin UI Guide
Page 1: ...ExtraHop 8 8 ExtraHop Trace Admin UI Guide...
Page 2: ...oduced translated or reduced to any machine readable form without prior written approval from ExtraHop Networks Inc For more documentation see https docs extrahop com Published 2022 03 22 ExtraHop Net...
Page 3: ...15 Bond interfaces 16 Create a bond interface 16 Modify bond interface settings 16 Destroy a bond interface 17 Notifications 17 Configure email settings for notifications 17 Add a new notification em...
Page 4: ...ific ICMPv6 Echo Reply messages 42 Services 43 Configure the SNMP service 43 Firmware 44 Upgrade the firmware on your ExtraHop system 44 Pre upgrade checklist 44 Upgrade the firmware on Command and Di...
Page 5: ...ted and then reconnected to the same Trace appliance 56 For extended storage units configured on a device other than the Trace appliance 56 Reset Packetstore 56 Trace Cluster Settings 57 Manager 57 Pa...
Page 6: ...gs After you have deployed your Trace appliance see the Trace Post deployment Checklist We value your feedback Please let us know how we can improve this document Send your comments or suggestions to...
Page 7: ...ace appliance The metrics on this page can help you troubleshoot problems and determine why the ExtraHop appliance is not performing as expected System Reports the following information about the syst...
Page 8: ...is turned off Name Displays the Trace appliance settings that are stored on disk Options Displays the read write options for the settings stored on disk Size Displays the size in gigabytes for the ide...
Page 9: ...expk file is encrypted and the contents are only viewable by ExtraHop Support However you can download the diag results complete manifest file to view a list of the files collected Run a custom suppor...
Page 10: ...tions for your ExtraHop system In Reveal x Enterprise you can enable security only or security and performance detections In addition you can allow the ExtraHop Machine Learning Service to access pre...
Page 11: ...to your sensor license 35 161 154 247 Portland U S A 54 66 242 25 Sydney Australia 52 59 110 168 Frankfurt Germany Open access to Cloud Recordstore For access to the ExtraHop Cloud Recordstore your se...
Page 12: ...e Connectivity The Connectivity page contains controls for your appliance connections and network settings Interface Status On physical appliances a diagram of interface connections appears which upda...
Page 13: ...e interfaces ping replies might not get back to the sender High Performance ERSPAN VXLAN Target Captures traffic forwarded from ERSPAN or VXLAN This interface mode enables the port to handle more than...
Page 14: ...s we recommend that you contact ExtraHop Support for assistance to avoid reduced throughput Note EDA 4200 EDA 6200 EDA 8200 EDA 9200 and EDA 10200 appliances are not susceptible to reduced throughput...
Page 15: ...DNS Search List DNSSL information according to router advertisements select RDNSS DNSSL 6 Click Save Global proxy server If your network topology requires a proxy server to enable your ExtraHop syste...
Page 16: ...rs The bond interface must be destroyed and recreated Create a bond interface Modify a bond interface Destroy a bond interface Create a bond interface You can create a bond interface with at least one...
Page 17: ...lected to retain the interface settings for the bond interface and all other member interfaces are disabled If no member interface is selected to retain the settings the settings are lost and all memb...
Page 18: ...hen sending scheduled reports from a Command appliance or Reveal x 360 10 Select the Enable SMTP authentication checkbox and then type the SMTP server setup credentials in the Username and Password fi...
Page 19: ...red network reports SNMP information is defined by third party management information bases MIBs that describe the structure of the collected data 1 Log in to the Administration settings on the ExtraH...
Page 20: ...ote The pem file must not be password protected Note You can also automate this task through the REST API 1 In the Network Settings section click SSL Certificate 2 Click Manage certificates to expand...
Page 21: ...ngton Country Code The two letter ISO code for the country where your organization is located US 6 Click Export The CSR file is automatically downloaded to your computer Next steps Send the CSR file t...
Page 22: ...certificates you must also enable SSL TLS or STARTTLS encryption and certificate validation when configuring the settings for the external server 1 Log in to the Administration settings on the ExtraHo...
Page 23: ...ministration settings After the setup user password is changed the button at the top of the page no longer appears Note The password must be a minimum of 5 characters 1 In the Administration settings...
Page 24: ...ck Users 3 Click Add User 4 In the Personal Information section type the following information Login ID The username that users will log in to their ExtraHop appliances with which cannot contain any s...
Page 25: ...machine Next steps Add a local user account Remote Authentication The ExtraHop system supports remote authentication for user access Remote authentication enables organizations that have authenticatio...
Page 26: ...To view the members in the group click the group name Type Displays Local or Remote as the type of user group Members Displays the number of users in the group Shared Content Displays the number of u...
Page 27: ...ly System Administration Reveal x 360 only Cloud Setup Reveal x 360 only Full Write Limited Write Personal Write Full Read Only Restricted Read Only Activity Maps Create view and load shared activity...
Page 28: ...ers can access detections The privilege level of the user determines the level of access to detections View detections Y Y Y Y Y Y Y Y N Acknowledge Detections Y Y Y Y Y Y Y N N Modify detection statu...
Page 29: ...N Metrics View metrics Y Y Y Y Y Y Y Y N Records Explore appliance View record queries Y Y Y Y Y Y Y Y N View record formats Y Y Y Y Y Y Y Y N Create modify and save record queries Y Y Y Y Y N N N N...
Page 30: ...s Y Y N Y N N N N N Privilege options The following privilege options can be assigned to users with limited Web UI and API privileges Packet and Session Key Access View and download packets View and d...
Page 31: ...an configure your ExtraHop system to authenticate users remotely with an existing LDAP server Note that ExtraHop LDAP authentication only queries for user accounts it does not query for any other enti...
Page 32: ...e LDAPS This option specifies LDAP wrapped inside SSL StartTLS This option specifies TLS LDAP SSL is negotiated before any passwords are sent g Select Validate SSL Certificates to enable certificate v...
Page 33: ...atus message appears near the bottom of the page If the test fails click Show details to see a list of errors You must resolve any errors before you continue 8 Click Save and Continue Next steps Confi...
Page 34: ...users to view detections This setting is visible only when the global privilege policy for detections access control is set to Only specified users can view detections No access Full access 4 Click Sa...
Page 35: ...m Plus TACACS for remote authentication and authorization Ensure that each user to be remotely authorized has the ExtraHop service configured on the TACACS server before beginning this procedure 1 Log...
Page 36: ...rs to view detections This setting is visible only when the global privilege policy for detections access control is set to Only specified users can view detections No access Full access 11 Click Save...
Page 37: ...e required to perform operations through the ExtraHop REST API Manage API key access Users with unlimited privileges can configure whether users can generate API keys for the ExtraHop system You can a...
Page 38: ...You can paste the key into the REST API Explorer or append the key to a request header Privilege levels User privilege levels determine which ExtraHop system and administration tasks the user can perf...
Page 39: ...d but you cannot perform any other administration tasks through the REST API Perform all GET operations through the REST API Delete dashboards and activity maps that you own Perform metric and record...
Page 40: ...write personal write null metrics full metrics restricted detections full View detections in the ExtraHop system This is an add on privilege that can be granted to a user with one of the following pri...
Page 41: ...appliance Reset Packetstore Delete all packets stored on the ExtraHop Trace appliance The Reset Packetstore page appears only on the Trace appliance Running Config The running configuration file speci...
Page 42: ...oaded as a text file to your default download location Disable ICMPv6 Destination Unreachable messages You can prevent the ExtraHop system from generating ICMPv6 Destination Unreachable messages You m...
Page 43: ...led checkbox appears Configure the SNMP service and download the ExtraHop MIB file Enable or disable SSH Access SSH access is enabled by default to enable users to securely log in to the ExtraHop comm...
Page 44: ...cted to ExtraHop Cloud Services when a new firmware version is available Verify that your Reveal x 360 system has been upgraded to version 8 7 before upgrading your self managed sensors If you have mu...
Page 45: ...ected Appliances page Connect to the appliance through the iDRAC interface Upgrade the firmware on Command and Discover appliances 1 Log in to the Administration settings on the ExtraHop system throug...
Page 46: ...Hop system initiates the firmware upgrade You can monitor the progress of the upgrade with the Updating progress bar The appliance restarts after the firmware is installed 7 If you did not choose to a...
Page 47: ...ch configured NTP server in the NTP Status table remote The host name or IP address of the remote NTP server you have configured to synchronize with st The stratum level 0 through 16 t The type of con...
Page 48: ...DN for the time servers in the Time Server fields You can have up to nine time servers Tip After adding the fifth time server click Add Server to display up to four additional timer server fields 8 Cl...
Page 49: ...is the string of characters that follow i but not i itself For a virtual appliance in GCP type the instance ID For all other virtual appliances type default 5 Click Log In 6 In the Appliance Settings...
Page 50: ...availability of your new license as shown in the following figure 3 Click Apply new license The capture process restarts which might take a few minutes Note If your license is not automatically update...
Page 51: ...ypt the packetstore disk For more information see the Encrypt the packetstore disk section Direct Connected Disks Displays information about the SD memory cards The memory cards have the following rol...
Page 52: ...encryption key Option Description If you entered an encryption passphrase Type a passphrase into the Passphrase field If you selected an encryption key file Click Choose File and then browse to an enc...
Page 53: ...nstall the extended storage unit in your data center with the included rack mounting kit The mounting kit supports most four post racks with either round or square holes 2 Connect the power cables to...
Page 54: ...the blue pull tab oriented on the top of the connector Attach the SAS cable to the HBA on the Trace appliance with the blue pull tab oriented on the bottom of the connector To remove the SAS cable pu...
Page 55: ...d green indicating they are healthy If any disk is unhealthy yellow contact ExtraHop Support 8 Repeat steps 6 and 7 for any additional extended storage units 9 Optional If the packetstore is locked yo...
Page 56: ...or IP address admin 2 In the Appliance Settings section click Disks 3 Click Extended Storage Units 4 Click Import foreign packetstore disks and then click OK 5 In the RAID Info section click Unconfig...
Page 57: ...iance Click Remove Manager to remove the Command appliance as the manager Note The Trace appliance can be managed by only one Command appliance Connected Appliances Displays a table of all Discover an...
Page 58: ...direct connection from the Command appliance is not possible because of firewalls or other network restrictions Before you begin Note This procedure only enables you to perform management functions f...
