ExtraHop Trace Admin UI Скачать руководство пользователя

Страница: 31 / 58

ExtraHop 8.8 ExtraHop Trace Admin UI Guide

Sessions

The ExtraHop system provides controls to view and delete user connections to the web interface. The

Sessions list is sorted by expiration date, which corresponds to the date the sessions were established. If a

session expires or is deleted, the user must log in again to access the web interface.

Remote Authentication

The ExtraHop system supports remote authentication for user access. Remote authentication enables

organizations that have authentication systems such as LDAP (OpenLDAP or Active Directory, for example)

to enable all or a subset of their users to log in to the system with their existing credentials.
Centralized authentication provides the following benefits:
•

User password synchronization.

•

Automatic creation of ExtraHop accounts for users without administrator intervention.

•

Management of ExtraHop privileges based on user groups.

•

Administrators can grant access to all known users or restrict access by applying LDAP filters.

Next steps

•

Configure remote authentication through LDAP

•

Configure remote authentication through SAML

•

Configure remote authentication through

•

Configure remote authentication through RADIUS

Configure remote authentication through LDAP

The ExtraHop system supports the Lightweight Directory Access Protocol (LDAP) for authentication

and authorization. Instead of storing user credentials locally, you can configure your ExtraHop system to

authenticate users remotely with an existing LDAP server. Note that ExtraHop LDAP authentication only

queries for user accounts; it does not query for any other entities that might be in the LDAP directory.

Before you begin

•

This procedure requires familiarity with configuring LDAP.

•

Ensure that each user is in a permission-specific group on the LDAP server before beginning this

procedure.

•

If you want to configure nested LDAP groups, you must modify the Running Configuration file. Contact

ExtraHop Support

for help.

When a user attempts to log onto an ExtraHop system, the ExtraHop system tries to authenticate the user

in the following ways:
•

Attempts to authenticate the user locally.

•

Attempts to authenticate the user through the LDAP server if the user does not exist locally and if the

ExtraHop system is configured for remote authentication with LDAP.

•

Logs the user onto the ExtraHop system if the user exists and the password is validated either locally

or through LDAP. The LDAP password is not stored locally on the ExtraHop system. Note that you

must enter the username and password in the format that your LDAP server is configured for. The

ExtraHop system only forwards the information to the LDAP server.

•

If the user does not exist or an incorrect password is entered, an error message appears on the login

page.

Important:

If you change LDAP authentication at a later time to a different remote authentication

method, the users, user groups, and associated customizations that were created

through remote authentication are removed. Local users are unaffected.

Содержание Trace Admin UI

Страница 1: ...ExtraHop 8 8 ExtraHop Trace Admin UI Guide...

Страница 2: ...oduced translated or reduced to any machine readable form without prior written approval from ExtraHop Networks Inc For more documentation see https docs extrahop com Published 2022 03 22 ExtraHop Net...

Страница 3: ...15 Bond interfaces 16 Create a bond interface 16 Modify bond interface settings 16 Destroy a bond interface 17 Notifications 17 Configure email settings for notifications 17 Add a new notification em...

Страница 4: ...ific ICMPv6 Echo Reply messages 42 Services 43 Configure the SNMP service 43 Firmware 44 Upgrade the firmware on your ExtraHop system 44 Pre upgrade checklist 44 Upgrade the firmware on Command and Di...

Страница 5: ...ted and then reconnected to the same Trace appliance 56 For extended storage units configured on a device other than the Trace appliance 56 Reset Packetstore 56 Trace Cluster Settings 57 Manager 57 Pa...

Страница 6: ...gs After you have deployed your Trace appliance see the Trace Post deployment Checklist We value your feedback Please let us know how we can improve this document Send your comments or suggestions to...

Страница 7: ...ace appliance The metrics on this page can help you troubleshoot problems and determine why the ExtraHop appliance is not performing as expected System Reports the following information about the syst...

Страница 8: ...is turned off Name Displays the Trace appliance settings that are stored on disk Options Displays the read write options for the settings stored on disk Size Displays the size in gigabytes for the ide...

Страница 9: ...expk file is encrypted and the contents are only viewable by ExtraHop Support However you can download the diag results complete manifest file to view a list of the files collected Run a custom suppor...

Страница 10: ...tions for your ExtraHop system In Reveal x Enterprise you can enable security only or security and performance detections In addition you can allow the ExtraHop Machine Learning Service to access pre...

Страница 11: ...to your sensor license 35 161 154 247 Portland U S A 54 66 242 25 Sydney Australia 52 59 110 168 Frankfurt Germany Open access to Cloud Recordstore For access to the ExtraHop Cloud Recordstore your se...

Страница 12: ...e Connectivity The Connectivity page contains controls for your appliance connections and network settings Interface Status On physical appliances a diagram of interface connections appears which upda...

Страница 13: ...e interfaces ping replies might not get back to the sender High Performance ERSPAN VXLAN Target Captures traffic forwarded from ERSPAN or VXLAN This interface mode enables the port to handle more than...

Страница 14: ...s we recommend that you contact ExtraHop Support for assistance to avoid reduced throughput Note EDA 4200 EDA 6200 EDA 8200 EDA 9200 and EDA 10200 appliances are not susceptible to reduced throughput...

Страница 15: ...DNS Search List DNSSL information according to router advertisements select RDNSS DNSSL 6 Click Save Global proxy server If your network topology requires a proxy server to enable your ExtraHop syste...

Страница 16: ...rs The bond interface must be destroyed and recreated Create a bond interface Modify a bond interface Destroy a bond interface Create a bond interface You can create a bond interface with at least one...

Страница 17: ...lected to retain the interface settings for the bond interface and all other member interfaces are disabled If no member interface is selected to retain the settings the settings are lost and all memb...

Страница 18: ...hen sending scheduled reports from a Command appliance or Reveal x 360 10 Select the Enable SMTP authentication checkbox and then type the SMTP server setup credentials in the Username and Password fi...

Страница 19: ...red network reports SNMP information is defined by third party management information bases MIBs that describe the structure of the collected data 1 Log in to the Administration settings on the ExtraH...

Страница 20: ...ote The pem file must not be password protected Note You can also automate this task through the REST API 1 In the Network Settings section click SSL Certificate 2 Click Manage certificates to expand...

Страница 21: ...ngton Country Code The two letter ISO code for the country where your organization is located US 6 Click Export The CSR file is automatically downloaded to your computer Next steps Send the CSR file t...

Страница 22: ...certificates you must also enable SSL TLS or STARTTLS encryption and certificate validation when configuring the settings for the external server 1 Log in to the Administration settings on the ExtraHo...

Страница 23: ...ministration settings After the setup user password is changed the button at the top of the page no longer appears Note The password must be a minimum of 5 characters 1 In the Administration settings...

Страница 24: ...ck Users 3 Click Add User 4 In the Personal Information section type the following information Login ID The username that users will log in to their ExtraHop appliances with which cannot contain any s...

Страница 25: ...machine Next steps Add a local user account Remote Authentication The ExtraHop system supports remote authentication for user access Remote authentication enables organizations that have authenticatio...

Страница 26: ...To view the members in the group click the group name Type Displays Local or Remote as the type of user group Members Displays the number of users in the group Shared Content Displays the number of u...

Страница 27: ...ly System Administration Reveal x 360 only Cloud Setup Reveal x 360 only Full Write Limited Write Personal Write Full Read Only Restricted Read Only Activity Maps Create view and load shared activity...

Страница 28: ...ers can access detections The privilege level of the user determines the level of access to detections View detections Y Y Y Y Y Y Y Y N Acknowledge Detections Y Y Y Y Y Y Y N N Modify detection statu...

Страница 29: ...N Metrics View metrics Y Y Y Y Y Y Y Y N Records Explore appliance View record queries Y Y Y Y Y Y Y Y N View record formats Y Y Y Y Y Y Y Y N Create modify and save record queries Y Y Y Y Y N N N N...

Страница 30: ...s Y Y N Y N N N N N Privilege options The following privilege options can be assigned to users with limited Web UI and API privileges Packet and Session Key Access View and download packets View and d...

Страница 31: ...an configure your ExtraHop system to authenticate users remotely with an existing LDAP server Note that ExtraHop LDAP authentication only queries for user accounts it does not query for any other enti...

Страница 32: ...e LDAPS This option specifies LDAP wrapped inside SSL StartTLS This option specifies TLS LDAP SSL is negotiated before any passwords are sent g Select Validate SSL Certificates to enable certificate v...

Страница 33: ...atus message appears near the bottom of the page If the test fails click Show details to see a list of errors You must resolve any errors before you continue 8 Click Save and Continue Next steps Confi...

Страница 34: ...users to view detections This setting is visible only when the global privilege policy for detections access control is set to Only specified users can view detections No access Full access 4 Click Sa...

Страница 35: ...m Plus TACACS for remote authentication and authorization Ensure that each user to be remotely authorized has the ExtraHop service configured on the TACACS server before beginning this procedure 1 Log...

Страница 36: ...rs to view detections This setting is visible only when the global privilege policy for detections access control is set to Only specified users can view detections No access Full access 11 Click Save...

Страница 37: ...e required to perform operations through the ExtraHop REST API Manage API key access Users with unlimited privileges can configure whether users can generate API keys for the ExtraHop system You can a...

Страница 38: ...You can paste the key into the REST API Explorer or append the key to a request header Privilege levels User privilege levels determine which ExtraHop system and administration tasks the user can perf...

Страница 39: ...d but you cannot perform any other administration tasks through the REST API Perform all GET operations through the REST API Delete dashboards and activity maps that you own Perform metric and record...

Страница 40: ...write personal write null metrics full metrics restricted detections full View detections in the ExtraHop system This is an add on privilege that can be granted to a user with one of the following pri...

Страница 41: ...appliance Reset Packetstore Delete all packets stored on the ExtraHop Trace appliance The Reset Packetstore page appears only on the Trace appliance Running Config The running configuration file speci...

Страница 42: ...oaded as a text file to your default download location Disable ICMPv6 Destination Unreachable messages You can prevent the ExtraHop system from generating ICMPv6 Destination Unreachable messages You m...

Страница 43: ...led checkbox appears Configure the SNMP service and download the ExtraHop MIB file Enable or disable SSH Access SSH access is enabled by default to enable users to securely log in to the ExtraHop comm...

Страница 44: ...cted to ExtraHop Cloud Services when a new firmware version is available Verify that your Reveal x 360 system has been upgraded to version 8 7 before upgrading your self managed sensors If you have mu...

Страница 45: ...ected Appliances page Connect to the appliance through the iDRAC interface Upgrade the firmware on Command and Discover appliances 1 Log in to the Administration settings on the ExtraHop system throug...

Страница 46: ...Hop system initiates the firmware upgrade You can monitor the progress of the upgrade with the Updating progress bar The appliance restarts after the firmware is installed 7 If you did not choose to a...

Страница 47: ...ch configured NTP server in the NTP Status table remote The host name or IP address of the remote NTP server you have configured to synchronize with st The stratum level 0 through 16 t The type of con...

Страница 48: ...DN for the time servers in the Time Server fields You can have up to nine time servers Tip After adding the fifth time server click Add Server to display up to four additional timer server fields 8 Cl...

Страница 49: ...is the string of characters that follow i but not i itself For a virtual appliance in GCP type the instance ID For all other virtual appliances type default 5 Click Log In 6 In the Appliance Settings...

Страница 50: ...availability of your new license as shown in the following figure 3 Click Apply new license The capture process restarts which might take a few minutes Note If your license is not automatically update...

Страница 51: ...ypt the packetstore disk For more information see the Encrypt the packetstore disk section Direct Connected Disks Displays information about the SD memory cards The memory cards have the following rol...

Страница 52: ...encryption key Option Description If you entered an encryption passphrase Type a passphrase into the Passphrase field If you selected an encryption key file Click Choose File and then browse to an enc...

Страница 53: ...nstall the extended storage unit in your data center with the included rack mounting kit The mounting kit supports most four post racks with either round or square holes 2 Connect the power cables to...

Страница 54: ...the blue pull tab oriented on the top of the connector Attach the SAS cable to the HBA on the Trace appliance with the blue pull tab oriented on the bottom of the connector To remove the SAS cable pu...

Страница 55: ...d green indicating they are healthy If any disk is unhealthy yellow contact ExtraHop Support 8 Repeat steps 6 and 7 for any additional extended storage units 9 Optional If the packetstore is locked yo...

Страница 56: ...or IP address admin 2 In the Appliance Settings section click Disks 3 Click Extended Storage Units 4 Click Import foreign packetstore disks and then click OK 5 In the RAID Info section click Unconfig...

Страница 57: ...iance Click Remove Manager to remove the Command appliance as the manager Note The Trace appliance can be managed by only one Command appliance Connected Appliances Displays a table of all Discover an...

Страница 58: ...direct connection from the Command appliance is not possible because of firewalls or other network restrictions Before you begin Note This procedure only enables you to perform management functions f...

Результаты поиска

Содержание Trace Admin UI

Отзывы:

Похожие инструкции для Trace Admin UI

Бренды по названию

Популярные бренды

ExtraHop Trace Admin UI, Руководство пользователя

Результаты поиска

Содержание Trace Admin UI

Отзывы:

Похожие инструкции для Trace Admin UI

Бренды по названию

Популярные бренды