Skip to content

Commit

Permalink
Made changes in dashboard panels and in readme
Browse files Browse the repository at this point in the history
  • Loading branch information
@surabhipatel-crest
surabhipatel-crest committed Nov 4, 2024
1 parent af41219 commit d99cfac
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 57 deletions.
8 changes: 3 additions & 5 deletions extrahop/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,16 +19,14 @@ This integration seamlessly collects all the above listed logs, channeling them
2. Generate new Client ID and Client Secret. Click **Create Credentials** which is present at the bottom of the page under **Rest API Credentials** section.
3. On **System Settings** > **API Access** > **Rest API Credentials**, at the top right corner; Click **Create Credentials** Specify the settings of the new Client ID and Client Secret.
- Name: A meaningful name that can help you identify the Client ID and Client Secret.
- System Access: The system access permission assigned to the ID and Secret. Select **System administration**.
- System Access: The system access permission assigned to the ID and Secret. Select **Full read-only**.
- NDR Module Access: The NDR module access permission assigned to the ID and Secret. Select **Full Access**.
- NPM Module Access: The NPM module access permission assigned to the ID and Secret. Select **Full Access**.
- NPM Module Access: The NPM module access permission assigned to the ID and Secret. Select **No Access**.
- Packet And Session Key Access: The packet and session key access permission assigned to the ID and Secret. Select **No Access**.
4. Click **Save**.
5. Copy and store **ID** and **Secret** in a secure location.

#### ExtraHop Datadog Integration Configuration

Configure the Datadog endpoint to forward ExtraHop logs to Datadog.
#### Configure the Datadog endpoint to forward ExtraHop logs to Datadog

1. Navigate to `ExtraHop`.
2. Add your ExtraHop credentials.
Expand Down
101 changes: 49 additions & 52 deletions extrahop/assets/dashboards/extrahop_detections.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -758,18 +758,18 @@
"response_format": "scalar",
"queries": [
{
"data_source": "logs",
"name": "query1",
"data_source": "logs",
"search": {
"query": "source:extrahop service:detection @risk_status:critical"
},
"indexes": [
"*"
],
"compute": {
"aggregation": "cardinality",
"metric": "@id"
},
"group_by": [],
"search": {
"query": "source:extrahop service:detection @risk_status:critical"
"compute": {
"aggregation": "count",
"metric": "count"
},
"storage": "hot"
}
Expand Down Expand Up @@ -811,18 +811,18 @@
"response_format": "scalar",
"queries": [
{
"data_source": "logs",
"name": "query1",
"data_source": "logs",
"search": {
"query": "source:extrahop service:detection @risk_status:warning"
},
"indexes": [
"*"
],
"compute": {
"aggregation": "cardinality",
"metric": "@id"
},
"group_by": [],
"search": {
"query": "source:extrahop service:detection @risk_status:warning"
"compute": {
"aggregation": "count",
"metric": "count"
},
"storage": "hot"
}
Expand Down Expand Up @@ -863,18 +863,18 @@
"response_format": "scalar",
"queries": [
{
"data_source": "logs",
"name": "query1",
"data_source": "logs",
"search": {
"query": "source:extrahop service:detection @risk_status:info"
},
"indexes": [
"*"
],
"compute": {
"aggregation": "cardinality",
"metric": "@id"
},
"group_by": [],
"search": {
"query": "source:extrahop service:detection @risk_status:info"
"compute": {
"aggregation": "count",
"metric": "count"
},
"storage": "hot"
}
Expand Down Expand Up @@ -1593,7 +1593,6 @@
"title": "Mitre Tactics Details",
"title_size": "16",
"title_align": "left",
"time": {},
"type": "query_table",
"requests": [
{
Expand Down Expand Up @@ -1753,7 +1752,6 @@
"title": "Mitre Techniques Details",
"title_size": "16",
"title_align": "left",
"time": {},
"type": "query_table",
"requests": [
{
Expand Down Expand Up @@ -2093,18 +2091,18 @@
"response_format": "scalar",
"queries": [
{
"data_source": "logs",
"name": "query1",
"data_source": "logs",
"search": {
"query": "source:extrahop service:investigation @status:open"
},
"indexes": [
"*"
],
"compute": {
"aggregation": "cardinality",
"metric": "@id"
},
"group_by": [],
"search": {
"query": "source:extrahop service:investigation @status:open"
"compute": {
"aggregation": "count",
"metric": "count"
},
"storage": "hot"
}
Expand Down Expand Up @@ -2204,18 +2202,18 @@
"response_format": "scalar",
"queries": [
{
"data_source": "logs",
"name": "query1",
"data_source": "logs",
"search": {
"query": "source:extrahop service:investigation @status:in-progress"
},
"indexes": [
"*"
],
"compute": {
"aggregation": "cardinality",
"metric": "@id"
},
"group_by": [],
"search": {
"query": "source:extrahop service:investigation @status:in-progress"
"compute": {
"aggregation": "count",
"metric": "count"
},
"storage": "hot"
}
Expand Down Expand Up @@ -2256,18 +2254,18 @@
"response_format": "scalar",
"queries": [
{
"data_source": "logs",
"name": "query1",
"data_source": "logs",
"search": {
"query": "source:extrahop service:investigation @status:closed"
},
"indexes": [
"*"
],
"compute": {
"aggregation": "cardinality",
"metric": "@id"
},
"group_by": [],
"search": {
"query": "source:extrahop service:investigation @status:closed"
"compute": {
"aggregation": "count",
"metric": "count"
},
"storage": "hot"
}
Expand Down Expand Up @@ -2308,18 +2306,18 @@
"response_format": "scalar",
"queries": [
{
"data_source": "logs",
"name": "query1",
"data_source": "logs",
"search": {
"query": "source:extrahop service:investigation @is_user_created:true"
},
"indexes": [
"*"
],
"compute": {
"aggregation": "cardinality",
"metric": "@id"
},
"group_by": [],
"search": {
"query": "source:extrahop service:investigation @is_user_created:true"
"compute": {
"aggregation": "count",
"metric": "count"
},
"storage": "hot"
}
Expand Down Expand Up @@ -2631,7 +2629,6 @@
"title": "Investigation Details",
"title_size": "16",
"title_align": "left",
"time": {},
"type": "query_table",
"requests": [
{
Expand Down

0 comments on commit d99cfac

Please sign in to comment.