Extrahop RevealX 360 app doc

blog-service/2025-08-20-apps-extrahop.md

@@ -0,0 +1,12 @@
+---
+title: ExtraHop RevealX 360 (Apps)
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - apps
+  - extrahop-revealx-360
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to introduce the new ExtraHop RevealX 360 app for Sumo Logic, which enables you to gain real-time visibility into your security hub findings data. This app can help security teams to monitor detection trends, track changes in risk levels, and gain insights into the most frequently observed MITRE techniques, top destination devices, and key targets on the network. [Learn more](/docs/integrations/webhooks/extrahop-revealx-360).

cid-redirects.json

@@ -1636,6 +1636,7 @@
   "/cid/10210": "/docs/integrations/saas-cloud/proofpoint-tap",
   "/cid/10202": "/docs/integrations/saas-cloud/mimecast",
   "/cid/12222": "/docs/integrations/webhooks/snyk",
+  "/cid/12223": "/docs/integrations/webhooks/extrahop-revealx-360",
   "/cid/1119": "/docs/integrations/saas-cloud/druva",
   "/cid/10191": "/docs/integrations/saas-cloud/akamai-datastream",
   "/cid/10194": "/docs/integrations/saas-cloud/proofpoint-on-demand",

docs/integrations/product-list/product-list-a-l.md

@@ -219,7 +219,7 @@ For descriptions of the different types of integrations Sumo Logic offers, see [
 | <img src={useBaseUrl('img/integrations/misc/eset-logo.png')} alt="Thumbnail icon" width="75"/> | [ESET](https://www.eset.com/us/) | Cloud SIEM integration: [ESET](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/ced86de0-64e4-4e7c-ae25-fb5b3dff3cb8.md) |
 | <img src={useBaseUrl('img/integrations/misc/exabeam-logo.svg')} alt="Thumbnail icon" width="75"/> | [Exabeam](https://www.exabeam.com/) | Cloud SIEM integration: [Exabeam](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/9d2d799d-2d6c-4894-a46f-0cce00641bcb.md) |
 | <img src={useBaseUrl('img/platform-services/automation-service/app-central/logos/exploit-database.png')} alt="Thumbnail icon" width="75"/> | [Exploit Database](https://www.exploit-db.com/) | Automation integration: [Exploit Database](/docs/platform-services/automation-service/app-central/integrations/exploit-database/) |
-| <img src={useBaseUrl('img/integrations/misc/extrahop-logo.png')} alt="Thumbnail icon" width="100"/>  | [ExtraHop](https://www.extrahop.com/)  | Cloud SIEM integration: [Extrahop](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/a8b03e2e-7497-4104-874d-cafd03aeb4c1.md) <br/>Community app: [Sumo Logic for ExtraHop Reveal(x) 360](https://github.com/SumoLogic/sumologic-content/tree/master/ExtraHop%20Reveal(x)%20360)  |
+| <img src={useBaseUrl('img/integrations/misc/extrahop-logo.png')} alt="Thumbnail icon" width="100"/>  | [ExtraHop](https://www.extrahop.com/)  | App: [ExtraHop RevealX 360](/docs/integrations/webhooks/extrahop-revealx-360) <br/>- Cloud SIEM integration: [ExtraHop](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/a8b03e2e-7497-4104-874d-cafd03aeb4c1.md) <br/>Community app: [Sumo Logic for ExtraHop Reveal(x) 360](https://github.com/SumoLogic/sumologic-content/tree/master/ExtraHop%20Reveal(x)%20360)  |
 
 
 ## F

docs/integrations/webhooks/extrahop-revealx-360.md

@@ -0,0 +1,169 @@
+---
+id: extrahop-revealx-360
+title: ExtraHop RevealX 360
+sidebar_label: ExtraHop RevealX 360
+description: The ExtraHop RevealX 360 app for Sumo Logic provides security analysts with critical visibility into your ExtraHop RevealX 360 environment.
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<img src={useBaseUrl('img/send-data/extrahop-revealx-360-icon.png')} alt="extrahop-revealx-360-icon" width="150"/>
+
+The ExtraHop RevealX 360 app offers powerful network detection and response capabilities, providing organisations with in-depth visibility into security threats throughout their environment. By centralizing detection data such as total detections, average risk scores, MITRE attack techniques, and destination device activity, this app allows security teams to quickly identify, prioritize, and investigate suspicious activities.
+
+By leveraging real-time metrics and contextual threat information, the app highlights patterns of malicious behavior, high-risk destinations, and devices originating from embargoed locations. This insight helps teams monitor evolving risks, identify vulnerable assets, and understand the tactics and techniques targeting their networks.
+
+With its comprehensive detection summaries, geographical breakdowns, and detailed device-level insights, the ExtraHop RevealX 360 app empowers organizations to respond effectively to emerging threats. By maintaining a clear view of their security posture, teams can act swiftly, reduce dwell time, and strengthen defenses to protect critical systems and data.
+
+:::info
+This app includes [built-in monitors](#extrahop-revealx-360-alerts). For details on creating custom monitors, refer to [Create monitors for ExtraHop RevealX 360 app](#create-monitors-for-extrahop-revealx-360-app).
+:::
+
+## Log types
+
+The Sumo Logic app for ExtraHop RevealX 360 ingests [detection events](https://docs.extrahop.com/current/detections-create-notification-rule/) via a webhook.
+
+## Sample log messages
+
+```json title="Detection log"
+{
+    "mitre_techniques": [
+        {
+            "id": "T1021",
+            "name": "Remote Services"
+        },
+        {
+            "id": "T1078",
+            "name": "Valid Accounts"
+        },
+        {
+            "id": "T1570",
+            "name": "Lateral Tool Transfer"
+        }
+    ],
+    "recommended": true,
+    "time": 1755070340426,
+    "dst": {
+        "type": "device",
+        "ipaddr": null,
+        "hostname": null,
+        "role": "victim",
+        "endpoint": "server",
+        "username": null,
+        "device": {
+            "oid": 17550703405,
+            "macaddr": "0E:C9:8B:2C:62:F3",
+            "name": "pc2.i.rx.tours",
+            "ipaddrs": [
+                "109.248.151.179"
+            ]
+        }
+    },
+    "id": 17550703402,
+    "url": "https://envio1206.duckdns.org/extrahop/#/detections/detail/17550703402/?from=1755070340&until=1755070340&interval_type=DT",
+    "risk_score": 65,
+    "recommended_factors": [
+        "top_offender"
+    ],
+    "additional_participants": [],
+    "categories_ids": [
+        "sec",
+        "sec.lateral",
+        "sec.attack"
+    ],
+    "properties": {},
+    "type": "New SMB Executable File Transfer Activity",
+    "description": "pc2.i.rx.tours received an executable file. This is the first time in several weeks ExtraHop observed this activity. Check unexpected files for malware.\nExample of a suspicious transferred file path. View more in investigation steps\n\nADMIN$\\xxFDMxx.exe\n",
+    "src": {
+        "type": "device",
+        "ipaddr": "109.248.151.179",
+        "hostname": null,
+        "role": "offender",
+        "endpoint": "client",
+        "username": null,
+        "device": {
+            "oid": 17550703400,
+            "macaddr": "0E:86:1F:88:60:E9",
+            "name": "pc3.i.rx.tours"
+        }
+    },
+    "title": "New SMB Executable File Transfer Activity"
+}
+```
+
+## Sample queries
+
+```sql title="Total Detections"
+_sourceCategory=Labs/extraHop
+| json "id", "time", "url", "src.username", "risk_score", "mitre_techniques[*].name", "dst.device.name", "dst.device.macaddr", "dst.device.ipaddrs.[*]", "dst.ipaddr", "type", "title", "description", "recommended_factors", "categories_ids", "dst.hostname", "dst.role" as id, time, url, src_username, risk_score, mitre_techniques, dst_device_name, dst_device_mac_address, dst_device_ip_list, dst_device_ip_2, type, title, description, recommended_factors, categories_ids, dst_hostname, dst_role nodrop
+
+| extract field=mitre_techniques "\"?(?<techniques>[\w\s\-&.,]*)\"?[,\n\]]" multi nodrop
+| extract field=dst_device_ip_list "\"?(?<dst_device_ip_1>[\w\s\-&.,]*)\"?[,\n\]]" nodrop
+| if (isBlank(dst_device_ip_1), dst_device_ip_2, dst_device_ip_1) as dst_device_ip
+
+| where techniques matches "*"
+
+| count by id, time, url, src_username
+| count
+```
+
+## Setup
+
+### Source configuration
+
+Follow the below steps to configure the Hosted Collector to receive ExtraHop RevealX 360 events:
+
+1. In the Sumo Logic portal, create a new [Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector/) or use an existing one. Then add an [HTTP Logs and Metrics Source](/docs/send-data/hosted-collectors/http-source/logs-metrics/#configure-an-httplogs-and-metrics-source).
+2. Configure **Source Category** in the HTTP source - for example, `webhook/extrahop-revealx` - for the ExtraHop RevealX 360 integration.
+3. Copy and save the endpoint URL of the source.
+
+### Vendor configuration
+
+Configure the webhook integration in ExtraHop RevealX 360 to send events to the Sumo Logic HTTP source. Once configured, it will be triggered each time the events occur within your Extrahop RevealX 360 account.
+
+To configure the ExtraHop RevealX 360 webhook, refer to the [ExtraHop RevealX 360 Documentation](https://docs.extrahop.com/current/detections-create-notification-rule/).
+
+### Installing the ExtraHop RevealX 360 app
+
+import AppInstall2 from '../../reuse/apps/app-install-v2.md';
+
+<AppInstall2/>
+
+## Viewing ExtraHop RevealX 360 dashboards​
+
+import ViewDashboards from '../../reuse/apps/view-dashboards.md';
+
+<ViewDashboards/>
+
+### Security
+
+The **ExtraHop RevealX 360 - Security** dashboard provides a comprehensive overview of network detection activities and the overall security posture of your environment. It offers insights into total detections, average risk scores, and the distribution of techniques over time, allowing teams to quickly identify unusual patterns and potential areas of concern.
+
+This dashboard helps security teams monitor detection trends, track changes in risk levels, and gain insights into the most frequently observed MITRE techniques, top destination devices, and key targets on the network. It also highlights detections linked to high-risk or embargoed geolocations, offering valuable context for prioritizing investigations.
+
+By consolidating these insights into a unified view, the dashboard enhances threat detection, supports more informed response actions, and strengthens defenses against evolving network-based attacks.<br/><img src='https://sumologic-app-data-v2.s3.us-east-1.amazonaws.com/dashboards/Extrahop+RevealX+360/Extrahop-RevealX-360-Security.png' alt="Extrahop-RevealX-360-Security" style={{border:'1px solid gray'}} />
+
+## Create monitors for ExtraHop RevealX 360 app
+
+import CreateMonitors from '../../reuse/apps/create-monitors.md';
+
+<CreateMonitors/>
+
+### ExtraHop RevealX 360 alerts
+
+| Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition |
+|:--|:--|:--|:--|
+| `ExtraHop RevealX 360 - Destination Devices from Embargoed Geo Locations` | This alert is fired when events originating from embargoed locations are detected, ensuring adherence to security restrictions and protocols. | Critical | Count > 0 |
+| `ExtraHop RevealX 360 - Critical Detections` | This alert is fired when detections are identified with a risk score greater than 70, signaling high-severity threats that require immediate investigation and remediation. | Critical | Count > 0 |
+
+## Upgrade/Downgrade the ExtraHop RevealX 360 app (Optional)
+
+import AppUpdate from '../../reuse/apps/app-update.md';
+
+<AppUpdate/>
+
+## Uninstalling the ExtraHop RevealX 360 app (Optional)
+
+import AppUninstall from '../../reuse/apps/app-uninstall.md';
+
+<AppUninstall/>

sidebars.ts

@@ -2688,6 +2688,7 @@ integrations: [
           'integrations/webhooks/bugsnag',
           'integrations/webhooks/configcat',
           'integrations/webhooks/emnify',
+          'integrations/webhooks/extrahop-revealx-360',
           'integrations/webhooks/firefly',
           'integrations/webhooks/flagsmith',
           'integrations/webhooks/grafana-oncall',