Skip to main content
All CollectionsHow-tosArticlesAuthentication guides
ExtraHop Authentication Guide
ExtraHop Authentication Guide

How to authenticate ExtraHop for use with Tines

Daniel Stoeski avatar
Written by Daniel Stoeski
Updated over a year ago

First, configure account in ExtraHop

  1. Ensure your user account has the appropriate privileges set for the type of task you need to perform (See ExtraHop privilege levels)

Next, create resource and credentials in Tines

One resource and two credentials will need to be created:

  • Resource: "extrahop_username"

  • Text type credential: "extrahop_secret"

  • HTTP request type credential: "ExtraHop"

Resource

  1. Navigate to the team that will be using the API and click "Resource"

  2. Click "+ New Resource"

  3. Input the values for the ExtraHop resource

    1. Name: extrahop_username

    2. Description: Optional

    3. Builder: your extrahop username

  4. Optional

    1. Access: What other teams can also use the resource

  5. Click "Save resource"

Text type

  1. Login to your Tines tenant

  2. Navigate to the team that will be using the API and click "Credential"

  3. Click "+ New Credential" and select "Text"

  4. Input the values for the ExtraHop credential

    1. Name: extrahop_secret

    2. Description: Optional

    3. Value: your secret

  5. Optional

    1. Domains: Ensure this credential can only be used when making HTTP requests to specific domains

    2. Access: What other teams can also use the API

  6. Click "Save"

HTTP request type

  1. Click "+ New Credential" and select "HTTP Request"

  2. Input the values for the ExtraHop credential

    1. Name: ExtraHop

    2. Description: Optional

    3. URL: https://<your_ExtraHop_domain>.api.cloud.extrahop.com/oauth2/token

    4. Content Type: Form

    5. Method: post

    6. Payload: Copy the below object and paste into the "Plain code" section:

      {
      "grant_type": "client_credentials"
      }

    7. Headers:

      1. Header: Authorization

      2. Value: Basic <<BASE64_ENCODE(LOCAL.creds)>>

    8. Local values: Click the "+ Option" button, select "Local values" and paste the below into the "Plain code" section:

      {
        "creds": "<<RESOURCE.extrahop_username>>:<<CREDENTIAL.extrahop_secret>>"
      }

    9. Click "Run options" and make sure you get a successful response.

    10. Location of token from response: <<extrahop.body.access_token>>

  3. Optional

    1. Domains: Ensure this credential can only be used when making HTTP requests to specific domains

    2. Access: What other teams can also use the API

  4. Click "Save"

Your credential should look like the following:

For more on creating credentials in Tines, click here.

You can find a selection of ExtraHop stories in the story library.

Using the credential and resources in an action

The Header configuration for your ExtraHop credential should be:

"Authorization": "Bearer <<CREDENTIAL.extrahop>>"

Here is an example ExtraHop action you can copy and paste onto your storyboard in Tines:

{"standardLibVersion":"35","actionRuntimeVersion":"4","agents":[{"disabled":false,"name":"List All Detections in Extrahop","description":"List All Detections in Extrahop","options":"{\"url\":\"https://<<RESOURCE.extrahop_domain>>/api/v1/detections\",\"content_type\":\"application_json\",\"method\":\"get\",\"headers\":{\"Authorization\":\"Bearer <<CREDENTIAL.extrahop>>\"}}","position":{"x":690,"y":510},"type":"httpRequest","timeSavedUnit":"minutes","timeSavedValue":0,"monitorAllEvents":false,"monitorFailures":false,"monitorNoEventsEmitted":null,"recordType":null,"recordWriters":[],"form":null,"cardIconName":"httpRequest","createdFromTemplateGuid":"c8388b626850667f74b5b65c1146a8fe288572c5ffe5fdc11db00ebfff2a1866","createdFromTemplateVersion":1,"originStoryIdentifier":"cloud:aa47f8215c6f30a0dcdb2a36a9f4168e:d4c15df0f02ba4789095426607003199"}],"links":[],"diagramNotes":[]}
Related Articles
Cribl Authentication Guide
Censys Authentication Guide
Did this answer your question?