From 4e7a68a8cc793714d2ff1efc8a1d0f177bcb9358 Mon Sep 17 00:00:00 2001
From: Bivic <paul.bivic@sekoia.io>
Date: Thu, 1 Aug 2024 14:28:33 +0200
Subject: [PATCH] add extrahop and redirect for agent

---
 .../network_security/extrahop_revealx_360.md  | 67 +++++++++++++++++++
 mkdocs.yml                                    |  5 +-
 2 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 docs/integration/categories/network_security/extrahop_revealx_360.md

diff --git a/docs/integration/categories/network_security/extrahop_revealx_360.md b/docs/integration/categories/network_security/extrahop_revealx_360.md
new file mode 100644
index 0000000000..16f244bd4f
--- /dev/null
+++ b/docs/integration/categories/network_security/extrahop_revealx_360.md
@@ -0,0 +1,67 @@
+uuid: 1df44c62-33d3-41d4-8176-f1fa13589eea
+name: ExtraHop Reveal(x) 360
+type: intake
+
+## Overview
+
+ExtraHop Reveal(x) 360 is a cloud-based network detection and response platform offering protection and detections for on-premises and cloud environments.
+
+In this documenation we will explain how to collect and send Reveal(x) 360 events to Sekoia.io.
+
+{!_shared_content/operations_center/detection/generated/suggested_rules_1df44c62-33d3-41d4-8176-f1fa13589eea_do_not_edit_manually.md!}
+
+{!_shared_content/operations_center/integrations/generated/1df44c62-33d3-41d4-8176-f1fa13589eea.md!}
+
+## Configure
+
+### Prerequisites
+- System and access administration privileges for ExtraHop Reveal(x) 360
+- Access to Sekoia.io Intakes and Playbook pages with write permissions
+
+### How to create REST API credentials
+1. Log in to Reveal(x) 360.
+2. Click the System Settings icon  at the top right of the page and then click **All Administration**.
+3. Click **API Access**.
+4. Click **Create Credentials**.
+5. In the **Name** field, type a name for the credentials.
+6. In the **Privileges** field, specify a privilege level for the credentials.
+
+!!! Note
+    The privilege level determines which actions can be performed with the credential. Do not grant more privileges to REST API credentials than needed because it can create a security risk. For example, applications that only retrieve metrics should not be granted credentials that grant administrative privileges. For more information about each privilege level, see [User privileges](https://docs.extrahop.com/9.5/users-overview/#user-privileges).
+
+!!! Note
+    System and Access Administration privileges are similar to Full write privileges and allow the credentials to connect self-managed sensors and Trace appliances to Reveal(x) 360.
+
+7. In the **Packet Access** field, specify whether you can retrieve packets and session keys with the credentials. 
+8. Click **Save**.
+   The Copy REST API Credentials pane appears.
+9. Under ID, click **Copy to Clipboard** and save the ID to your local machine.
+10. Under Secret, click **Copy to Clipboard** and save the secret to your local machine.
+
+!!! Important
+    The secret cannot be viewed or retrieved later.
+
+12. Click **Done**.
+
+
+### Create your intake
+
+1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the `ExtraHop Reveal(x) 360`.
+2. Copy the associated Intake key
+
+### Pull the logs to collect them on Sekoia.io
+
+Go to the Sekoia.io [playbook page](https://app.sekoia.io/operations/playbooks), and follow these steps:
+
+- Click on **+ PLAYBOOK** button to create a new one
+- Select **Create a playbook from scratch**
+- Give it a name in the field **Name**
+- Open the left panel, click **ExtraHop** then select the trigger `Fetch new alerts from ExtraHop Reveal(x) 360`
+- Click on **Create**
+
+- Create a **Module configuration** using your REST API credentials created on the *How to create REST API credentials* step. Name the module configuration as you wish
+- Create a **Trigger configuration** and Type the `Intake key` created on the previous step
+- Click on the **Save** button
+- **Activate the playbook** with the toggle button on the top right corner of the page
+
+### Enjoy your events on the [Events page](https://app.sekoia.io/operations/events)
\ No newline at end of file
diff --git a/mkdocs.yml b/mkdocs.yml
index 416e91da16..a319a85b07 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -447,6 +447,7 @@ nav:
       - Datadome Protection: integration/categories/network_security/datadome_protection.md
       - Daspren Parad: integration/categories/network_security/daspren_parad.md
       - Digital Shadows SearchLight: integration/categories/network_security/digital_shadows.md
+      - ExtraHop Reveal(x) 360: integration/categories/network_security/extrahop_revealx_360.md
       - Fastly Next-Gen WAF: integration/categories/network_security/fastly_waf.md
       - Forcepoint Secure Web Gateway: integration/categories/network_security/forcepoint_web_gateway.md
       - FortiProxy: integration/categories/network_security/fortiproxy.md
@@ -525,7 +526,7 @@ nav:
       - RSS: integration/action_library/generic/rss.md
       - Sekoia: integration/action_library/generic/sekoia-io.md
       - Utils: integration/action_library/generic/utils.md
-    - IAM SASE:
+    - IAM:
       - Duo: integration/action_library/iam/duo.md
       - Jumpcloud Directory Insights: integration/action_library/iam/jumpcloud-directory-insights.md
       - Microsoft Active Directory: integration/action_library/iam/microsoft-active-directory.md
@@ -667,6 +668,7 @@ plugins:
       xdr/features/collect/integrations/cloud_and_saas/cloudflare/cloudflare-http-requests.md: integration/categories/network/cloudflare-http-requests.md
       xdr/features/collect/integrations/cloud_and_saas/datadome_protection.md: integration/categories/network_security/datadome_protection.md
       xdr/features/collect/integrations/cloud_and_saas/digital_shadows.md: integration/categories/network_security/digital_shadows.md
+      xdr/features/collect/integrations/cloud_and_saas/extrahop_revealx_360.md: integration/categories/network_security/extrahop_revealx_360.md
       xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit_waf.md: integration/categories/applicative/fastly_audit_waf.md
       xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_waf.md: integration/categories/network_security/fastly_waf.md
       xdr/features/collect/integrations/cloud_and_saas/github_audit_logs.md: integration/categories/applicative/github_audit_logs.md
@@ -779,6 +781,7 @@ plugins:
       xdr/features/collect/integrations/network/watchguard_firebox.md: integration/categories/network_security/watchguard_firebox.md
       xdr/features/collect/integrations/endpoint/sekoiaio/sekoiaio.md: integration/categories/endpoint/sekoiaio.md
       xdr/features/collect/integrations/index.md: integration/categories/index.md
+      xdr/features/collect/integrations/endpoint/sekoiaio.md: integration/categories/endpoint/sekoiaio.md
       getting_started/2fa.md: getting_started/account_security.md
       getting_started/apikey_creation.md: getting_started/manage_api_keys.md
       getting_started/first_steps.md: getting_started/index.md