topic Re: Extrahop Reveal X Integration - Stop fetching of Hidden Detections possible? in Cortex XSOAR Discussions

Extrahop Reveal X Integration - Stop fetching of Hidden Detections possible?

C.Perez — Mon, 17 Feb 2025 17:04:09 GMT

We've recently use the Extrahop integration to create tickets in XSOAR for our analysts to keep track of Extrahop tickets without having to go into Extrahop's console. However, we're trying to stop it from fetching "Hidden" or tuned detections I'm tuning out in Extrahop. I only fetch for 60+ Risk Scores and for "Open" or .none per the filtering, detections only. I've tried "New" but I think you need to enable some type of ticketing process for it to get a "New" status as it isn't grabbing any new legit one's that are open now. Hidden detections stay in an "Open" state so this filter will stay grab them even if they're supposed to be tuned. Anyone know how I can tune out "Hidden" / tuned detections from Extrahop to stop being fetched by the Extrahop integration in XSOAR?

This is the Advanced Filter I'm using

{
"status": [".none"],
"risk_score_min": 60
}

Re: Extrahop Reveal X Integration - Stop fetching of Hidden Detections possible?

yuki_sato — Tue, 18 Feb 2025 20:00:50 GMT

Hi @C.Perez

Advanced Filter of ExtraHop Reveal(x) integration is dictated by ExtraHop API. On their API documentation (https://docs.extrahop.com/current/rest-api-guide/) under Detection categories, there is a list of supported categories that you can access via API and there is no .none.

It would be either .none categories is not available or not officially supported. I would reach out to ExtraHop since this is their API endpoint.

Re: Extrahop Reveal X Integration - Stop fetching of Hidden Detections possible?

C.Perez — Thu, 20 Feb 2025 14:32:02 GMT

Gotcha, I'll reach out to them thanks.