This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Extrahop Reveal X Integration - Stop fetching of Hidden Detections possible?

cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Extrahop Reveal X Integration - Stop fetching of Hidden Detections possible?

Go to solution
C.Perez
L1 Bithead

‎02-17-2025 09:03 AM - edited ‎02-17-2025 09:04 AM

We've recently use the Extrahop integration to create tickets in XSOAR for our analysts to keep track of Extrahop tickets without having to go into Extrahop's console. However, we're trying to stop it from fetching "Hidden" or tuned detections I'm tuning out in Extrahop. I only fetch for 60+ Risk Scores and for "Open" or .none per the filtering, detections only. I've tried "New" but I think you need to enable some type of ticketing process for it to get a "New" status as it isn't grabbing any new legit one's that are open now. Hidden detections stay in an "Open" state so this filter will stay grab them even if they're supposed to be tuned. Anyone know how I can tune out "Hidden" / tuned detections from Extrahop to stop being fetched by the Extrahop integration in XSOAR?


This is the Advanced Filter I'm using

{
"status": [".none"],
"risk_score_min": 60
}

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
ysato
L3 Networker

‎02-18-2025 12:00 PM

Hi @C.Perez 

 

Advanced Filter of ExtraHop Reveal(x) integration is dictated by ExtraHop API. On their API documentation (https://docs.extrahop.com/current/rest-api-guide/) under Detection categories, there is a list of supported categories that you can access via API and there is no .none.

It would be either .none categories is not available or not officially supported. I would reach out to ExtraHop since this is their API endpoint.

View solution in original post

0 Likes Likes
2 REPLIES 2

Go to solution
ysato
L3 Networker

‎02-18-2025 12:00 PM

Hi @C.Perez 

 

Advanced Filter of ExtraHop Reveal(x) integration is dictated by ExtraHop API. On their API documentation (https://docs.extrahop.com/current/rest-api-guide/) under Detection categories, there is a list of supported categories that you can access via API and there is no .none.

It would be either .none categories is not available or not officially supported. I would reach out to ExtraHop since this is their API endpoint.

0 Likes Likes

Go to solution
C.Perez
L1 Bithead
In response to ysato

‎02-20-2025 06:32 AM

Gotcha, I'll reach out to them thanks.

0 Likes Likes
  • 1 accepted solution
  • 463 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks