Issue
Customer's ExtraHop integration with Red Canary repeatedly failed due to API authentication errors, including persistent "unexpected error" and "authentication error" messages. Attempts to reconfigure the ExtraHop API credentials and update integration in Red Canary did not resolve the issue. Manual API calls to ExtraHop resulted in HTTP 403 Forbidden errors.
Cause
Red Canary's API calls to ExtraHop were being blocked due to missing Red Canary public IP addresses in the customer's ExtraHop IP whitelist.
Resolution
To resolve authentication issues with the ExtraHop integration in Red Canary, add Red Canary IP addresses to the allowed list in the ExtraHop platform:
- Add the IPs shared in the Red Canary Getting Help page (under "Outbound Communications from Red Canary to you) to the ExtraHop IP whitelist.
- Verify that alerts are now being ingested into Red Canary and no further API authentication errors appear (the errors may take some time to clear).
If API calls to ExtraHop still fail with 403 Forbidden after these steps:
- Confirm that the allow list is correct and that the credentials have full permissions.
- Attempt an API call from Postman using the new credentials to further isolate the issue.
- If failure persists, engage ExtraHop Support for additional guidance.
Keywords: ExtraHop integration API authentication error, Red Canary IP whitelist, 403 forbidden, authentication failed, reconfigure ExtraHop API key, add IP address to ExtraHop, Red Canary integration troubleshooting, unable to save ExtraHop credentials, ExtraHop Reveal(x) 360 integration error, API access denied Red Canary
Comments
0 comments
Please sign in to leave a comment.