How to Get ExtraHop Packet Basics for AWS

ExtraHop Packet Basics stores packets from VPC Traffic Mirror sessions for query and download.

To successfully deploy Packet Basics, make sure you have everything you need:

  • An AWS account
  • A VPC and subnet where Packet Basics can be deployed
  • One or more ENIs for VPC Traffic Mirror sources

Deploy Packet Basics

  1. Log in to your AWS Management Console.
  2. Search for ExtraHop Packet Basics in AWS Marketplace and click the listing.
  3. Click Continue to Subscribe.
  4. Read the ExtraHop Terms and Conditions, and then click Accept Terms.
  5. After the subscription process completes, click Continue to Configuration.
  6. Select CloudFormation Template from the Delivery Method drop-down list.
  7. Select the Single Packet Basics Appliance CloudFormation template from the drop-down list.
  8. Select a firmware version from the Software Version drop-down list.
  9. Select your AWS region from the Region drop-down list.
  10. Click Continue to Launch.
  11. On the Launch this software page, under Choose Action, select Launch CloudFormation.
  12. Click Launch.
  13. On the Create stack page, click Next.
  14. On the Specify stack details page, type a name in the Stack name field to identify your instance in AWS.
  15. In the Network configuration section, configure the following fields:
    VPCID: Select the VPC where the Packet Basics will be deployed
    MgmtTrafficMirrorSubnetID: Select the subnet where the appliance ENI will be deployed. A single ENI acts as both management interface and traffic mirror target.
    RemoteAccessCIDR: Type a CIDR IP range to restrict user access to the instance. We recommend that you configure a trusted IP address range.
    PublicEIP: Specify whether the appliance ENI should have a public IP address.
  • Select false if you do not want a public-facing IP address.
  • Select true if you want Packet Basics available to users through the public internet.
  1. (Optional) In the Mirror source configuration section, you can specify an ENI from your subnet as an initial traffic mirror source.
    ENITrafficMirrorSource: Specify an ENI source that should be initially mirrored to the Packet Basics instance.
    ENITrafficMirrorSessionNumber: Specify a session number for the VPC Traffic Mirror session.
  2. Click Next.
  3. Add one or more tags in the Tags section and then click Next.
  4. Review your configuration settings and then click Create stack.
  5. Wait for the creation to complete and then click the Outputs tab.
  6. Copy the PacketBasicsCredentials value. This is the password required to log in to the ExtraHop system as the “setup” user. Click the PacketBasicsUserAccess value URL to go to the Packet Basics login screen. The initial boot of Packet Basics requires up to 10 minutes for the login screen to become available.

Post Deployment: Change the Default Password

We strongly recommend that you change the default password after you log in for the first time.

  1. On the Packet Basics appliance, click the System Settings icon image and then click Administration.
  2. On the Packet Basics Administration page, click Change Default Password at the top of the page.
  3. Type the Old Password.
  4. Type the New Password and then again to Confirm Password.
  5. Click Change Password to finalize the password change.

Post Deployment: Mirror Traffic to ExtraHop Packet Basics

Please see the instructions in this post to mirror packets to ExtraHop Packet Basics.