The True Cost of a Security Breach

Arrow pointing right
ExtraHop Logo
  • Productschevron right
  • Solutionschevron right
  • Why ExtraHopchevron right
  • Blogchevron right
  • Resourceschevron right

Arrow pointing leftBlog

What's New in 9.1 and Reveal(x)

Jeena Khan

January 11, 2023

While release notes provide a comprehensive view of our 9.1 release updates, here is a preview of our most exciting new features.


You can now tune detections by custom network localities in which the victim or offender is a participant.

Detection tuning in Reveal(x) 360

You can also filter and tune hardening detections from summary pages that are available for all hardening detection types.

Filtering weak cipher suite detections

A summary of perimeter traffic now appears next to the halo visualizations (Cloud Services, Countries, Large Uploads) on the Perimeter Overview. Quickly identify external connections in the halo visualization, and then drill down into device properties and records.

Perimeter overview in Reveal(x) 9.1


A global privilege policy in the Administration settings now lets you control whether users with limited write privileges can create and edit device groups.

Editing user privileges in device group properties

And, there is a new role for attack simulators that can be assigned to a device that runs breach and attack simulation (BAS) software.

New role for attack simulators in Reveal(x) 9.1


ExtraHop Reveal(x) now displays a screen upon login that includes features available in the most current version. Users can access the feature list later by selecting System Notices from the System Settings menu.

New features displayed in Reveal(x) 9.1 login screen

In Reveal(x) 360, administrators can now create a system notification rule to email a recipient list whenever daily record ingest nears or exceeds the daily ingest capacity.

Changing system notification setting for recordstore ingests exceeding 80%


  • Reveal(x) administrators users will see a system notice when new firmware is available.
  • There are two new permission levels: one allows you to download packet slices (the first 64 bytes of the packet) and one that allows you to download PCAPs and session keys in a single ng file.
  • REST API updates include the following changes:
    • Added the result_fields field to the POST /devices/search operation, which enables you to specify which fields are returned by the operation.
    • Added the editors field to the POST /devicegroups operation, which enables you to specify users with limited write privileges who can edit a device group.

Explore related articles

Experience RevealX NDR for Yourself

Schedule a demo