Fine-tuned Device Classifications
The power of ExtraHop lies in the broad range of available metrics coupled with the flexibility to curate a view of only the things you care about. In 7.4, we've added new ways for you to monitor changes and surface potential risks to your network.
Find Devices by Their Discovery Time
As ExtraHop finds and classifies new assets and endpoints, you can easily watch for additions to your network through built-in device groups for devices found within the last 24 hours or the last 7 days. In addition, you can specify a range of discovery time as the criteria for your custom device groups.
Identify (and Dismiss) Vulnerability Scanner Activity
With the new vulnerability scanner role, you can minimize false alarms by classifying devices that are expected to scan your network. If a critical asset is suddenly behaving unexpectedly, you'll be in a better position to catch potential attacks without unnecessary noise.
Vulnerability scanners are highlighted by an icon in activity maps, as shown in the following example.
View Device Activity by Protocol
We've updated your view of all of the activity discovered in real-time on your network. The Activity page gives you an overview of the protocols your devices are communicating over, identifies if they're acting as a server or client, and identifies whether they are involved in any detections. You can also see a sparkline for protocol activity during the selected time interval or quickly launch an activity map to see a dynamic visual representation of the traffic flow and device relationships.
Anomalies and unusual changes are surfaced on the Detections page, where you can easily dismiss expected changes or begin a focused investigation.
You can also now connect detections to your existing ticket tracking system. For example, you can link a detection found by ExtraHop to a ticket in ticketing systems such as Jira, Bugzilla, or Salesforce. That detection can show the ticket assignee, ticket status, and can be configured to display a clickable link that opens the ticket in your ticketing system.
You can also filter detections by ticket tracking criteria.
(Note that Detections require the ExtraHop Machine Learning Service. The Sort By feature is only available for Reveal(x) subscriptions.)
Records for Custom Metrics
If you have a connected Explore appliance and have created custom metrics, you can now enable record queries for your custom metrics by setting filters for existing record types through the Metric Catalog. You can then access records from charts, as shown in the following figure, to view transaction-level information about your custom metric.
ExtraHop in the Cloud and On-Prem
We've added the following branch office solutions for Reveal(x) that provide enterprise-grade network traffic analysis with built-in threat detection and investigation. Reveal(x) automatically discovers and classifies everything in your Azure environment to deliver complete real-time visibility at cloud scale.
Plus, we've upped our Azure game with the Discover 6100v for Azure, which now offers 10G performance that is compatible with the Azure virtual network TAP.