ExtraHop 7.5 and Reveal(x) Winter 2019 refine the user experience by simplifying workflows for detections, devices, and appliance administration.
Our 7.5 release notes provide a comprehensive list of new features, enhancements, and fixes for each appliance with links to the most relevant technical documentation, but here are some quick links to information about our most exciting new features.
Detection Drill Downs
Detections surface unusual activity on your network, but then what? You can launch your investigation by drilling down from detections that have metric details.
We also added Next Step links to specific security detections, which take you to more details that are relevant to your investigation. For example, the Next Steps links in reconnaissance scan detections provide a list of the individual clients, servers, IP addresses, or ports that were scanned by a potential attacker.
We've redesigned the Overview page to make it easier to identify all of the information captured about your network devices.
In addition to the information you've always been able to view, we now show you active users who have logged into the device and the known operating system and hardware vendors. New built-in roles better classify devices by their protocol activity.
Dynamic Device Groups
And when you need to classify devices by your environment-specific needs, you can now apply advanced filters to create dynamic device groups based on multiple criteria. For example, you can create a device group based on the time a device was discovered and a device tag.
Extending GeoIP Visibility
Quickly identify the geographic location of a suspicious IP address from drill down and detail pages. In addition, you can filter devices by IP addresses and by internal or external network locality.
For ExtraHop Administrators
By leveraging your existing SAML identity provider, you can now configure single sign-on (SSO) access to Discover and Command appliances.
Local User Groups
With the addition of SAML SSO, you can now create user groups on the appliance with both local and remote users. User groups enable you to centrally manage shared access to user-created content on the ExtraHop system, such as dashboards and activity maps.
Certificate-free SSL Decryption
Session key forwarding enables you to securely decrypt SSL traffic, and you no longer need to upload the certificate and private key from the monitored server. (Available for Windows and Linux servers.)
With a Trace appliance, you have the added bonus of securely storing session keys on the appliance.