ExtraHop 7.7 adds visibility, flexibility, and more opportunities to customize your workflows.
While release notes provide a comprehensive view of our 7.7 release, here is a preview of our most exciting new features.
We've continued to enhance detections to improve the signal-to-noise ratio and give you more control over what matters most. In addition, we're adding detections for common vulnerabilities and exploits associated with systems such as Apache Struts2 and Remote Desktop Services (also known as BlueKeep).
You can now create your own custom detections! (Available for Reveal(x) systems now, and coming soon for all other Discover appliances.) Specify a trigger with metadata, such as the detection type, title, category, and risk score. When the detection occurs, you can filter and sort detections to quickly find what you need or create an alert that notifies you when your detection occurs.
To improve the accuracy of our detections, we've added a Custom Parameters page, where you can specify details about your network environment. The fields and options on this page can be dynamically updated through ExtraHop Cloud Services as we continue to enhance detections.
- The autocomplete feature enables you to now view method and property definitions from the Trigger API Reference directly inline in the Trigger Editor. Click the information icon to view content.
- The autocomplete feature also now displays valid arguments for methods as you write.
- Assign your trigger to sources, such as devices and device groups, directly from the Trigger Editor.
Reveal(x) systems now also include automatic prioritization for your devices and present three distinct overviews of your traffic metrics: security, network, and perimeter.
The Security Overview showcases your detections data from different perspectives in a series of visual and count charts. Quickly scan for detections flagged with high risk scores and for critical assets. Then, click on any area to open related system pages where you can continue your investigation.
The Network Overview provides an at-a-glance view of your active and new device counts, protocol activity, and helps you keep tabs on weak or potentially suspicious activity through security-relevant signal metrics.
The Perimeter Overview highlights inbound and outbound traffic with a halo visualization that displays potential risks for exfiltration and command and control servers. Keep track of large bulk transfers and traffic to unknown or uncommon domains—especially those marked suspicious per threat intelligence data.
New Reveal(x) systems are now pre-configured to autofill devices for the highest available analysis level. We also added built-in device groups that are automatically selected for Advanced Analysis to ensure that you don't miss out on high-value metrics for domain controllers, DHCP servers, and recently-discovered devices. (You can always change your configuration, but these options ensure that your Reveal(x) system is ready to go out-of-the-box.)