back caretBlog

What's New in ExtraHop 7.7 and Reveal(x)

ExtraHop 7.7 adds visibility, flexibility, and more opportunities to customize your workflows.

While release notes provide a comprehensive view of our 7.7 release, here is a preview of our most exciting new features.


We've continued to enhance detections to improve the signal-to-noise ratio and give you more control over what matters most. In addition, we're adding detections for common vulnerabilities and exploits associated with systems such as Apache Struts2 and Remote Desktop Services (also known as BlueKeep).

Detection example in Reveal(x)

Custom Detections

You can now create your own custom detections! (Available for Reveal(x) systems now, and coming soon for all other Discover appliances.) Specify a trigger with metadata, such as the detection type, title, category, and risk score. When the detection occurs, you can filter and sort detections to quickly find what you need or create an alert that notifies you when your detection occurs.

Custom Parameters

To improve the accuracy of our detections, we've added a Custom Parameters page, where you can specify details about your network environment. The fields and options on this page can be dynamically updated through ExtraHop Cloud Services as we continue to enhance detections.


Power users take note: we've revamped ExtraHop Triggers with a cleaner look and enhanced functionality. You can read more in our API Release Notes, but here are some of the most exciting updates:

  • The autocomplete feature enables you to now view method and property definitions from the Trigger API Reference directly inline in the Trigger Editor. Click the information icon Information Icon to view content.
Autocomplete feature in Reveal(x)
  • The autocomplete feature also now displays valid arguments for methods as you write.
Valid arguments for methods
  • Assign your trigger to sources, such as devices and device groups, directly from the Trigger Editor.
Assign trigger to a source

Reveal(x) Updates

Reveal(x) systems now also include automatic prioritization for your devices and present three distinct overviews of your traffic metrics: security, network, and perimeter.


The Security Overview showcases your detections data from different perspectives in a series of visual and count charts. Quickly scan for detections flagged with high risk scores and for critical assets. Then, click on any area to open related system pages where you can continue your investigation.

Security Overview in Reveal(x)

The Network Overview provides an at-a-glance view of your active and new device counts, protocol activity, and helps you keep tabs on weak or potentially suspicious activity through security-relevant signal metrics.

Network Overview in Reveal(x)

The Perimeter Overview highlights inbound and outbound traffic with a halo visualization that displays potential risks for exfiltration and command and control servers. Keep track of large bulk transfers and traffic to unknown or uncommon domains—especially those marked suspicious per threat intelligence data.

Perimeter Overview in Reveal(x)

Analysis Priorities

New Reveal(x) systems are now pre-configured to autofill devices for the highest available analysis level. We also added built-in device groups that are automatically selected for Advanced Analysis to ensure that you don't miss out on high-value metrics for domain controllers, DHCP servers, and recently-discovered devices. (You can always change your configuration, but these options ensure that your Reveal(x) system is ready to go out-of-the-box.)

Visit our Customer Community for upgrade options and let us know if you have any questions!

ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed