ExtraHop 7.8 adds visibility, flexibility, and more opportunities to customize your workflows.
While release notes provide a comprehensive view of our 7.8 release, here is a preview of our most exciting new features.
Detections offer a powerful way to harness your traffic and proactively identify risks and potential attack vectors. We've added tools to show bigger picture perspectives as well as ease your navigation through investigative workflows.
Detections now identify participant roles: offenders and victims.
Related detections that occurred before and after the current detection appear in a timeline below the detection details. Look for potential trends where a single offender is found on multiple detections or where an offender in one detection appears as a victim on another.
Investigation Steps can now be found at the top right corner of the detection details card.
After you click a link in the detection details card, you can quickly return to that detection by clicking the detection name in the navigation path or click the x to dismiss the link.
When filtering for detections by criteria, the filtered list of detections now persists even after you click a detection. Click Detections in the navigation path at the top of the page to get back to your filtered list.
ExtraHop Web UI
Investigating and troubleshooting can take you through many parts of the ExtraHop Web UI.
The navigation path helps you keep track of where you are and where you started—so you can view different metrics about a single asset, but always easily return to the same starting point. Click the icon on the left to see recent pages that you can navigate back to.
Bundles have always provided a shortcut to adding pre-formatted customizations to ExtraHop appliances. In 7.8, we've redesigned the Bundles page to make it easier to upload and install bundles.
ExtraHop classifies most devices by the type of traffic associated with the device. In 7.8, we're adding roles that classify your PC, Printer, VoIP Phone, and Medical Device traffic.
In 7.7 we introduced overview pages that provided at-a-glance key metrics about your system security, network, and perimeter. In 7.8 we've added the ability to Print an Executive Report as a PDF file to send to stakeholders who might not have access to your Reveal(x) system.
The report contains a fixed set of metrics from the overview pages for the previous week:
Precision Packet Capture
You can now write a trigger to target packets on your network to collect, store, and download for analysis in a third-party application such as Wireshark. You can filter and search for these packets from the Records page in the Web UI by selecting Packet Capture from the Record Type drop-down menu. Then, click the Packets icon to see more details and download the related PCAP file.
Reveal(x) Premium and Ultra systems offer threat intelligence throughout system charts and tables. In 7.8 there are now ExtraHop-curated default threat collections that can identify known malicious IP addresses, hostnames, and URIs found in your network traffic. You must enable these collections before they can identify potential risks.
You can also still upload STIX files from free or commercial sources through the Web UI or REST API.
ExtraHop Discover Appliances in AWS
You can now deploy Reveal(x) systems of the EDA 1100v (1G), 6100v (10G), and 8200v (25G) in AWS.