While release notes provide a comprehensive view of our 7.9 release, here is a preview of our most exciting new features.
We continuously refine and expand our machine-learning and rules-based detections, and in 7.9 we further enhanced the tools on our Detections page to enable you to triage and respond quickly to potential issues surfaced by your ExtraHop system.
By default, the Detections page now groups detections by type and sorts by the highest risk score. (Risk scores are only available for security detections on Reveal(x) systems.)
In 7.8, we added breadcrumbs to help you keep track of your investigation as you move throughout the system. In 7.9, you can hover over offender and victim participants to view full device properties about your endpoints directly in the detection card:
External IP addresses show geolocation and provide a link to the ARIN Whois Lookup:
Reveal(x) detections include rich details about security risks, attack backgrounds, mitigation options, and reference links to security organizations such as CVE and MITRE.
Click Details beneath a detection title:
Large monitors display these details automatically to the right.
Assets & Endpoints
The Assets page now presents an updated Devices page—designed to optimize your search results with pre-loaded filters.
- Click the count of Active Devices to see a table view of all of your devices within the selected time interval.You can still sort and filter all devices by familiar columns, but now you can also sort and filter devices by their Analysis Level.
- Click the count of New Devices to see a table view of devices discovered within the past 5 days.
- Click on any entry in Devices by Role to see a filtered table of devices that are assigned to the selected device role—including new device roles for VPN Gateway, IP Camera, and WI-Fi Access Point.
And if a device is associated with any detections, you can now see the participant role from the Overview page for the device in the Detections tab.
For ExtraHop Administrators and API Developers
- Configure the Discover appliance to send and store transaction-level records to BigQuery and Splunk. Your ExtraHop users can then query for records directly from the Records page and from record links throughout the ExtraHop system.
- Automate your ExtraHop firmware upgrades through the REST API. In multi-appliance implementations, be sure to follow the upgrade guidance and read the release notes for your appliance and for the Trigger and REST APIs.
- The Reveal(x) EDA 1200 is now available for deployment.