back caretBlog

What's New in ExtraHop 7.9 and Reveal(x)

While release notes provide a comprehensive view of our 7.9 release, here is a preview of our most exciting new features.

Detections

We continuously refine and expand our machine-learning and rules-based detections, and in 7.9 we further enhanced the tools on our Detections page to enable you to triage and respond quickly to potential issues surfaced by your ExtraHop system.

By default, the Detections page now groups detections by type and sorts by the highest risk score. (Risk scores are only available for security detections on Reveal(x) systems.)

Detections Page

In 7.8, we added breadcrumbs to help you keep track of your investigation as you move throughout the system. In 7.9, you can hover over offender and victim participants to view full device properties about your endpoints directly in the detection card:

Detection Card

External IP addresses show geolocation and provide a link to the ARIN Whois Lookup:

External IP

Reveal(x) detections include rich details about security risks, attack backgrounds, mitigation options, and reference links to security organizations such as CVE and MITRE.

Click Details beneath a detection title:

Detection Details

Large monitors display these details automatically to the right.

Monitors with Details

Assets & Endpoints

The Assets page now presents an updated Devices page—designed to optimize your search results with pre-loaded filters.

Devices Page

  • Click the count of Active Devices to see a table view of all of your devices within the selected time interval.You can still sort and filter all devices by familiar columns, but now you can also sort and filter devices by their Analysis Level.
  • Click the count of New Devices to see a table view of devices discovered within the past 5 days.
  • Click on any entry in Devices by Role to see a filtered table of devices that are assigned to the selected device role—including new device roles for VPN Gateway, IP Camera, and WI-Fi Access Point.

And if a device is associated with any detections, you can now see the participant role from the Overview page for the device in the Detections tab.

Participant Role on Overview Page

Dashboard Collections

Dashboards can now be grouped into collections that you can create, organize, and share with other users and user groups.

Dashboard Collections

For ExtraHop Administrators and API Developers

Visit our Customer Portal for upgrade options and let us know if you have any questions!

Related Blogs

Sign Up to Stay Informed