back caretBlog

What's New in 8.1 and Reveal(x)

While release notes provide a comprehensive view of our 8.1 release updates, here is a preview of our most exciting new features.

Detections

Detections help teams watch for common and emerging threats by identifying known attack vectors and linking to industry knowledgebases, such as the MITRE ATT&CK® framework. In 8.1, we've added a matrix of MITRE tactics and techniques that showcases the threats that are covered by ExtraHop detections and the detections on your system that match those techniques. Plus, we've added a filter that enables you to search matching detections by specific technique IDs.

Detections Collage Click image to zoom

You can now hide all detections from a particular participant: victim or offender. Create a rule to hide detections from noisy (but approved) vulnerability scanners.

Hide Detections Like This Click image to zoom

When grouping by source, you can also view details about the role that source has played in detections on the network and a summary of the detection types that involve that source device.

Device Detection Summary Click image to zoom

Assets & Endpoints

The 8.1 release has enhanced how the ExtraHop system tracks your discovered devices and connections to remote endpoints.

Identify users who have logged in through WiFI login credentials to track users that are accessing mobile devices on your network, such as phones, tablets, and laptops.

Track the history of an IP address across multiple devices when the ExtraHop system is configured for L2 Discovery.

Track the history of an IP address Click image to zoom

Internal VPN traffic is now classified. These devices are assigned the VPN Client role and associated with their external hostname or IP address. You can also now add observations through the REST API to associate IP addresses. For example, you can associate the IP address of a VPN client on your network with the external IP address assigned to the VPN user on the internet.

Associated IP Addresses Click image to zoom

Reveal(x) systems show connections to and from external cloud service providers on the Perimeter overview page's halo visualization.

For ExtraHop systems with a recordstore, a set of L7 records is automatically collected without the need to write a trigger. You can view the default selections and enable or disable records from the Settings / Records page.

For ExtraHop Administrators

Visit our Customer Portal for upgrade options and let us know if you have any questions!

Related Blogs

Sign Up to Stay Informed