back caretBlog

What's New in 8.2 and Reveal(x)

While release notes provide a comprehensive view of our 8.2 release updates, here is a preview of our most exciting new features.


Seeing how the participants in a detection are connected to each other and to other devices on the network is integral to security investigations. In 8.2, we do the heavy lifting for you with participant filters, activity maps, and comparative analysis.

When the Detections page is grouped by Types, a summary of top participants appears at the top of the list of each detection type. You can click the offender or victim filters to add selected participants and quickly narrow your view to detections with only those participants.

Detection participant summary

In detections that are generated when device behavior is anomalous as compared to similar devices, we show you a visualization of the differences in the metric for the offender and similar devices over a long lookback period. By viewing Compare Behaviors, you can quickly assess whether the offender's behavior is expected and approved—or a cause for further investigation.

Compare behaviors chart

When a detection is generated for IP address and port scans or for network privilege escalations, you can view an activity map that shows you how the offenders and victims were communicating with each other and other devices on the network at the time of the detection.

Activity Map

You can also format custom detections to add a personalized display name and links to MITRE techniques, so that you can view your custom detection in the ExtraHop MITRE Techniques matrix.

Detection Formats

Assets & Endpoints

We've updated the Devices page to show you a summary of all of your devices by role and protocol activity on a single page:

Devices Page

You can now see metrics and charts about device traffic to cloud services:

Devices Page

And you can now filter device groups by any criteria without needing Full Write privileges:

Device Role Overview

Filter by a device role or protocol activity and easily create an ad-hoc device group:

Group By Device Role or Protocol

See multiple DNS names under Known Aliases for devices:

Multiple DNS Names

Network, Security, and Perimeter Overview pages now offer site selection and the ability to generate executive reports for multiple sites:

Site Selector

Add cloud properties for your devices through the REST API, and view them on the Device Overview page:

Cloud Properties

Reveal(x) 360 Only

You can now configure Network Localities on Reveal(x) 360 to provide the system with a more robust understanding of your network and device behaviors. These settings refine and hone the accuracy of detections.

360 Network Localities

You can also now upload threat intelligence collections to Reveal(x) 360 to surface known suspicious IP addresses, hostnames, and URIs:

360 Threat Intelligence

For ExtraHop Administrators

Terminology Updates

We have updated some of the language you might be familiar with in ExtraHop products to stay current with our evolving industry and ever-expanding configuration options.

The ExtraHop system can be deployed in many ways—physical appliances, virtual appliances, cloud-based appliances, self-managed, and ExtraHop-managed (through our SaaS offering). All of these offerings provide smart sensor analytics for your sites.


  • Wire networks are now referred to as sites.
  • Discover appliances are now referred to as sensors.
  • The primary interface on a sensor is now referred to as a Sensor Console.
  • The primary interface on a connected Command appliance or Cloud Control Plane is now referred to as a Command Console

Visit our Customer Community for upgrade options and let us know if you have any questions!

ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed