While release notes provide a comprehensive view of our 8.2 release updates, here is a preview of our most exciting new features.
Seeing how the participants in a detection are connected to each other and to other devices on the network is integral to security investigations. In 8.2, we do the heavy lifting for you with participant filters, activity maps, and comparative analysis.
When the Detections page is grouped by Types, a summary of top participants appears at the top of the list of each detection type. You can click the offender or victim filters to add selected participants and quickly narrow your view to detections with only those participants.
In detections that are generated when device behavior is anomalous as compared to similar devices, we show you a visualization of the differences in the metric for the offender and similar devices over a long lookback period. By viewing Compare Behaviors, you can quickly assess whether the offender's behavior is expected and approved—or a cause for further investigation.
When a detection is generated for IP address and port scans or for network privilege escalations, you can view an activity map that shows you how the offenders and victims were communicating with each other and other devices on the network at the time of the detection.
You can also format custom detections to add a personalized display name and links to MITRE techniques, so that you can view your custom detection in the ExtraHop MITRE Techniques matrix.
Assets & Endpoints
We've updated the Devices page to show you a summary of all of your devices by role and protocol activity on a single page:
You can now see metrics and charts about device traffic to cloud services:
And you can now filter device groups by any criteria without needing Full Write privileges:
Filter by a device role or protocol activity and easily create an ad-hoc device group:
See multiple DNS names under Known Aliases for devices:
Add cloud properties for your devices through the REST API, and view them on the Device Overview page:
Reveal(x) 360 Only
You can now configure Network Localities on Reveal(x) 360 to provide the system with a more robust understanding of your network and device behaviors. These settings refine and hone the accuracy of detections.
You can also now upload threat intelligence collections to Reveal(x) 360 to surface known suspicious IP addresses, hostnames, and URIs:
For ExtraHop Administrators
- SNMP service settings are available in Explore and Trace appliances.
- REST API developers can now automate the following tasks: - Add the cloud properties for a device - Retrieve device information through multiple DNS names
We have updated some of the language you might be familiar with in ExtraHop products to stay current with our evolving industry and ever-expanding configuration options.
The ExtraHop system can be deployed in many ways—physical appliances, virtual appliances, cloud-based appliances, self-managed, and ExtraHop-managed (through our SaaS offering). All of these offerings provide smart sensor analytics for your sites.
- Wire networks are now referred to as sites.
- Discover appliances are now referred to as sensors.
- The primary interface on a sensor is now referred to as a Sensor Console.
- The primary interface on a connected Command appliance or Cloud Control Plane is now referred to as a Command Console