NEW

The True Cost of a Security Breach

Arrow pointing right
ExtraHop Logo
Contact us
Menu iconX icon
  • Productschevron right
  • Solutionschevron right
  • Why ExtraHopchevron right
  • Blogchevron right
  • Resourceschevron right
Sign In
Contact us

Arrow pointing leftBlog

What's New in 8.6 and Reveal(x)

Jeena Khan

September 23, 2021

While release notes provide a comprehensive view of our 8.6 release updates, here is a preview of our most exciting new features.

Detections

In 8.6, users can add detections to an Investigation. Investigations show a map of the offenders and victims from the added detections, so you can more easily visualize connections and determine whether your network is under attack or experiencing a broader incident.

Create Investigation for possible C&C

Detection Notifications have expanded from email to webhooks. Write a webhook for a target app, so the right team can be notified immediately and shorten their response time. Check out the example templates for Slack, Microsoft Teams, and Google Chat in our Webhook Reference.

Creating a Webhook for AWS Cloud Service Enumeration

You can also now create a rule to be notified when the risk score changes above a certain threshold.

Setting the minimum risk score to 75

And you can filter by the risk score.

Filtering risk scores by 60 minimum

Devices

The Device Overview page now includes a Similar Devices tab. Click to view devices that were observed with similar network traffic behavior by machine-learning analysis. Similar devices can provide insight into normal device behavior when threat hunting.

Similar Devices Tab in Device Overview

The ExtraHop system automatically identifies high value devices that provide authentication or essential services on the network. You can manually add or remove the high value designation from a device's properties, but this change can affect the risk score in detections where the device is a participant and can affect results when filtering for high value devices.

Adding a high value device in the Device Properties tab.

You can configure a custom device to collect metrics from remote sites such as inbound and outbound throughput, retransmission timeouts, round trip times, and zero windows. Remote site metrics enable you to easily gain visibility into traffic between remote sites and a data center.

Collecting remote site metrics in custom devices

Reveal(x) 360 Only

Reveal(x) 360 users are invited to try out our beta Microsoft 365 Integration. Retrieve data from Microsoft 365 and Azure Active Directory for analysis by the ExtraHop system through metrics, records, and detections.

Visit our Customer Community for upgrade options and let us know if you have any questions!

Discover more

CybersecurityTechNDRRevealXLaunches

Explore related articles

What's New in 8.5 and Reveal(x)

June 16, 2021

Read a preview of our most exciting new features, then check the release notes for a comprehensive view of our 8.5 release updates.

CybersecurityNDRRevealXLaunches
Read articleArrow pointing right

Why Decryption Is Necessary for Security

September 14, 2021

Encryption is central to modern security architecture, but it also allows attackers to conceal their activity. Learn why secure decryption is also the key to effective cyberdefense.

CybersecurityTechNDRDecryptionRevealX
Read articleArrow pointing right

What are Kerberos Golden Ticket Attacks and How to Detect Them

August 31, 2021

Kerberos authentication protocol can be exploited in golden ticket attacks. Learn how adversaries pull off these attacks and how to detect and prevent them.

CybersecurityRevealXNDR
Read articleArrow pointing right

Experience RevealX NDR for Yourself

Schedule a demo
Contact us