While release notes provide a comprehensive view of our 8.4 release updates, here is a preview of our most exciting new features.
In 8.4 we introduce Threat Briefings, which provide you with guidance about industry-wide security events. These briefings are cloud-updated as details emerge about indicators of compromise (IOC), potential attack vectors, and known risks.
Check out the briefings for the SUNBURST, Zerologon, ProxyLogon, and Bad Neighbor attacks. Each attack briefing offers a summary description and highlights relevant detections and metrics that enable you to assess whether your network has been compromised.
You can now export the full detail page for a detection as a PDF, making it easier to email information to stakeholders who don't have access to the ExtraHop system.
When creating a custom device, you can now specify the direction of traffic relative to an IP address or specify a peer IP address. This option enables you to focus on collecting only the metrics you need, such as the traffic sent to an IP address or all of the traffic sent and received between a source and destination.
The ExtraHop system now assigns the NAT Gateway device role to devices associated with four or more OS fingerprint families and to devices associated with four or more hardware makes and models.
You can now filter record queries by device group. Select a device group when you create a filter for any field that specifies devices, such as Device or Client.
You can also view records from a device group page by clicking Records.
Reveal(x) 360 Only
In addition to ExtraHop Okta for user management, you can now configure your own SAML 2.0 identity provider.
If you have CrowdStrike Falcon, you can enable device links in Reveal(x) 360. These links appear on the Device Overview page and anywhere you can hover over the device name. Click the link to view device details in CrowdStrike.