back caretBlog

What's New in 8.4 and Reveal(x)

While release notes provide a comprehensive view of our 8.4 release updates, here is a preview of our most exciting new features.

Threat Briefings

In 8.4 we introduce Threat Briefings, which provide you with guidance about industry-wide security events. These briefings are cloud-updated as details emerge about indicators of compromise (IOC), potential attack vectors, and known risks.

Check out the briefings for the SUNBURST, Zerologon, ProxyLogon, and Bad Neighbor attacks. Each attack briefing offers a summary description and highlights relevant detections and metrics that enable you to assess whether your network has been compromised.

SUNBURST threat briefing


You can now export the full detail page for a detection as a PDF, making it easier to email information to stakeholders who don't have access to the ExtraHop system.

VPN data exfiltration detection


Halo visualizations have been added to both device and device group pages, where you can see connections to cloud service providers, by country, and for large uploads.

Halo visualization, traffic by cloud service

When creating a custom device, you can now specify the direction of traffic relative to an IP address or specify a peer IP address. This option enables you to focus on collecting only the metrics you need, such as the traffic sent to an IP address or all of the traffic sent and received between a source and destination.

Specify traffic direction to outbound from IP address

The ExtraHop system now assigns the NAT Gateway device role to devices associated with four or more OS fingerprint families and to devices associated with four or more hardware makes and models.


You can now filter record queries by device group. Select a device group when you create a filter for any field that specifies devices, such as Device or Client.

New record query, HTTP Servers

You can also view records from a device group page by clicking Records.

HTTP servers device group

Reveal(x) 360 Only

In addition to ExtraHop Okta for user management, you can now configure your own SAML 2.0 identity provider.

SAML identity configuration

If you have CrowdStrike Falcon, you can enable device links in Reveal(x) 360. These links appear on the Device Overview page and anywhere you can hover over the device name. Click the link to view device details in Crowdstrike.

Device Overview page displaying device in CrowdStrike Falcon

Visit our Customer Community for upgrade options and let us know if you have any questions!

ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed