While release notes provide a comprehensive view of our release updates, here is a preview of our most exciting new features!
Reveal(x) 360 Integrations
Reveal(x) 360 users can take advantage of the following new integrations to bring ExtraHop data into select third-party applications:
IBM Security QRadar
Export ExtraHop metrics to your QRadar application with the ExtraHop App for QRadar.
Export ExtraHop detections and metrics to your Splunk application with the ExtraHop Add-On for Splunk.
Microsoft Protocol Decryption
Connect a Microsoft Active Directory domain controller to a Reveal(x) 360 sensor to decrypt Microsoft protocol traffic and improve detection of security attacks within your Microsoft Windows environment.
You can now access detection cards and tracking directly from an investigation timeline.
Quickly view high-risk detections that are ongoing in the Open Detections chart. (Closed detections do not appear in the chart.) This chart can help your SOC team more easily triage detections that haven't been closed.
Links to record queries about potential threats can appear even before new detections are updated in the system. By viewing these records, you can jump start your search for threat vectors in your environment.
In 8.8, we've added a number of filters that can help you quickly find your devices:
The Users page now enables you to filter by protocol so you can see which users have accessed devices that are communicating over a protocol.
The Devices page enables you to filter for devices that accepted or initiated an external connection, which can help you determine whether devices are engaged in suspicious activity.
You can also filter for devices by analysis level, which determines what data and metrics are collected for a device.
VPC Flow Logs for Reveal(x) 360
Introducing the Reveal(x) 360 Standard subscription. The EFC 1291v flow sensor enables the ExtraHop system to collect data from flow logs instead of packets.
Administration and API
- Reveal(x) administrators can now upgrade the firmware on connected sensors from Reveal(x) 360. Also available in the REST API through the POST /appliances/firmware/upgrade operation.
- Reveal(x) 360 administrators can now view audit logs. Available in the Reveal(x) 360 REST API through the GET /auditlog operation.
- Added support for the QUIC protocol to the Triggers API.
- New sensors offer guided setup through registration, changing default passwords, and connections to ExtraHop Cloud Services and to a Command appliance or Reveal(x) 360.
Visit our Customer Portal for upgrade options and let us know if you have any questions!