back caretBlog

What's New in 9.1 and Reveal(x)

While release notes provide a comprehensive view of our 9.1 release updates, here is a preview of our most exciting new features.


You can now tune detections by custom network localities in which the victim or offender is a participant. Detection tuning in Reveal(x) 360

You can also filter and tune hardening detections from summary pages that are available for all hardening detection types. Filtering weak cipher suite detections

A summary of perimeter traffic now appears next to the halo visualizations (Cloud Services, Countries, Large Uploads) on the Perimeter Overview. Quickly identify external connections in the halo visualization, and then drill down into device properties and records. Perimeter overview in Reveal(x) 9.1


A global privilege policy in the Administration settings now lets you control whether users with limited write privileges can create and edit device groups. Editing user privileges in device group properties

And, there is a new role for attack simulators that can be assigned to a device that runs breach and attack simulation (BAS) software. New role for attack simulators in Reveal(x) 9.1


ExtraHop Reveal(x) now displays a screen upon login that includes features available in the most current version. Users can access the feature list later by selecting System Notices from the System Settings menu. New features displayed in Reveal(x) 9.1 login screen

In Reveal(x) 360, administrators can now create a system notification rule to email a recipient list whenever daily record ingest nears or exceeds the daily ingest capacity. Changing system notification setting for recordstore ingests exceeding 80%


  • Reveal(x) administrators users will see a system notice when new firmware is available.
  • There are two new permission levels: one allows you to download packet slices (the first 64 bytes of the packet) and one that allows you to download PCAPs and session keys in a single ng file.
  • REST API updates include the following changes:
    • Added the result_fields field to the POST /devices/search operation, which enables you to specify which fields are returned by the operation.
    • Added the editors field to the POST /devicegroups operation, which enables you to specify users with limited write privileges who can edit a device group.
ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed