Index and Store

Recording data is not enough. It needs to be available to users in real time.

The ExtraHop platform has the unique ability to extract and transform unstructured data packets into wire data at line rate. But making that information immediately useful is just as important. That's why the ExtraHop platform features a highly-scalable, cost effective streaming architecture that allows you to act on your data in real time.

Immediate Access to Metrics, Records, and Packets

ExtraHop makes it easy to apply Big Data techniques to your data in flight. You don't have to worry about building out, managing, and tuning a Big Data infrastructure. The ExtraHop platform is plug-and-play—just feed it a copy of your network traffic and you're on your way to insights you can act on now.

The platform indexes and stores your wire data in three complementary formats:

  1. Correlated, cross-tier metrics in the ExtraHop Discover appliance (EDA), featuring a streaming datastore that is optimized for time-sequenced telemetry. The Discover appliance provides you with immediate visibility into more than 4,000 metrics that populate customizable, real-time dashboards. You can easily see all communications across your entire environment.

  2. Transaction, message, and flow records in the ExtraHop Explore appliance (EXA). Built on scalable Elasticsearch technology, the Explore appliance allows you to conduct a multidimensional analysis of your wire data, even if you don't know any query languages. While similar to log analytics platforms in some respects, the Explore appliance performs search and analytics for wire data—a much richer, consistent, and reliable source of information than you get from machine logs.

  3. Forensic evidence in the form of packets in the ExtraHop Trace appliance (ETA). See a transaction record of interest? Grab just those packets for a deep-dive root cause analysis or to meet chain-of-custody requirements for legal prosecution. You can also compose a new packet query, filtering down to just the kilobytes of packet capture you care about.

As metrics are indexed, the ExtraHop platform classifies newly discovered devices based on heuristic analysis of machine information and behavior. For example, if a machine responds to database requests, then it is a classified as a database server. This discovery and classification requires application fluency and is the most accurate method. The platform automatically builds activity baselines for all clients, systems, applications, and infrastructure so that you can receive predictive trend-based alerts when something is out of the ordinary.

You can customize the intelligent alerting engine, so you can create trending and predictive alerts based on behaviors and events that are indexed and stored, either now or in the past. These can be based on behaviors like anomalous network activity, web application and database errors, unusual payload size, slow transactions, poor end-user experience, and expiring SSL certificates. This approach offers significant benefits for security analytics, business transaction analysis, and predictive early warning for client, application, and network performance trends.

ExtraHop Activity Groups GraphicThe ExtraHop platform automatically classifies newly discovered devices and groups them accordingly—no tagging required.
Unlimited Lookback GraphicTrend-based alerts automatically fire when behavior deviates from normal.

Storage On Your Terms

Unlike other monitoring and analytics products that require you to purchase marked-up storage to keep your own historical data, we believe you should be able to store as much as you want without incurring a data tax.

You can use your existing NAS infrastructure to extend the datastore of the ExtraHop Discover appliance. With this capability, you can perform longitudinal analysis of wire data over an expansive time period. Our customers find this useful for capacity planning, proving optimization and continuous improvement, and demonstrating historical compliance efforts. It's also useful for analyzing business activity like order type, revenue, and transactions over time.

Your transaction, message, and flow records are stored in a resilient cluster of ExtraHop Explore appliances, built on proven Elasticsearch technology. With this architecture, you can easily add nodes as your data grows, providing you with unprecedented historical lookback into your transactions on the wire.

Go Back: Extract and Transform See Next: Visualize and Explore