All client, application, and business activity travels through your network—the wire. This makes wire data one of the biggest and richest sources of intelligence. When you extract your wire data, you also need to be able to visualize and explore it easily to gain meaningful information you can act on.
Start with Machine Learning
Humans are much better at making decisions than machines. But machines are much better at analyzing large sets of data. That's why any data analysis solution should start with machine learning to bring order to large sets of data.
ExtraHop's Addy service applies machine learning to your wire data, automatically building baselines for every device, network, and application, and then alerting you to anomalous behavior. This anomaly detection is much more accurate than traditional alerting and also detects issues that you never thought to build an alert for.
With Addy, the ExtraHop platform gives you the context you need to take action. From there, you can easily answer questions with rapid access to the details of any transaction record. With a global search, visual query capabilities, and customizable dashboards, you can find the data that is most important to you, and then see and explore that data on the fly.
An Interface that Works the Way You Do
The ExtraHop platform equips you with both top-down and bottom-up workflows: You can start with a high-level view and then drill down to devices, individual transactions, and even the exact packets that comprise those transactions. Or you can start with an outlying transaction—one with too-long processing time or unusual response size, for example—and then investigate from there. Whatever your approach, the ExtraHop platform equips you to ask questions of your wire data and get answers in real time.
The ExtraHop platform includes automatically populated role-based dashboards for teams across your organization, including teams that manage network, web, database, storage, security, and other technologies.
The ExtraHop platform offers a simple, intuitive user interface that makes it easy to create new visualizations of your wire data. You can create a new widget in three steps: 1) Select your data source and metrics, 2) Select the visualization type, and 3) Save it to your dashboard.
When you're ready to share your analysis, you can quickly export charts and the background data points to PDF, Excel, or CSV.
Visual Query Language
Much more than just search, the visual query capabilities in the ExtraHop platform enable you to explore your transaction and flow records through multidimensional analysis. You can refine or change your query by clicking UI elements that control grouping, pivoting, sorting, filtering, and time-range selection. There are dozens of built-in record types and hundreds of record attributes available, and you can also define your own custom records with their own attributes.
The visual query language makes it possible to quickly ask and refine questions without having to learn a query language. For example, you could start with a particular troublesome SQL statement, then see how different iterations of that database call are performing. In a security context, you could sort SQL messages by query string to identify attempted SQL injection attacks; with the malicious IP address identified, you could then pivot to see all the activity of that client on the network over the last month. Export that information to Excel, CSV, or visualization tool such as Tableau or Qlik, and you have a step-by-step map of what the attacker did!