Index and Store

Recording data is not enough. It needs to be available to users in real time.

Immediate Access to Metrics, Records, and Packets

ExtraHop makes it easy to apply Big Data techniques to your data in flight. You don't have to worry about building out, managing, and tuning a Big Data infrastructure. The ExtraHop platform is plug-and-play—just feed it a copy of your network traffic and you're on your way to insights you can act on now.

The ExtraHop platform has the unique ability to extract and transform unstructured data packets into wire data at line rate and a highly-scalable, cost effective streaming architecture that allows you to act on your data in real time.

The platform indexes and stores your wire data in three complementary formats:

1 Correlated, cross-tier metrics in the ExtraHop Discover appliance (EDA), featuring a streaming datastore that is optimized for time-sequenced telemetry. The Discover appliance provides you with immediate visibility into more than 4,000 metrics that populate customizable, real-time dashboards. You can easily see all communications across your entire environment.

2 Transaction, message, and flow records in the ExtraHop Explore appliance (EXA). Built on scalable Elasticsearch technology, the Explore appliance allows you to conduct a multidimensional analysis of your wire data, even if you don't know any query languages. While similar to log analytics platforms in some respects, the Explore appliance performs search and analytics for wire data—a much richer, consistent, and reliable source of information than you get from machine logs.

3 Forensic evidence in the form of packets in the ExtraHop Trace appliance (ETA). See a transaction record of interest? Grab just those packets for a deep-dive root cause analysis or to meet chain-of-custody requirements for legal prosecution. You can also compose a new packet query, filtering down to just the kilobytes of packet capture you care about.

Indexing, Trending, and Alerts

As metrics are indexed, the ExtraHop platform classifies newly discovered devices based on heuristic analysis of machine information and behavior. For example, if a machine responds to database requests, then it is a classified as a database server. The platform automatically builds activity baselines for all systems, applications, and networks.

You can can create alerts based on behaviors and events that are indexed and stored, either now or in the past. These can be based on behaviors like anomalous network activity, error messages, unusual payload size, or expiring SSL certificates.

Index and Store Icon

Storage On Your Terms

Unlike other monitoring and analytics products that require you to purchase marked-up storage to keep your own historical data, we believe you should be able to store as much as you want without incurring a data tax.

ExtraHop Discover Appliance - You can use your existing NAS infrastructure to extend the datastore of the ExtraHop Discover appliance. Our customers find this long-term lookback useful for capacity planning, proving continuous improvement, demonstrating compliance efforts, and analyzing business activity like order type, revenue, and transactions over time.

ExtraHop Explore Appliance - Your transaction, message, and flow records are stored in a resilient cluster of ExtraHop Explore appliances, built on proven Elasticsearch technology. With this architecture, you can easily add nodes as your data grows.

ExtraHop Trace Appliance - We are not a storage vendor so enable "bring your own hardware" scenarios for continuous packet capture. This enables you to cost-efficiently add extended storage units—up to 1248 TB for a single deployment—for forensic investigation going back many days.

Learn More About How ExtraHop Works

Go Back: Extract and Transform See Next: Visualize and Explore