Any on-site class requires travel fees for our instructors
Expand allFundamental Training utilizes live customer data. It provides a general overview of what ExtraHop is and how it collects, analyzes and visualizes data in a network. It covers the layout and navigation of the ExtraHop UI, viewing and interpreting default network and application protocol metrics from different perspectives (such as a single device, a group of devices or an application container). It explains the workflow from high-level overviews to detailed analysis. It reviews the data exposed in the default dashboards, demonstrates other visualization features and provides hands-on experience with creating, using and sharing dashboards.
Advanced Training utilizes live customer data and builds on the concepts covered in the Fundamentals training, providing a deeper dive into a range of features, configurations and customizations. It focuses on customizations that extend the platform, such as alternative device discovery, supplementing device properties, creating metric alert notifications, detection management, and the use of ExtraHop's Trigger and REST APIs. It also provides an opportunity for attendees to suggest use cases of interest as they’ve gained experience with the ExtraHop platform.
Administrator training is for team members who are responsible for managing the ExtraHop system. These sessions explore ExtraHop components such as packet sensors, packetstores, recordstores, and consoles, as well as related upgrades, settings, and configurations. These sessions equip administrators to effectively monitor appliance status, configure network, access, and appliance settings, cluster appliances, and refine system configurations. Administrator training also covers integrations and automation and configuration using the REST API
This session outlines how the ExtraHop platform captures, analyzes, stores, and visualizes metrics and devices in the environment in real-time and at scale. We will explain the ExtraHop architecture and services, and will demonstrate how to login to the ExtraHop system and high level navigation in the ExtraHop web UI.
Overview pages enable you to quickly evaluate risk within your network, understand the scope of anomalous activity on your network, and understand the devices involved. In this session we will focus on high-level visibility into security detections that have fired in your environment in order to determine which detections or devices to investigate first, and review any relevant threat briefings about industry-wide security events. We will explore a visual map that provides insight into the scope of all detections and connections between devices. We will view internal device connections with external endpoints, with a focus on cloud services in use, the geolocation of external IPs, and data uploads to external sources.
xtraHop automatically discovers and classifies endpoints it sees communicating on the wire. In this session we will explain ExtraHop's default device discovery process and alternative options for discovery that can be configured. We will review the properties ExtraHop observes and associates with a device. We will discuss various types of gateway/edge devices that ExtraHop classifies (such as routers, proxies, NAT gateways, firewalls) and how traffic is observed through different gateways.
We will explore which peers a device is communicating with, what protocols are in use, when a device acts as a client or a server and whether the device activity is normal or not. We will demonstrate how to interpret the L2-L7 metrics and charts to help you determine if a device is having an issue, or if there is an application or network problem.
When anomalous behavior is identified, RevealX generates a detection and displays the available data and investigative options. This session uses examples of security and operations detections to discuss the common elements within detection cards, such as the cause of the detection, the detection category and risk score, when the detection occurred, and the victim and offender participants. We will expand our focus to the types of data provided on the detection detail page that are valuable for understanding, validating, and investigating a detection—related detections, activity maps, comparative behaviors, and investigative data and links.
Detection tuning enables you to better control which detections are visible or sent to your SIEM, if integrated. In this session we will focus on the use cases and prerequisites for creating detection rules to hide detections based on the specific victim, offender, or both, after the behavior has been investigated. We will discuss the various options and settings to manage detection rules and view hidden detections.
A dashboard is a fully customizable HTML page that displays both real-time and historic data. In this session we cover the reasons to use dashboards, how to decide what data to include, and how to find it in the ExtraHop UI and Metric Catalog. We will build a basic dashboard, explore different chart types, and demonstrate the elements that make your dashboards effective. We will expand our exploration of chart types and discuss which chart types to use when. We will demonstrate different ways to organize and present data and how to provide context so that it is meaningful to your targeted audience.
Alerts are notifications that can be configured to be sent to various recipient sources when an event of interest occurs. In this session we will discuss the different types of alerts, the conditions that can be configured to send alerts, and how we can determine that an alert has fired. We will create a basic threshold alert based on a condition in your environment you want to monitor and examine how we send an alert through email or integrate with other sources through SNMP or syslog. We will then focus on trend alerts and their use cases and demonstrate how to configure multiple conditions.
Application Inspection Triggers are the primary way of extending the ExtraHop platform. This session will cover trigger use cases and the basics of planning and creating triggers. We will discuss when to write a trigger, how to view trigger resources, and how to create a basic trigger.
The ExtraHop REST API enables you to automate administration and configuration tasks on your ExtraHop system. This session will first focus on configuring API access permission. We will introduce the REST API Explorer web-based tool and use it to view resources, methods, parameters, properties, and error codes. We will demonstrate how to locate object IDs and perform operations directly through the tool. We will view the available code samples in Python, cURL, and Ruby.
This session is customer-driven and based on use cases of interest. It is an opportunity to get a refresher on specific topics or areas where you want more depth or clarity.
EDR
CrowdStrike
CrowdStrike Enterprise
Carbon Black
Microsoft Defender
SIEM
Splunk for SOAR
Splunk
QRadar
QRadar Enterprise
Cortex for SOAR
Sumo Logic
LogRhythm
Exabeam
Perimeter
Microsoft 365
Netskope
Palo Alto Networks
CheckPoint
Cisco Meraki
Decryption
Microsoft Decryption
Ticketing
ServiceNow
PagerDuty
Rapid7
Detection
Splunk Enterprise
Red Hat Ansible Tower
The starter credit bundle is intended to provide a base level of credits with which you will rapidly implement, and integrate ExtraHop into their existing environment.
The standard credit bundle is intended to provide you with enough credits to integrate and implement ExtraHop into the environment, drawing from several predefined use cases, training and integration options.
The advanced credit bundle is intended to provide you with ample credits to implement a fully customized solution-optimized to your unique environment and needs.