NEW

2024 True Cost of a Security Breach

Arrow pointing right
ExtraHop Logo
  • Productschevron right
  • Solutionschevron right
  • Why ExtraHopchevron right
  • Blogchevron right
  • Resourceschevron right

Professional Services Highlights


Credit Bundles

Available in three sizes, designed to fit all your needs. Buy either a starter, standard, or advanced credit bundle and then draw down from that pool of credits for any services you require for up to a year from the purchase.

Starter

60 Credits

The starter credit bundle is intended to provide a base level of credits with which you will rapidly implement, and integrate ExtraHop into their existing environment.

Standard

100 Credits

The standard credit bundle is intended to provide you with enough credits to integrate and deploy ExtraHop into the environment, drawing from several predefined use cases, training and integration options.

Advanced

150 Credits

The advanced credit bundle is intended to provide you with ample credits to implement a fully customized solution-optimized to your unique environment and needs.

Quick Starts

Reduce Time-to-Value, Increase the Return on Your ExtraHop Investment

Application Monitoring and Troubleshooting

  • Build three-tier monitoring dashboard for a single application
  • Develop custom metrics as needed
  • Document the metrics being collected and their relationship overall performance

Network-Based Threat Hunting

  • Provide a hands-on, two- to three-hour threat hunting sessions
  • Offer saved queries, permitting the customer to reuse complex queries related to pattern matching and allowing for self-service in the future
  • Demonstrate use-case specific dashboards providing data access and visibility based on saved queries

Cyberattack Surface Reduction

  • Create a dashboard of vulnerable protocols
  • Create a detailed report describing top offenders and key high-risk vulnerabilities within the customer environment

Optimized Network Threat Detection

  • Deliver a hands-on tutorial via a collaborative multi-session engagement with the customer's security analysts to improve detection management, including reducing false positives; eight hours in total
  • Create critical asset groups to prioritize security incident visibility to the most important assets in the customer environment
  • Create specific-use device groups, such as external or internal vulnerability scanning systems, to reduce false positive detections

Asset Discovery and Classification

  • Build device groups
  • Explore up to three possible dashboard use cases
  • Explore opportunities to export data from Reveal(x) into asset management platforms
  • Create asset reports highlighting discovered, unclassified, and unknown assets for customer action
  • Review base sensor configuration
  • Review versioning of appliances
  • Review the data feed and apply specific dashboards related to data feed health and improvement
  • Patch where applicable, log support cases where applicable, and loop in success manager

Data Feed Workshop

  • Review base sensor configuration
  • Review versioning of appliances
  • Review the data feed and apply specific dashboard related to data feed health and improvement
  • Patch where applicable, log support cases where applicable, and loop in success manager

Sensor Upgrades

  • Compatible EDA-to-EDA migration

Sensor Patching

  • Preparation meeting
  • Firmware upgrade

Live Training

Analyze network traffic to reduce risk in your IT environment.

Instructor-Led Training Sessions

Any on-site class requires travel fees for our instructors

Expand all
Fundamentals
16 Credits
12 Hours

Fundamental Training utilizes live customer data. It provides a general overview of what ExtraHop is and how it collects, analyzes and visualizes data in a network. It covers the layout and navigation of the ExtraHop UI, viewing and interpreting default network and application protocol metrics from different perspectives (such as a single device, a group of devices or an application container). It explains the workflow from high-level overviews to detailed analysis. It reviews the data exposed in the default dashboards, demonstrates other visualization features and provides hands-on experience with creating, using and sharing dashboards.

Advanced
10 Credits
7 Hours

Advanced Training utilizes live customer data and builds on the concepts covered in the Fundamentals training, providing a deeper dive into a range of features, configurations and customizations. It focuses on customizations that extend the platform, such as alternative device discovery, supplementing device properties, creating metric alert notifications, detection management, and the use of ExtraHop's Trigger and REST APIs. It also provides an opportunity for attendees to suggest use cases of interest as they’ve gained experience with the ExtraHop platform.

Administrator
6 Credits
4 Hours

Administrator training is for team members who are responsible for managing the ExtraHop system. These sessions explore ExtraHop components such as packet sensors, packetstores, recordstores, and consoles, as well as related upgrades, settings, and configurations. These sessions equip administrators to effectively monitor appliance status, configure network, access, and appliance settings, cluster appliances, and refine system configurations. Administrator training also covers integrations and automation and configuration using the REST API

Extrahop Architecture and Basic Navigation
4 Credits
2 Hours

This session outlines how the ExtraHop platform captures, analyzes, stores, and visualizes metrics and devices in the environment in real-time and at scale. We will explain the ExtraHop architecture and services, and will demonstrate how to login to the ExtraHop system and high level navigation in the ExtraHop web UI.

Using the Overview Pages
4 Credits
2 Hours

Overview pages enable you to quickly evaluate risk within your network, understand the scope of anomalous activity on your network, and understand the devices involved. In this session we will focus on high-level visibility into security detections that have fired in your environment in order to determine which detections or devices to investigate first, and review any relevant threat briefings about industry-wide security events. We will explore a visual map that provides insight into the scope of all detections and connections between devices. We will view internal device connections with external endpoints, with a focus on cloud services in use, the geolocation of external IPs, and data uploads to external sources.

Deep Dive into Device Discovery and Device Properties
4 Credits
2 Hours

xtraHop automatically discovers and classifies endpoints it sees communicating on the wire. In this session we will explain ExtraHop's default device discovery process and alternative options for discovery that can be configured. We will review the properties ExtraHop observes and associates with a device. We will discuss various types of gateway/edge devices that ExtraHop classifies (such as routers, proxies, NAT gateways, firewalls) and how traffic is observed through different gateways.

Exploring Device Data
4 Credits
2 Hours

We will explore which peers a device is communicating with, what protocols are in use, when a device acts as a client or a server and whether the device activity is normal or not. We will demonstrate how to interpret the L2-L7 metrics and charts to help you determine if a device is having an issue, or if there is an application or network problem.

Security Detection Overview
4 Credits
2 Hours

When anomalous behavior is identified, RevealX generates a detection and displays the available data and investigative options. This session uses examples of security and operations detections to discuss the common elements within detection cards, such as the cause of the detection, the detection category and risk score, when the detection occurred, and the victim and offender participants. We will expand our focus to the types of data provided on the detection detail page that are valuable for understanding, validating, and investigating a detection—related detections, activity maps, comparative behaviors, and investigative data and links.

Basic Detection Tuning
4 Credits
2 Hours

Detection tuning enables you to better control which detections are visible or sent to your SIEM, if integrated. In this session we will focus on the use cases and prerequisites for creating detection rules to hide detections based on the specific victim, offender, or both, after the behavior has been investigated. We will discuss the various options and settings to manage detection rules and view hidden detections.

Creating Successful Dashboards
4 Credits
2 Hours

A dashboard is a fully customizable HTML page that displays both real-time and historic data. In this session we cover the reasons to use dashboards, how to decide what data to include, and how to find it in the ExtraHop UI and Metric Catalog. We will build a basic dashboard, explore different chart types, and demonstrate the elements that make your dashboards effective. We will expand our exploration of chart types and discuss which chart types to use when. We will demonstrate different ways to organize and present data and how to provide context so that it is meaningful to your targeted audience.

Creating Alerts
4 Credits
2 Hours

Alerts are notifications that can be configured to be sent to various recipient sources when an event of interest occurs. In this session we will discuss the different types of alerts, the conditions that can be configured to send alerts, and how we can determine that an alert has fired. We will create a basic threshold alert based on a condition in your environment you want to monitor and examine how we send an alert through email or integrate with other sources through SNMP or syslog. We will then focus on trend alerts and their use cases and demonstrate how to configure multiple conditions.

Getting Started with Triggers
4 Credits
2 Hours

Application Inspection Triggers are the primary way of extending the ExtraHop platform. This session will cover trigger use cases and the basics of planning and creating triggers. We will discuss when to write a trigger, how to view trigger resources, and how to create a basic trigger.

Getting Started with the REST API
4 Credits
2 Hours

The ExtraHop REST API enables you to automate administration and configuration tasks on your ExtraHop system. This session will first focus on configuring API access permission. We will introduce the REST API Explorer web-based tool and use it to view resources, methods, parameters, properties, and error codes. We will demonstrate how to locate object IDs and perform operations directly through the tool. We will view the available code samples in Python, cURL, and Ruby.

Custom Session
4 Credits
2 Hours

This session is customer-driven and based on use cases of interest. It is an opportunity to get a refresher on specific topics or areas where you want more depth or clarity.

Integrations

Reduce Tools Complexity, Increase Productivity and Efficiency With Integrations

EDR

CrowdStrike

CrowdStrike Enterprise

Carbon Black

Microsoft Defender

SIEM

Splunk for SOAR

Splunk

QRadar

QRadar Enterprise

Cortex for SOAR

Sumo Logic

LogRhythm

Exabeam

Perimeter

Microsoft 365

Netskope

Palo Alto Networks

CheckPoint

Cisco Meraki

Decryption

Microsoft Decryption

Ticketing

ServiceNow

PagerDuty

Rapid7

Detection

Splunk Enterprise

Red Hat Ansible Tower

Deployments

Deploy Your ExtraHop Investment With Confidence

Project Kickoff

  • The ExtraHop delivery coordinator will schedule a kickoff call with all relevant stakeholders and . technical personnel to initiate this service, define the full project team, review timelines, review the bill of materials, and review scope.
  • ExtraHop will create an architecture design review and coordinate with the project team to review data center architecture, ExtraHop appliance placement, and packet acquisition methods to ensure the data feed will align with visibility goals.

Application Installation

  • The client team will perform necessary tasks to ensure appliances are powered on and accessible remotely, via IP, for configuration by ExtraHop.
  • The ExtraHop team will provide the customer with guidance and best practices around appliance installation, virtual resource requirements (if applicable), and packet acquisition.

Initial Configuration

  • The ExtraHop delivery coordinator will schedule a working session to ensure that appliance installation, initial setup, and administration tasks are completed within the Reveal(x) user interface (UI) of all deployed appliances.
  • An ExtraHop solutions architect will run through a post-installation checklist to ensure the proper functioning and setup of the appliance.

Data Feed Validation

  • An ExtraHop solutions architect will conduct a data feed review to confirm data fidelity, review data feed health, and confirm that visibility goals have been achieved. The solutions architect will review the following and troubleshoot as necessary:

Project Acceptance

  • Upon completion of the data feed validation, the ExtraHop delivery coordinator will confirm with the client team that the project has been completed according to the agreed upon scope and that the ExtraHop appliances are operational and have been successfully deployed.