Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
Build three-tier monitoring dashboard for a single applicationDevelop custom metrics as neededDocument the metrics being collected and their relationship overall performanceProvide a hands-on, two- to three-hour threat hunting sessionsOffer saved queries, permitting the customer to reuse complex queries related to pattern matching and allowing for self-service in the futureDemonstrate use-case specific dashboards providing data access and visibility based on saved queriesCreate a dashboard of vulnerable protocolsCreate a detailed report describing top offenders and key high-risk vulnerabilities within the customer environmentDeliver a hands-on tutorial via a collaborative multi-session engagement with the customer's security analysts to improve detection management, including reducing false positives; eight hours in totalCreate critical asset groups to prioritize security incident visibility to the most important assets in the customer environmentCreate specific-use device groups, such as external or internal vulnerability scanning systems, to reduce false positive detectionsBuild device groupsExplore up to three possible dashboard use casesExplore opportunities to export data from Reveal(x) into asset management platformsCreate asset reports highlighting discovered, unclassified, and unknown assets for customer actionReview base sensor configurationReview versioning of appliancesReview the data feed and apply specific dashboards related to data feed health and improvementPatch where applicable, log support cases where applicable, and loop in success managerReview base sensor configurationReview versioning of appliancesReview the data feed and apply specific dashboard related to data feed health and improvementPatch where applicable, log support cases where applicable, and loop in success managerCompatible EDA-to-EDA migrationPreparation meetingFirmware upgradeAny on-site class requires travel fees for our instructors
Expand allFundamental Training utilizes live customer data. It provides a general overview of what ExtraHop is and how it collects, analyzes and visualizes data in a network. It covers the layout and navigation of the ExtraHop UI, viewing and interpreting default network and application protocol metrics from different perspectives (such as a single device, a group of devices or an application container). It explains the workflow from high-level overviews to detailed analysis. It reviews the data exposed in the default dashboards, demonstrates other visualization features and provides hands-on experience with creating, using and sharing dashboards.
Advanced Training utilizes live customer data and builds on the concepts covered in the Fundamentals training, providing a deeper dive into a range of features, configurations and customizations. It focuses on customizations that extend the platform, such as alternative device discovery, supplementing device properties, creating metric alert notifications, detection management, and the use of ExtraHop's Trigger and REST APIs. It also provides an opportunity for attendees to suggest use cases of interest as they’ve gained experience with the ExtraHop platform.
Administrator training is for team members who are responsible for managing the ExtraHop system. These sessions explore ExtraHop components such as packet sensors, packetstores, recordstores, and consoles, as well as related upgrades, settings, and configurations. These sessions equip administrators to effectively monitor appliance status, configure network, access, and appliance settings, cluster appliances, and refine system configurations. Administrator training also covers integrations and automation and configuration using the REST API
This session outlines how the ExtraHop platform captures, analyzes, stores, and visualizes metrics and devices in the environment in real-time and at scale. We will explain the ExtraHop architecture and services, and will demonstrate how to login to the ExtraHop system and high level navigation in the ExtraHop web UI.
Overview pages enable you to quickly evaluate risk within your network, understand the scope of anomalous activity on your network, and understand the devices involved. In this session we will focus on high-level visibility into security detections that have fired in your environment in order to determine which detections or devices to investigate first, and review any relevant threat briefings about industry-wide security events. We will explore a visual map that provides insight into the scope of all detections and connections between devices. We will view internal device connections with external endpoints, with a focus on cloud services in use, the geolocation of external IPs, and data uploads to external sources.
xtraHop automatically discovers and classifies endpoints it sees communicating on the wire. In this session we will explain ExtraHop's default device discovery process and alternative options for discovery that can be configured. We will review the properties ExtraHop observes and associates with a device. We will discuss various types of gateway/edge devices that ExtraHop classifies (such as routers, proxies, NAT gateways, firewalls) and how traffic is observed through different gateways.
We will explore which peers a device is communicating with, what protocols are in use, when a device acts as a client or a server and whether the device activity is normal or not. We will demonstrate how to interpret the L2-L7 metrics and charts to help you determine if a device is having an issue, or if there is an application or network problem.
When anomalous behavior is identified, RevealX generates a detection and displays the available data and investigative options. This session uses examples of security and operations detections to discuss the common elements within detection cards, such as the cause of the detection, the detection category and risk score, when the detection occurred, and the victim and offender participants. We will expand our focus to the types of data provided on the detection detail page that are valuable for understanding, validating, and investigating a detection—related detections, activity maps, comparative behaviors, and investigative data and links.
Detection tuning enables you to better control which detections are visible or sent to your SIEM, if integrated. In this session we will focus on the use cases and prerequisites for creating detection rules to hide detections based on the specific victim, offender, or both, after the behavior has been investigated. We will discuss the various options and settings to manage detection rules and view hidden detections.
A dashboard is a fully customizable HTML page that displays both real-time and historic data. In this session we cover the reasons to use dashboards, how to decide what data to include, and how to find it in the ExtraHop UI and Metric Catalog. We will build a basic dashboard, explore different chart types, and demonstrate the elements that make your dashboards effective. We will expand our exploration of chart types and discuss which chart types to use when. We will demonstrate different ways to organize and present data and how to provide context so that it is meaningful to your targeted audience.
Alerts are notifications that can be configured to be sent to various recipient sources when an event of interest occurs. In this session we will discuss the different types of alerts, the conditions that can be configured to send alerts, and how we can determine that an alert has fired. We will create a basic threshold alert based on a condition in your environment you want to monitor and examine how we send an alert through email or integrate with other sources through SNMP or syslog. We will then focus on trend alerts and their use cases and demonstrate how to configure multiple conditions.
Application Inspection Triggers are the primary way of extending the ExtraHop platform. This session will cover trigger use cases and the basics of planning and creating triggers. We will discuss when to write a trigger, how to view trigger resources, and how to create a basic trigger.
The ExtraHop REST API enables you to automate administration and configuration tasks on your ExtraHop system. This session will first focus on configuring API access permission. We will introduce the REST API Explorer web-based tool and use it to view resources, methods, parameters, properties, and error codes. We will demonstrate how to locate object IDs and perform operations directly through the tool. We will view the available code samples in Python, cURL, and Ruby.
This session is customer-driven and based on use cases of interest. It is an opportunity to get a refresher on specific topics or areas where you want more depth or clarity.
EDR
CrowdStrike
CrowdStrike Enterprise
Carbon Black
Microsoft Defender
SIEM
Splunk for SOAR
Splunk
QRadar
QRadar Enterprise
Cortex for SOAR
Sumo Logic
LogRhythm
Exabeam
Perimeter
Microsoft 365
Netskope
Palo Alto Networks
CheckPoint
Cisco Meraki
Decryption
Microsoft Decryption
Ticketing
ServiceNow
PagerDuty
Rapid7
Detection
Splunk Enterprise
Red Hat Ansible Tower
The ExtraHop delivery coordinator will schedule a kickoff call with all relevant stakeholders and . technical personnel to initiate this service, define the full project team, review timelines, review the bill of materials, and review scope.ExtraHop will create an architecture design review and coordinate with the project team to review data center architecture, ExtraHop appliance placement, and packet acquisition methods to ensure the data feed will align with visibility goals.The client team will perform necessary tasks to ensure appliances are powered on and accessible remotely, via IP, for configuration by ExtraHop.The ExtraHop team will provide the customer with guidance and best practices around appliance installation, virtual resource requirements (if applicable), and packet acquisition.The ExtraHop delivery coordinator will schedule a working session to ensure that appliance installation, initial setup, and administration tasks are completed within the Reveal(x) user interface (UI) of all deployed appliances.An ExtraHop solutions architect will run through a post-installation checklist to ensure the proper functioning and setup of the appliance.An ExtraHop solutions architect will conduct a data feed review to confirm data fidelity, review data feed health, and confirm that visibility goals have been achieved. The solutions architect will review the following and troubleshoot as necessary:Upon completion of the data feed validation, the ExtraHop delivery coordinator will confirm with the client team that the project has been completed according to the agreed upon scope and that the ExtraHop appliances are operational and have been successfully implemented.The starter credit bundle is intended to provide a base level of credits with which you will rapidly implement, and integrate ExtraHop into their existing environment.
The standard credit bundle is intended to provide you with enough credits to integrate and implement ExtraHop into the environment, drawing from several predefined use cases, training and integration options.
The advanced credit bundle is intended to provide you with ample credits to implement a fully customized solution-optimized to your unique environment and needs.
