Professional Services Highlights
Credit Bundles
Available in three sizes, designed to fit all your needs. Buy either a starter, standard, or advanced credit bundle and then draw down from that pool of credits for any services you require for up to a year from the purchase.
Starter
60 Credits
The starter credit bundle is intended to provide a base level of credits with which you will rapidly implement, and integrate ExtraHop into their existing environment.
Standard
100 Credits
The standard credit bundle is intended to provide you with enough credits to integrate and deploy ExtraHop into the environment, drawing from several predefined use cases, training and integration options.
Advanced
150 Credits
The advanced credit bundle is intended to provide you with ample credits to implement a fully customized solution-optimized to your unique environment and needs.
Quick Starts
Reduce Time-to-Value, Increase the Return on Your ExtraHop Investment
Application Monitoring and Troubleshooting
- Build three-tier monitoring dashboard for a single application
- Develop custom metrics as needed
- Document the metrics being collected and their relationship overall performance
Network-Based Threat Hunting
- Provide a hands-on, two- to three-hour threat hunting sessions
- Offer saved queries, permitting the customer to reuse complex queries related to pattern matching and allowing for self-service in the future
- Demonstrate use-case specific dashboards providing data access and visibility based on saved queries
Cyberattack Surface Reduction
- Create a dashboard of vulnerable protocols
- Create a detailed report describing top offenders and key high-risk vulnerabilities within the customer environment
Optimized Network Threat Detection
- Deliver a hands-on tutorial via a collaborative multi-session engagement with the customer's security analysts to improve detection management, including reducing false positives; eight hours in total
- Create critical asset groups to prioritize security incident visibility to the most important assets in the customer environment
- Create specific-use device groups, such as external or internal vulnerability scanning systems, to reduce false positive detections
Asset Discovery and Classification
- Build device groups
- Explore up to three possible dashboard use cases
- Explore opportunities to export data from Reveal(x) into asset management platforms
- Create asset reports highlighting discovered, unclassified, and unknown assets for customer action
- Review base sensor configuration
- Review versioning of appliances
- Review the data feed and apply specific dashboards related to data feed health and improvement
- Patch where applicable, log support cases where applicable, and loop in success manager
Data Feed Workshop
- Review base sensor configuration
- Review versioning of appliances
- Review the data feed and apply specific dashboard related to data feed health and improvement
- Patch where applicable, log support cases where applicable, and loop in success manager
Sensor Upgrades
- Compatible EDA-to-EDA migration
Sensor Patching
- Preparation meeting
- Firmware upgrade
Live Training
Analyze network traffic to reduce risk in your IT environment.
Instructor-Led Training Sessions
Any on-site class requires travel fees for our instructors
Expand allFundamentals
16 Credits
12 Hours
Fundamental Training utilizes live customer data. It provides a general overview of what ExtraHop is and how it collects, analyzes and visualizes data in a network. It covers the layout and navigation of the ExtraHop UI, viewing and interpreting default network and application protocol metrics from different perspectives (such as a single device, a group of devices or an application container). It explains the workflow from high-level overviews to detailed analysis. It reviews the data exposed in the default dashboards, demonstrates other visualization features and provides hands-on experience with creating, using and sharing dashboards.
Advanced
10 Credits
7 Hours
Advanced Training utilizes live customer data and builds on the concepts covered in the Fundamentals training, providing a deeper dive into a range of features, configurations and customizations. It focuses on customizations that extend the platform, such as alternative device discovery, supplementing device properties, creating metric alert notifications, detection management, and the use of ExtraHop's Trigger and REST APIs. It also provides an opportunity for attendees to suggest use cases of interest as they’ve gained experience with the ExtraHop platform.
Administrator
6 Credits
4 Hours
Administrator training is for team members who are responsible for managing the ExtraHop system. These sessions explore ExtraHop components such as packet sensors, packetstores, recordstores, and consoles, as well as related upgrades, settings, and configurations. These sessions equip administrators to effectively monitor appliance status, configure network, access, and appliance settings, cluster appliances, and refine system configurations. Administrator training also covers integrations and automation and configuration using the REST API
Extrahop Architecture and Basic Navigation
4 Credits
2 Hours
This session outlines how the ExtraHop platform captures, analyzes, stores, and visualizes metrics and devices in the environment in real-time and at scale. We will explain the ExtraHop architecture and services, and will demonstrate how to login to the ExtraHop system and high level navigation in the ExtraHop web UI.
Using the Overview Pages
4 Credits
2 Hours
Overview pages enable you to quickly evaluate risk within your network, understand the scope of anomalous activity on your network, and understand the devices involved. In this session we will focus on high-level visibility into security detections that have fired in your environment in order to determine which detections or devices to investigate first, and review any relevant threat briefings about industry-wide security events. We will explore a visual map that provides insight into the scope of all detections and connections between devices. We will view internal device connections with external endpoints, with a focus on cloud services in use, the geolocation of external IPs, and data uploads to external sources.
Deep Dive into Device Discovery and Device Properties
4 Credits
2 Hours
xtraHop automatically discovers and classifies endpoints it sees communicating on the wire. In this session we will explain ExtraHop's default device discovery process and alternative options for discovery that can be configured. We will review the properties ExtraHop observes and associates with a device. We will discuss various types of gateway/edge devices that ExtraHop classifies (such as routers, proxies, NAT gateways, firewalls) and how traffic is observed through different gateways.
Exploring Device Data
4 Credits
2 Hours
We will explore which peers a device is communicating with, what protocols are in use, when a device acts as a client or a server and whether the device activity is normal or not. We will demonstrate how to interpret the L2-L7 metrics and charts to help you determine if a device is having an issue, or if there is an application or network problem.
Security Detection Overview
4 Credits
2 Hours
When anomalous behavior is identified, RevealX generates a detection and displays the available data and investigative options. This session uses examples of security and operations detections to discuss the common elements within detection cards, such as the cause of the detection, the detection category and risk score, when the detection occurred, and the victim and offender participants. We will expand our focus to the types of data provided on the detection detail page that are valuable for understanding, validating, and investigating a detection—related detections, activity maps, comparative behaviors, and investigative data and links.
Basic Detection Tuning
4 Credits
2 Hours
Detection tuning enables you to better control which detections are visible or sent to your SIEM, if integrated. In this session we will focus on the use cases and prerequisites for creating detection rules to hide detections based on the specific victim, offender, or both, after the behavior has been investigated. We will discuss the various options and settings to manage detection rules and view hidden detections.
Creating Successful Dashboards
4 Credits
2 Hours
A dashboard is a fully customizable HTML page that displays both real-time and historic data. In this session we cover the reasons to use dashboards, how to decide what data to include, and how to find it in the ExtraHop UI and Metric Catalog. We will build a basic dashboard, explore different chart types, and demonstrate the elements that make your dashboards effective. We will expand our exploration of chart types and discuss which chart types to use when. We will demonstrate different ways to organize and present data and how to provide context so that it is meaningful to your targeted audience.
Creating Alerts
4 Credits
2 Hours
Alerts are notifications that can be configured to be sent to various recipient sources when an event of interest occurs. In this session we will discuss the different types of alerts, the conditions that can be configured to send alerts, and how we can determine that an alert has fired. We will create a basic threshold alert based on a condition in your environment you want to monitor and examine how we send an alert through email or integrate with other sources through SNMP or syslog. We will then focus on trend alerts and their use cases and demonstrate how to configure multiple conditions.
Getting Started with Triggers
4 Credits
2 Hours
Application Inspection Triggers are the primary way of extending the ExtraHop platform. This session will cover trigger use cases and the basics of planning and creating triggers. We will discuss when to write a trigger, how to view trigger resources, and how to create a basic trigger.
Getting Started with the REST API
4 Credits
2 Hours
The ExtraHop REST API enables you to automate administration and configuration tasks on your ExtraHop system. This session will first focus on configuring API access permission. We will introduce the REST API Explorer web-based tool and use it to view resources, methods, parameters, properties, and error codes. We will demonstrate how to locate object IDs and perform operations directly through the tool. We will view the available code samples in Python, cURL, and Ruby.
Custom Session
4 Credits
2 Hours
This session is customer-driven and based on use cases of interest. It is an opportunity to get a refresher on specific topics or areas where you want more depth or clarity.
Integrations
Reduce Tools Complexity, Increase Productivity and Efficiency With Integrations
EDR
CrowdStrike
CrowdStrike Enterprise
Carbon Black
Microsoft Defender
SIEM
Splunk for SOAR
Splunk
QRadar
QRadar Enterprise
Cortex for SOAR
Sumo Logic
LogRhythm
Exabeam
Perimeter
Microsoft 365
Netskope
Palo Alto Networks
CheckPoint
Cisco Meraki
Decryption
Microsoft Decryption
Ticketing
ServiceNow
PagerDuty
Rapid7
Detection
Splunk Enterprise
Red Hat Ansible Tower
Deployments
Deploy Your ExtraHop Investment With Confidence
Project Kickoff
- The ExtraHop delivery coordinator will schedule a kickoff call with all relevant stakeholders and . technical personnel to initiate this service, define the full project team, review timelines, review the bill of materials, and review scope.
- ExtraHop will create an architecture design review and coordinate with the project team to review data center architecture, ExtraHop appliance placement, and packet acquisition methods to ensure the data feed will align with visibility goals.
Application Installation
- The client team will perform necessary tasks to ensure appliances are powered on and accessible remotely, via IP, for configuration by ExtraHop.
- The ExtraHop team will provide the customer with guidance and best practices around appliance installation, virtual resource requirements (if applicable), and packet acquisition.
Initial Configuration
- The ExtraHop delivery coordinator will schedule a working session to ensure that appliance installation, initial setup, and administration tasks are completed within the Reveal(x) user interface (UI) of all deployed appliances.
- An ExtraHop solutions architect will run through a post-installation checklist to ensure the proper functioning and setup of the appliance.
Data Feed Validation
- An ExtraHop solutions architect will conduct a data feed review to confirm data fidelity, review data feed health, and confirm that visibility goals have been achieved. The solutions architect will review the following and troubleshoot as necessary:
Project Acceptance
- Upon completion of the data feed validation, the ExtraHop delivery coordinator will confirm with the client team that the project has been completed according to the agreed upon scope and that the ExtraHop appliances are operational and have been successfully deployed.