ExtraHop named a Leader in the 2025 Forrester Wave™: Network Analysis And Visibility Solutions

ExtraHop Logo
Search
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

NDR Detections

How ExtraHop Modern NDR Detects Adversaries in Your Network

Advanced threat actors target your multi-cloud and on-prem environments with a range of evasive techniques that bypass your existing detection and response architecture. Although their tactics may vary, every adversary leaves signals on your network as they move undetected in your network.

ExtraHop’s Modern NDR platform turns those signals into high-confidence, high-fidelity detections. It delivers holistic visibility of malicious and anomalous activity on your network with unified decryption at scale, network and protocol visibility, identity awareness, packet-level network forensics, and cloud-scale machine learning.

Our approach identifies adversarial activity within your network by detecting subtle deviations of normal traffic that other NDR tools cannot detect. You get the context and confidence to act on a range of behaviors before they can disrupt operations and spike costs, including:

  • Reconnaissance
  • Exploitation
  • Command-and-Control
  • Lateral Movement
  • Data Exfiltration

Detection Categories

Filter Categories

Primary Kill Chain

AD Credential Theft with ntdsutil
Exploitation
AD Database File Transfer over SMB
Actions on Objective
AD Explorer Snapshot Activity
Reconnaissance
AS-REP Roasting LDAP Reconnaissance Activity
Reconnaissance
AWS Cloud Service Enumeration
Reconnaissance
AWS Instance Metadata Service (IMDS) Proxy
Exploitation
Active Directory Domain Services Exploit Attempt - CVE-2022-26923
Lateral Movement
AdFind Activity
Reconnaissance
Adobe ColdFusion Exploit Attempt - CVE-2018-15961
Exploitation
Alias Member Enumeration Attempt
Reconnaissance
Anonymous FTP Login
Hardening
Apache APISIX Exploit Attempt - CVE-2022-24112
Exploitation
Apache ActiveMQ Exploit - CVE-2023-46604
Exploitation
Apache CouchDB Exploit Attempt - CVE-2017-12635
Exploitation
Apache HTTP Server Path Traversal Exploit - [Multiple CVEs]
Exploitation
Apache Solr Exploit - CVE-2019-17558
Exploitation
Apache Solr Exploit Attempt - CVE-2019-0193
Exploitation
Apache Spark Exploit Attempt - CVE-2022-33891
Exploitation
Apache Struts 2 Exploit Attempt - CVE-2017-9805
Exploitation
Apache Struts 2 Exploit Attempt - [Multiple CVEs]
Exploitation
Apache Tomcat JSP Exploit Attempt - [Multiple CVEs]
Exploitation
Atlassian Bitbucket Server and Data Center Exploit - CVE-2022-36804
Exploitation
Atlassian Confluence Exploit - CVE-2021-26084
Exploitation
Atlassian Confluence Exploit - CVE-2022-26134
Exploitation
Atlassian Confluence Exploit - CVE-2023-22518
Exploitation
Atlassian Confluence Exploit Attempt - CVE-2023-22518
Exploitation
Atlassian Crowd Exploit - CVE-2019-11580
Exploitation
BITS Download
Actions on Objective
BackConnect Protocol Activity
Command-and-Control
BackConnect XOR Protocol Activity
Command-and-Control

Showing 30 of 432 detections