Training Sessions

Whether online or in person, ExtraHop training sessions are guaranteed to help users at every stage.

On-site Sessions * Credits Duration Availability
On-site Fundamental Training utilizes live customer data. It provides a general overview of what ExtraHop is and how it collects, analyses and visualizes data in a network. It covers the layout and navigation of the ExtraHop UI, viewing and interpreting default network and application protocol metrics from different perspectives (such as a single device, a group of devices or an application container). It explains the workflow from high-level overviews to detailed analysis. It reviews the data exposed in the default dashboards, demonstrates other visualization features and provides hands-on experience with creating, using and sharing dashboards.
16 2 day Reveal(x) & Performance
On-site Advanced Training utilizes live customer data. It provides a deep dive into relevant ExtraHop protocol metrics, including TCP, and covers hands-on creation of multi-tiered application dashboards. It focuses on customizations that extend the platform such as alternative device discovery, trend alerts and multi-criteria triggers (including integrating ExtraHop data with external sources) and demonstrates how to utilize and create solution bundles. Advanced Training includes an overview of best configuration practices, administration and maintenance of the ExtraHop ecosystem.
10 1 day Reveal(x) & Performance
* Any on-site class requires travel fees for our instructors.
Remote Sessions Credits Duration Availability
ExtraHop Reveal(x) can detect unusual network behavior associated with different phases of an attack. Security detections help you learn about security risks, what type of attack is associated with the risk, and which devices are affected by the risk. In this session we examine the organization of detections into an attack chain workflow. We review details - such as the type of issue, when the issue occurred, and the source of the issue - for detections in each section of the attack chain and their relevance and priority in a security detection.
1 1 hour Reveal(x)
It's important to be able to quickly evaluate the scope and importance of security risks and to launch investigations into any suspicious activity. ExtraHop Reveal(x) enables you to evaluate the highest immediate risks, focus on the affected devices, and understand who those devices are communicating with. In this session, we explain risk scores for detectors and advisory signal metrics. We review how to utilize the information from imported threat intelligence, such as suspicious IPs, host names, or URLs.
1 1 hour Reveal(x)
This training provides a data-driven review of your live environment. We explain what ExtraHop is seeing in your environment, what the metrics mean, review correlations between events and protocol data and discuss insights into possible impact and causes.
3 2 hours Reveal(x) & Performance
This session provides an in-depth look at one protocol relevant to your environment. Different pivots on the metrics (apps vs Groups). We review the metrics ExtraHop collects and what they mean in the context of your environment. We discuss correlation between metrics and how to diagnose a problem or identify an improvement opportunity based on the data. We pivot on different views into the protocol (groups vs application containers) and create dashboards to show how best to visualize the health and performance of that protocol in your environment.
2 2 hours Reveal(x) & Performance
A dashboard is a fully customizable HTML page that displays both real-time and historic data. In this session we cover the reasons to use one, how to decide what data to include and how to find it in ExtraHop's UI and Metric Catalog. We build a basic dashboard, explore different chart types, and demonstrate the elements that make your dashboards effective. We expand our exploration of chart types and discuss which chart types to use when. We demonstrate different ways to organize and present data and how to provide context so that it is meaningful to your targeted audience. We demonstrate the concepts of a multi-tiered dashboard that visualizes communication across multiple tiers of an application.
2 2 hours Reveal(x) & Performance
ExtraHop automatically discovers and classifies devices it sees communicating on the wire. In this session we explain ExtraHop's default device discovery process and the properties associated with a device. We explore which peers a device is communicating with, what protocols are in use, when a device acts as a client or a server and whether the device activity is normal or not. We demonstrate how to interpret the L2-L7 metrics and charts to help you determine if a device is having an issue, or if it is an application or network problem. We view the default device groups ExtraHop creates based on role or L7 protocol, and we create custom device groups based on a narrower scope, such devices that support one business application. We extend the discussion to customizing devices, such as changing device properties, creating custom devices and remote networks, and explain device limits and whitelisting.
2 2 hours Reveal(x) & Performance
Alerts are notifications that can be configured to be sent to various recipient sources when an event of interest occurs. In this session we discuss the different types of alerts, the conditions that can be configured to alert on and how we can determine that an alert has fired. We create a basic threshold alert based on a condition in your environment you want to monitor, examine how we send an alert through email or integrate with other sources through SNMP or syslog. We then focus on trend alerts and their use cases, demonstrate how to configure multiple conditions and to monitor trend utilization and performance.
2 2 hours Reveal(x) & Performance
This session demonstrates configuration of the administrative features of the ExtraHop Discover Appliance. We discuss how to apply firmware upgrades, manage licenses and view licensed modules, device limits and the health of the appliance. We demonstrate how to refine data parsing through various filters and protocol classification, enable decryption of SSL traffic and integrate with remote user authentication systems like LDPA. We also discuss how to enable remote analysis for the ExtraHop Support or Atlas teams, and how to generate support packs for troubleshooting.
1 1 hour Reveal(x) & Performance
This session will focus on the use the ExtraHop Command Appliance as a central management appliance. We will demonstrate how to add or remove ExtraHop Discover Appliances ("nodes") to view aggregated data across your distributed infrastructure, how to distribute firmware and schedule reports. We will review local vs centralized (ECA) customizations and discuss use cases for multiple ECAs.
1 1 hour Reveal(x) & Performance
Records are structured information about transaction, message, and network flows. This training provides a comprehensive review of accessing and searching records. We demonstrate how to view records, change record types, sort and group information and switch views. We show how to utilize the Visual Query Language to easily scope and filter results.
1 1 hour Reveal(x) & Performance
Record formats are schemas that let you display stored records in a formatted table (or table view) when you run a record query. In this session we explain how Flow and L7 records are populated and examine the formats used by standard record types. We explain how custom records and custom formats can be created.
1 1 hour Reveal(x) & Performance
Application Inspection Triggers are the primary way of extending the ExtraHop platform. This session will cover the basics of planning and creating triggers. We will discuss when to write a trigger, view trigger resources and create a basic trigger. We will gradually build on that trigger to illustrate how to build application containers, add multiple criteria and events to the trigger and optimize the performance of the trigger. We will also discuss how to generate a packet capture, populate EXA records and how to use Open Data Stream (ODS) to integrate with third-party systems.
2 2 hours Reveal(x) & Performance
This session is customer-driven, based on specific topics they may want a refresher on, or areas where they want more depth or clarity.
1 1 hour Reveal(x) & Performance