Training Sessions

Whether online or in person, ExtraHop training sessions are guaranteed to help users at every stage.

On-site Sessions * Credits Duration Availability
On-site Fundamental Training utilizes live customer data. It provides a general overview of what ExtraHop is and how it collects, analyses and visualizes data in a network. It covers the layout and navigation of the ExtraHop UI, viewing and interpreting default network and application protocol metrics from different perspectives (such as a single device, a group of devices or an application container). It explains the workflow from high-level overviews to detailed analysis. It reviews the data exposed in the default dashboards, demonstrates other visualization features and provides hands-on experience with creating, using and sharing dashboards.
16 2 day Reveal(x) & Performance
On-site Advanced Training utilizes live customer data. It provides a deep dive into relevant ExtraHop protocol metrics, including TCP, and covers hands-on creation of multi-tiered application dashboards. It focuses on customizations that extend the platform such as alternative device discovery, trend alerts and multi-criteria triggers (including integrating ExtraHop data with external sources) and demonstrates how to utilize and create solution bundles. Advanced Training includes an overview of best configuration practices, administration and maintenance of the ExtraHop ecosystem.
10 1 day Reveal(x) & Performance
* Any on-site class requires travel fees for our instructors.
Remote Sessions Credits Duration Availability
This training provides a data-driven review of your live environment. We explain what ExtraHop is seeing in your environment, what the metrics mean, review correlations between events and protocol data and discuss insights into possible impact and causes.
3 2 hours Reveal(x) & Performance
This session provides an in-depth look at one protocol relevant to your environment. Different pivots on the metrics (apps vs Groups). We review the metrics ExtraHop collects and what they mean in the context of your environment. We discuss correlation between metrics and how to diagnose a problem or identify an improvement opportunity based on the data. We pivot on different views into the protocol (groups vs application containers) and create dashboards to show how best to visualize the health and performance of that protocol in your environment.
2 2 hours Reveal(x) & Performance
A dashboard is a fully customizable HTML page that displays both real-time and historic data. In this session we cover the reasons to use one, how to decide what data to include and how to find it in ExtraHop's UI and Metric Catalog. We build a basic dashboard, explore different chart types, and demonstrate the elements that make your dashboards effective. We expand our exploration of chart types and discuss which chart types to use when. We demonstrate different ways to organize and present data and how to provide context so that it is meaningful to your targeted audience. We demonstrate the concepts of a multi-tiered dashboard that visualizes communication across multiple tiers of an application.
2 2 hours Reveal(x) & Performance
ExtraHop automatically discovers and classifies devices it sees communicating on the wire. In this session we explain ExtraHop's default device discovery process and the properties associated with a device. We explore which peers a device is communicating with, what protocols are in use, when a device acts as a client or a server and whether the device activity is normal or not. We demonstrate how to interpret the L2-L7 metrics and charts to help you determine if a device is having an issue, or if it is an application or network problem. We view the default device groups ExtraHop creates based on role or L7 protocol, and we create custom device groups based on a narrower scope, such devices that support one business application. We extend the discussion to customizing devices, such as changing device properties, creating custom devices and remote networks, and explain device limits and whitelisting.
2 2 hours Reveal(x) & Performance
Alerts are notifications that can be configured to be sent to various recipient sources when an event of interest occurs. In this session we discuss the different types of alerts, the conditions that can be configured to alert on and how we can determine that an alert has fired. We create a basic threshold alert based on a condition in your environment you want to monitor, examine how we send an alert through email or integrate with other sources through SNMP or syslog. We then focus on trend alerts and their use cases, demonstrate how to configure multiple conditions and to monitor trend utilization and performance.
2 2 hours Reveal(x) & Performance
Records are structured information about transaction, message, and network flows. This training provides a comprehensive review of accessing and searching records. We demonstrate how to view records, change record types, sort and group information and switch views. We show how to utilize the Visual Query Language to easily scope and filter results.
1 1 hour Reveal(x) & Performance
Record formats are schemas that let you display stored records in a formatted table (or table view) when you run a record query. In this session we explain how Flow and L7 records are populated and examine the formats used by standard record types. We explain how custom records and custom formats can be created.
1 1 hour Reveal(x) & Performance
Application Inspection Triggers are the primary way of extending the ExtraHop platform. This session will cover the basics of planning and creating triggers. We will discuss when to write a trigger, view trigger resources and create a basic trigger. We will gradually build on that trigger to illustrate how to build application containers, add multiple criteria and events to the trigger and optimize the performance of the trigger. We will also discuss how to generate a packet capture, populate EXA records and how to use Open Data Stream (ODS) to integrate with third-party systems.
2 2 hours Reveal(x) & Performance
This session is customer-driven, based on specific topics they may want a refresher on, or areas where they want more depth or clarity.
1 1 hour Reveal(x) & Performance
Overview pages enable you to quickly evaluate the scope of suspicious activity on your network, learn about protocol activity and device connections, and investigate inbound and outbound traffic on your network. In this training session we focus on high-level visibility into the security detections that have fired in your environment in order to determine which detections or devices to investigate first, and review any relevant threat briefings about industry-wide security events. We explore common network health and security hygiene metrics which might signal weaknesses or issues in network performance or potentially suspicious activity. We view total active devices and common protocols in use, and traffic entering and leaving your network through connections with external endpoints.
1 1 hour Reveal(x)
When anomalous behavior is identified, the ExtraHop system generates a detection and displays the available data and investigative options. This session uses examples of security and operations detections to discuss the common elements within detection cards, such as the cause of the detection, the detection category and risk score, when the detection occurred, and the victim and offender participants. We expand our focus to the types of data provided on the detection detail page that are valuable for understanding, validating, and investigating a detection- related detections, activity maps, comparative behaviors and investigative data and links.
2 1 hour Reveal(x)
Detection tuning enables you to better control which detections are visible or generated for your network. In this session we focus on the use cases and prerequisites for creating detection rules to hide detections based on the specific victim or offender or both, after the behavior has been investigated. We discuss how to manage detection rules and view hidden detections. We review the use of configuration settings and custom parameters- such as network localites, trusted domains, approved DNS and HTTP communications and more- to further scope and refine the detections that get generated. In addition we illustrate the use of the acknowledgement feature as part of detection investigation workflows. (NOTE: full write permission is required for this session).
1 1 hour Reveal(x)
The ExtraHop REST API enables you to automate administration and configuration tasks on your ExtraHop system. This session will first focus on configuring API access permission and key generation, and cross-origin resource sharing (CORS). We will introduce the REST API Explorer web-based tool and use it to view resources, methods, parameters, properties, and error codes. We will demonstrate locating object IDs, and performing operations directly through the tool. We will view the available code samples in Python, cURL, and Ruby.
2 1 hour Reveal(x)
The System Health page provides a large collection of charts that enable you to make sure that your system is running as expected, to troubleshoot issues, and to assess areas that are affecting performance. We will discuss data for ingest rate, device count observations, monitor Trigger load and exceptions, follow Open Data Stream and Recordstore transmissions, view historical lookback estimates and any indicators of a sub-optimal feed. We will review system health features on the administration page and demonstrate how to alert on system health data and monitor specific metrics of interest in custom dashboards (NOTE: system admin permission is required for portions of this training).
2 1 hour Reveal(x)