Add a device to the watchlist

To guarantee that a critical asset, such as an important server, database, or laptop, receives Advanced Analysis, you can add that device to the watchlist.

Tip:Instead of adding several devices to the watchlist, create a device group and then prioritize that group for Advanced Analysis.

Here are important considerations about the watchlist:

  • The watchlist only applies to Advanced Analysis.
  • The watchlist can contain as many devices as allowed by the Advanced Analysis capacity, which is determined by your license.
  • A device stays on the watchlist whether it is inactive or active. A device has to be active for the ExtraHop system to collect Advanced Analysis metrics.
  • You can add a custom device to the watchlist. You cannot add an L2 device to the watchlist, unless that L2 device is a gateway.

The following steps show you how to add a device to the watchlist from device properties:

  1. Log into the Web UI on the Discover appliance.
  2. Click Metrics at the top of the page and then click Devices in the left pane.
  3. Click the device name that you want to add to the watchlist. A protocol page appears, which displays traffic and protocol metrics associated with the device.
  4. In the upper right corner of the page, click Properties.
  5. Click Add this device to the watchlist.
  6. Click Save.
Your device is now on the watchlist. Visit the Watchlist page to remove a device from the watchlist .

You can also add multiple devices to the watchlist from the Device list page. Click the checkbox next to one or more devices and then click the Add to Watchlist icon in the upper right corner.

Published 2021-06-09 14:42