Download PDF

View Table of Contents

Product Requirements

All ExtraHop systems

Thank you! We will contact you soon to ask how we can improve our documentation. We appreciate your feedback.

Was this topic helpful?

Yes No

Thank you for your feedback. Can we contact you to ask follow up questions?

How can we improve?

Need more help?

Ask the Community

Track a detection

Detection tracking enables you to assign users, set a status, and add notes to a detection card.

You can also filter your view of detections by specific status or assignee.

Video:

See the related training: Detection Tracking

Before you begin

Users must have limited write privileges or higher to complete the tasks in this guide.

You can change the assignee to any user in the system, add notes, and set the status on a detection to one of the following:

Open: The detection has not been reviewed.
Acknowledge: The detection has been seen and should be prioritized for follow-up.
In Progress: The detection has been assigned to a team member and is being reviewed.
Closed - Action Taken: The detection was reviewed and action was taken to address the potential risk.
Closed - No Action Taken: The detection was reviewed and required no action.

Here are important considerations about tracking detections:

The Acknowledged or Closed status does not hide the detection.
The detection status can be updated by any privileged user.
Optionally, you can configure detection tracking with a third-party system.
If you are currently tracking detections with a third-party system, you will not see ExtraHop detection tracking until you change the setting in the Administration settings.

To track a detection, complete the following steps:

Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
At the top of the page, click Detections.
Click Actions from the lower-left corner of the detection card.

(Optional): Click a detection status to add it to the detection.

Option	Description
Acknowledge	The detection has been seen and should be prioritized for follow-up.
In Progress	The detection has been assigned to a team member and is being reviewed.
Closed - Action Taken	The detection was reviewed and action was taken to address the potential risk.
Closed - No Action Taken	The detection was reviewed and required no action.

Click Track Detection… to set the detection status, assign the detection to a user, and add notes to the detection card.

From the Actions dropdown, select Track Detection... and then Open to remove the status from the detection; the assignee and notes remain visible.

Track a detection from a detection card

You can track a detection by adding an assignee, status, and notes from a detection card.

To track a detection, complete the following steps:

Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
At the top of the page, click Detections.
Click Actions from the lower-left corner of the detection card.
(Optional): Click a detection status to add it to the detection.
Click Track Detection… to set the detection status, assign the detection to a user, and add notes to the detection card.

From the Actions dropdown, select Track Detection... and then Open to remove the status from the detection; the assignee and notes remain visible.

Track a group of detections from a detection summary

You can apply a status, assignee, or note to multiple detections at the same time from a summary panel on the Detections page.

A summary panel appears when detections are grouped by Type in Summary view on the Detections page.

To track a group of detections from a detection summary, complete the following steps:

Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
At the top of the page, click Detections.
By default, the page should be in Summary view with detections grouped by Type. If they are not, click the Summary view and then group by Type.
Click a detection type in your detections list.
Click the criteria you want to filter by: participants, properties, or network localities.
In the lower left corner of the summary panel click Track All Detections.
The link will include how many detections you are updating. For example, Track All 14 Detections. This link does not appear on the summary panel if the Hidden status filter is applied.
(Optional): Select the status you want to apply to all selected detections.
(Optional): Select the assignee you want to apply to all selected detections.
(Optional): Select whether you want to add a new note to the existing notes of the selected detections, or overwrite all existing notes.
When adding your note to existing notes, the new note is added above existing notes.
Click Save.

Last modified 2024-04-02

Documentation

Products

Differentiation

Solutions

Security Operations

Cloud-Native Security

Application Analytics

Network Performance

Customers

Community

Partners

Support

Training

Resources

More Resources

Company

Events and Information

Track a detection

Track a detection from a detection card

Track a group of detections from a detection summary