Prioritize groups for Advanced Analysis

You can specify device groups for Advanced Analysis based on their importance to your network. Groups are ranked in an ordered list.

Here are some important considerations about Advanced Analysis:

  • Devices on the watchlist are guaranteed Advanced Analysis and are prioritized over device groups.
  • Devices within a device group that are inactive do not affect Advanced Analysis capacity.
  • Custom metrics are only available for devices in Advanced Analysis. If you want to see custom metrics for a specific device, prioritize a group that contains the device or add the device to the watchlist.
  • You must have full write privileges to edit analysis priorities.
  1. Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
    (These steps must be completed on the ExtraHop system that is managing these shared settings.)
  2. Go to the settings for Standard Priorities.
    • On a Command appliance or Reveal(x) 360, click the System Settings icon and then click Analysis Priorities. Then, click Edit Priorities next to the ExtraHop system you want to modify.
    • On a sensor (Discover appliance), click the System Settings icon and then click Analysis Priorities.
  3. Prioritize groups by completing the following steps:
    1. In the For Advanced Analysis section, click adding a group to add the initial group or Add Group to add additional groups.




    2. In the Group drop-down list, type the name of a device group and then click the group name from the search results. For example, type HTTP servers and select the HTTP Servers device group.
    3. (Optional): In the Note field, type information about the group.
  4. In the Automatically Fill section, make sure On is selected.
    Note:If your system is having performance issues, click Off. Only devices that are in prioritized groups or on the watchlist will receive Advanced Analysis.
  5. At the top of the page, click Save.

Next steps

Here are some additional ways to manage and refine groups that receive Advanced Analysis:

  • If you add multiple groups, the groups are prioritized from top to bottom. Click the upper left icon next to Group, and then drag the group to another position in the ordered list.

  • Click the check icon to collapse the group. Click the pencil icon to expand the group again, as shown in the following figure.

  • Click the go to icon next to a group name to navigate to the device group page. The device group page displays which devices and how many devices are in the group. The icon is only available when the group is collapsed.
  • Click the x icon to remove a group from the list, as shown in the following figure.
Published 2021-12-01 20:15