Monitor new devices on your network
Every new device that connects to your network adds potential risk, so it's important to quickly identify newly-discovered devices and monitor their activity. The ExtraHop system automatically creates a device group for devices discovered in the past day and the past week. However, this device group collects limited metrics by default and isn't visible from your system dashboard.
In this walkthrough, we'll first prioritize the newly-discovered devices group to gather comprehensive metrics , then we'll create a dashboard to monitor device activity, and finally we'll create a daily report to keep track of interesting changes.
After completing this walkthrough, you will be able to answer the following questions:
- How many new devices appeared on my network in the last week?
- How much inbound and outbound traffic is associated with new devices?
- What are the daily changes in new device activity?
- How to learn more when you find interesting device activity?
Prerequisites
- Familiarize yourself with the concepts in this walkthrough by reading the Device Discovery FAQ, Prioritize groups for Advanced Analysis, the Metrics FAQ and the Protocol Metrics Reference topics.
- You must have access to a console with unlimited privileges to schedule a report.
Prioritize new devices for Advanced Analysis
If your console is not managing analysis priorities for your sensors, you can perform this walkthrough from a sensor instead and omit the final section. (Scheduled reports can only be created from a console.)
- Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
- Click the System Settings icon and then click Analysis Priorities.
- In the For Advanced Analysis section, click adding a group to add an initial group or Add Group to add additional groups.
- Type new devices in the GROUP drop-down list, and then select New Devices (Last 7 Days).
- At the top of the page, click Save.
Create a dashboard
By creating a dashboard for your group, you can visualize device activity at a glance.
Add a chart that shows the traffic throughput for new devices
In this step, we'll create a table that lists all of the devices that were discovered within the last seven days. The amount of incoming and outgoing traffic that was observed over the last week displays next to each device. From this dashboard, you can learn how much traffic each new device is generating.
Now, let's set up a daily report to monitor new devices.
Schedule a daily report
After creating your New Devices dashboard, you can schedule a daily report about new device activity over the last day. This report is a PDF file of the dashboard, which can be emailed to any recipient. Scheduled reports can only be created from a console.
In the next section, we'll look at some of the ways you can investigate devices that have unusual activity.
Thank you for your feedback. Can we contact you to ask follow up questions?