Download PDF

View Table of Contents

Product Requirements

All ExtraHop systems

Thank you! We will contact you soon to ask how we can improve our documentation. We appreciate your feedback.

Was this topic helpful?

Yes No

Thank you for your feedback. Can we contact you to ask follow up questions?

How can we improve?

Need more help?

Ask the Community

What's New

While release notes provide a comprehensive view of our release updates, here is a preview of our most exciting features in ExtraHop 9.5.

Detections

The Detection Catalog now identifies whether a detection type is currently available in your environment.

You can also create notifications for the Detection Catalog, which lets you know when detection types are added or updated.

We have also added a Detection Updates guide where you can see when a detection is added or updated.

You can now create tuning rules that hide participants by hostname or domain.

Threat Intelligence

Curated threat collections from CrowdStrike Falcon are now available by default in your ExtraHop system. CrowdStrike threat collections no longer require a CrowdStrike license and can be managed with other ExtraHop built-in collections on the Threat Intelligence page.

Detections can now be recommended for triage when a participant hostname or IP address is referenced in a threat collection that is enabled on your system.

Detection participants that are associated with suspicious IP addresses or hostnames according to threat intelligence are now labeled in detections and detection type summaries. Matches to high confidence indicators of compromise from built-in CrowdStrike threat collections are labeled as Malicious.

For Administrators

You can now enable CrowdStrike Falcon LogScale as the recordstore. (Requires Reveal(x) Enterprise and an ExtraHop license for the LogScale recordstore.)

We added new charts to the Administration page for Reveal(x) Enterprise and Reveal(x) 360 that enable you to monitor active device counts and compare them to your licensed limit. You can create a system notification rule to notify Administrators when the active device count reaches a specified threshold.

You can now upload a custom set of IDS rules to IDS sensors that the ExtraHop system converts to detections that you can view and investigate.

We added System Health charts where you can monitor metrics for throughput, packet rate, and packet errors by interface.

Last modified 2024-01-17

Documentation

Products

Differentiation

Solutions

Security Operations

Cloud-Native Security

Application Analytics

Network Performance

Customers

Community

Partners

Support

Training

Resources

More Resources

Company

Events and Information

What's New

Detections

Threat Intelligence

For Administrators