Manually identify a device as high value

While the ExtraHop system automatically identifies devices that provide authentication or essential services as high value, you can also manually identify a device as high value or not.

Here are some important considerations about identifying a device as high value:
  • Risk scores are increased for detections on high value devices.
  • Devices are automatically added and removed from dynamic device groups with criteria based on high value.
  • You can manually identify high value devices from sensors, Command appliances, and Reveal(x) 360 systems. When the device is updated on the Command appliance or Reveal(x) 360, the change is synchronized to connected sensors. However, the change is not synchronized from individual sensors to Command appliances and Reveal(x) 360 systems.

Before you begin

You must have full write privileges or higher.
  1. Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
  2. At the top of the page, click Assets.
  3. Click Devices in the left pane, and then click the Active Devices chart.
  4. Filter the device list to find the device you want and then click the device name.
    The Device Overview page appears, which displays traffic and protocol activity for the selected device.
  5. Click Edit Properties.
  6. In the High Value section, select one of the following options:
    • Select Auto to enable the ExtraHop system to automatically determine whether the device is high value, which appears in parentheses.
    • Select Yes to manually identify the device as high value.
    • Select No to manually identify that the device is not high value.
  7. Click Done.
Published 2021-10-20 09:13