Introduction to the ExtraHop Web UI

The ExtraHop Discover and Command appliances provide access to network activity data through a dynamic and highly customizable Web UI.

This guide provides an overview of the global navigation and controls, fields, and options available throughout the UI. See Introduction to the ExtraHop system to learn how the ExtraHop system collects and analyzes your data.

Supported browsers

The following browsers are compatible with all ExtraHop systems. Apply the accessibility and compatibility features provided by your browser to access content through assistive technology tools.

  • Firefox
  • Google Chrome
  • Microsoft Edge
  • Safari
Important:Internet Explorer 11 is no longer supported. We recommend that you install the latest version of any supported browser.

Global navigation elements located at the top of the page contain links to the main sections of the Web UI. Within each section, the left pane contains links to specific pages or data.

The following figure shows both global and left pane navigation elements.



Here are definitions of each global navigation element:

Overview pages
Overview pages enable you to quickly evaluate the scope of suspicious activity on your network, learn about protocol activity and device connections, and investigate inbound and outbound traffic on your network.
  • View the Security Overview for information about security detections on your network.
  • View the Network Overview for information about active devices on your network.
  • View the Perimeter Overview for information about traffic traveling in and out of your network.
Dashboards
Click Dashboards to view, create, or share dashboards for monitoring any aspect of your network or applications. System dashboards give you an instant view of the activity and potential security threats on your network.
Alerts
Click Alerts to view information about each alert generated during the time interval.
Detections
If your Discover appliance is connected to the ExtraHop Machine Learning Service, the top level navigation shows the Detections menu. Click Detections to view detections identified from your wire data. You can access stored detections even if your appliance is disconnected from the Machine Learning Service.
Note:Machine learning detections require a connection to ExtraHop Cloud Services.
Assets
Click Assets to find any application, network, or device discovered by the ExtraHop system. You can view protocol metrics for your assets, active users, , or network activity by protocol.
Records
If your ExtraHop system is configured with a recordstore, the top level navigation shows the Records menu. Click Records to query for all stored records for the current time interval. Records are structured information about transactions, messages, and network flows.
Packets
If your ExtraHop system is configured with a packetstore, the top level navigation shows the Packets menu. Click Packets to query for all stored packets for the current time interval.
Global search field
Type the name of any device hostname or IP address, application, or network to find a match on your Discover or Command appliance. If you have a connected ExtraHop Explore appliance, you can search for saved records. If you have a connected Trace appliance, you can search for packets.
Help icon
See help information for the page that you are currently viewing. To access the most current and comprehensive set of ExtraHop documentation, visit the ExtraHop Documentation website.
System Settings icon
Access system configuration options, such as Triggers, Alerts, Scheduled Reports, and Custom Devices. Click to view the ExtraHop appliance and version and view system notices.
User option icon
Log in and log out of your Discover appliance or Command appliance, change your password, and access API options.
Pane toggle
Collapse or expand the left pane.
Global Time Selector
Change the time interval to view application and network activity that was observed by the ExtraHop system for a specific time period. The global time interval is applied to all metrics across the ExtraHop Web UI and does not change as you navigate to different pages.
Recent pages
See a list of the most recent pages you visited in a drop-down menu and make a selection to go back to a previous page. Repeated pages are deduplicated and condensed to save space.
Navigation path
View where you are in the system and click a page name in the path to navigate back to that page.
Command menu drop-down
Click to access specific actions for the page you are viewing. For example, when you click Dashboards at the top of the page, the command menu provides actions for changing dashboard properties or creating a new dashboard.

Start analyzing data

Begin your data analysis journey with the ExtraHop system by following the basic workflows listed below. As you become familiar with the ExtraHop system, you can complete more advanced tasks, such as installing bundles and building triggers.

Here are some basic ways to navigate and work with the ExtraHop Web UI to analyze network activity.

Monitor metrics and investigate interesting data

When you first log in to the ExtraHop system, you see the Activity dashboard. This dashboard is a good starting point because it shows you a summary of important metrics about application performance on your network. When you see a spike in traffic, errors, or server processing time, you can interact with dashboard data to drill down and identify which clients, servers, methods, or other factors contributed to the unusual activity.

You can then continue performance monitoring or troubleshooting by creating a custom dashboard to track a set of interesting metrics and devices.

Check out the following walkthroughs to learn more about monitoring data in dashboards:

Search for a specific device and investigate related metrics and transactions

If you want to investigate a slow server, you can search for the server in the ExtraHop system by device name or IP address and then investigate the server's activity on a protocol page. Was there a spike in response errors or requests? Was server processing time too high or did network latency affect the rate of data transfer? Click on different protocols in the left pane to investigate more metric data collected by the ExtraHop system. Drill down by peer IP addresses to see which clients or applications the server talked to.

If your ExtraHop system is connected to a recordstore, you can investigate entire transactions that the server participated in by creating a record query.

Check out the following walkthroughs to learn more about exploring metrics and records:

Get visibility into changes to your network by searching for protocol activity

You can get a top-down view of your network by looking at activity groups. An activity group is a collection of devices automatically grouped together by the ExtraHop system based on the protocol traffic observed over the wire. For example, you can find new or decommissioned servers that are actively communicating over a protocol by creating an activity map.

If you find a collection of devices that you want to continue monitoring, you can add a device tag or custom device name to make those devices easier to find in the ExtraHop system. You can also create a custom device group or a custom dashboard to monitor device group activity.

Advanced workflows for customizing your ExtraHop system

After becoming familiar with basic Web UI workflows, you can customize your ExtraHop system by setting up alert notifications, creating custom metrics, or installing bundles.

Set up alerts
Alerts track specified metrics to notify you of traffic deviations that might indicate an issue with a network device. Configure a threshold alert to notify you when a monitored metric crosses a defined value. Configure a trend alert to notify you when a monitored metric deviates from the normal trends observed by the system.
Install a bundle to enhance ExtraHop features and integrations
Bundles are a saved set of system configurations that can be uploaded to an ExtraHop appliance. Check out the following popular bundles:

Install a bundle on your ExtraHop system, or create a bundle that you can share with others.

Build a trigger to create custom metrics and applications
Triggers are custom scripts that perform an action upon a pre-defined event. Triggers require planning to make sure a trigger doesn't negatively impact system performance.

Check out the following walkthroughs to learn more about exploring metrics and records:

Access keyboard shortcuts

Keyboard shortcuts help you quickly navigate across the ExtraHop Web UI and manage dashboards with a few keystrokes.

  1. Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
  2. Type one of the following keyboard combinations:
    Keyboard combinations Action
    ? Show or hide the keyboard shortcuts help menu
    G then S Go to Dashboards
    G then A Go to Alerts
    G then P Go to Application metrics
    G then N Go to Network metrics
    G then D Go to Device metrics
    G then G Go to Protocol metrics
    / Global search
    O then H Toggle recent pages
    J Select the next item in recent pages
    K Select the previous item in recent pages
    O then M Open Metric Explorer
    G then E Go to System Settings
    G then T Go to Triggers
    G then H Open Help
    O then Q View system information
    Ctrl+S Save widget configuration
    O then L Toggle Edit Layout Mode
    O then P Show Dashboard Properties
    C then D Copy the current dashboard
    D then D Delete the current dashboard
    O then S Toggle Descriptions
    CTRL+SHIFT+F Toggle Presentation Mode
    N then D Create a new dashboard
    N then F Create a new folder
    O then D Toggle Edit Dock
    P then P Print or Export to PDF
    S then R Open Scheduled Reports (Command appliance only)

Manage dashboards with keyboard shortcuts

The following keyboard shortcuts only apply to dashboards.

  1. Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
  2. At the top of the page, click Dashboards.
  3. Type one of the following keyboard combinations:
    Keyboard combinations Action
    O then L Toggle edit layout mode
    O then P Show dashboard properties
    C then D Copy the current dashboard
    D then D Delete the current dashboard
    O then S Toggle descriptions
    Ctrl+Up Arrow+F Toggle presentation mode
    N then D Create a new dashboard
    N then F Create a new folder
    O then D Toggle dock edit mode
Published 2020-08-10 09:56