Download ExtraHop

Click Save. In the Azure SAML Signing Certificate section, next to Certificate (Base64), click Download. Note:For RevealX 360 systems, download the Federation Metadata XML file. Open the downloaded file in a text editor and then copy and paste the contents of the file into the Public Certificate field on the ExtraHop system. In Azure, copy the Login URL and paste it into the SSO URL field on the ExtraHop system. In Azure, copy the Microsoft Entra ID Identifier and paste it into the Entity ID field on the ExtraHop system. On the ExtraHop system, choose how you would like to provision users from one of the following options. Select Auto-provision users to create a new remote SAML user account on the ExtraHop system when the user first logs in to the system. Clear the Auto-provision users checkbox to manually configure new remote users through the ExtraHop Administration settings or REST API. The Enable this identity provider option is selected by default and allows users to log in to the ExtraHop system. To prevent users from logging in, clear the checkbox. This setting does not appear on RevealX 360. Configure user privilege attributes. You must configure the following set of user attributes before users can log in to the ExtraHop system through an identity provider. These values are user-definable; however, they must match the attribute names that are included in the SAML response from your identity provider. Values are not case sensitive and can include spaces. For more information about privilege levels, see Users and user groups. Important:You must specify the attribute name and configure at least one attribute value other than No access before users can log in. In the example below, the Attribute Name field is the claim name specified when creating the ExtraHop application in Azure, and the other attribute values are the claim condition values. Field Name Example Attribute Value Attribute Name writelevel System and access administration unlimited Full write privileges full_write Limited write privileges limited_write Personal write privileges personal_write Full read-only privileges full_readonly Restricted read-only privileges restricted_readonly No access none Configure NDR module access. Field Name Example Attribute Value Attribute Name ndrlevel Full access full No access none Configure NPM module access. Field Name Example Attribute Value Attribute Name npmlevel Full access full No access none (Optional): Configure packets and session key access. This step is optional and is only required when you have a connected

To copy existing charted data to new or existing dashboards. FREE4 min Alert History and Activity Groups Widgets This module identifies the function of Alert History and Activity Groups widgets and explains how to add each widget type to a custom dashboard. FREE2 min Provide Context with Text Box Widgets This module explains the function of text box widgets and how to create them on your dashboards. FREE3 min Custom and System Health Metrics This module provides instruction for locating custom and system health metrics and demonstrates the process of charting custom and system health metrics. FREE4 min Custom Wire Data Metrics This course is an introduction to the ExtraHop platform's ability to collect custom metrics from your wire data. FREE1 min Integrating with Tools and Technology This course is an introduction to integrating the ExtraHop platform with third-party tools and technology. FREE1 min Capturing Wire Data This course is an introduction to the ExtraHop platform's technical architecture and capability around wire data processing and auto-discovery. FREE1 min Wire Data Processing This course is an introduction to the ExtraHop process for creating metrics from wire data. FREE2 min Prioritizing Critical Assets This course is an introduction to the mechanism for tuning the ExtraHop platform to perform the highest level of analysis on your most critical assets. FREE2 min Anomaly Detection This course is an introduction to the machine learning, anomaly and event detection capability of the ExtraHop platform. FREE1 min Records This course is an introduction to how the ExtraHop platform stores and retrieves individual transactions as records. FREE1 min Application Containers Application containers allow you to organize metrics using attributes of the data. This module is an introduction into that organizational concept. FREE2 min ExtraHop Infrastructure This course is an introduction to the infrastructure components that drive the unified ExtraHop user interface. FREE2 min Auto-discovery and Grouping This course is an introduction to the ExtraHop platform device/metric grouping capability and auto-discovery concept. FREE2 min ExtraHop Platform Overview This course is an introductory overview of the ExtraHop platform and workflows. FREE1 min Metrics This course is an introduction to the different types of metrics created by the ExtraHop platform. FREE2 min Packets In this module, you'll learn how to examine packets in the ExtraHop web UI. FREE4 min Storing Analysis Data This course explains how the ExtraHop platform stores different types of metric and wire data. FREE1 min

In Reveal(x). FREE6 min Copying Existing Charts and Dashboards This module outlines how to copy existing charted data to new or existing dashboards. FREE4 min Create a Basic Dashboard Learn how to get started creating a dashboard. FREE4 min Create an Application Container This module explains how you can create application containers to group, refine, and analyze data using the ExtraHop web UI. FREE4 min Create Device Groups This course enables you to create static and dynamic device groups using the ExtraHop web UI. FREE4 min Custom and System Health Metrics This module provides instruction for locating custom and system health metrics and demonstrates the process of charting custom and system health metrics. FREE4 min Customizing Charts This module will enable you to customize chart appearance, layout, units and labels. FREE4 min Custom Wire Data Metrics This course is an introduction to the ExtraHop platform's ability to collect custom metrics from your wire data. FREE1 min Dashboard Concepts In this module, you will learn the purpose of dashboards. FREE2 min Detail Metric Chart Types This module explores the chart types best suited for displaying detail metric data. FREE3 min Digital Certificates Learn about PKI, digital certificates, and how secure connections with websites occur. FREE5 min Distribution Chart Types This module introduces and provides insight into distribution chart types. FREE5 min Console System Processes This module provides an overview of the main system processes used within the ExtraHop console. FREE1 min ExtraHop Administrator Sensor System Processes This module provides an overview of the main system processes used within an ExtraHop sensor. FREE2 min ExtraHop Administrator Recordstore System Processes This module provides an overview of the main system processes used within the ExtraHop recordstore. FREE1 min ExtraHop Administrator ExtraHop Infrastructure This course is an introduction to the infrastructure components that drive the unified ExtraHop user interface. FREE2 min Firmware Update Best Practices This module identifies best practices for updating the firmware of your ExtraHop appliances. FREE4 min ExtraHop Administrator Hashing This module introduces hashing and explains its role in security. FREE3 min Integrating with Tools and Technology This course is an introduction to integrating the ExtraHop platform with third-party tools and technology. FREE1 min Metrics This course is an introduction to the different types of metrics created by the ExtraHop platform. FREE2 min Organizing Dashboards This module explains how to organize dashboards in collections so that you can easily locate and review the data that matters most. FREE4 min Packets In this module, you'll learn how to examine packets in the ExtraHop web UI. FREE4 min Perfect Forward Secrecy Learn all about PFS and ExtraHop's non-invasive method of ensuring complete visibility. FREE5 min Prioritizing Critical Assets This course is an introduction to the mechanism for tuning the ExtraHop platform to perform the highest level of analysis on your most critical assets. FREE2 min Provide Context with Text Box Widgets This module explains the function of text box widgets and how to create them on your dashboards. FREE3 min Records This course is

Cloud Traffic In and Out Discover a simple method for reviewing traffic to and from cloud services. FREE2 min ExtraHop Platform Overview This course is an introductory overview of the ExtraHop platform and workflows. FREE1 min Detection Cards Examine detection cards and their properties in this introductory course. FREE4 min Inverse Filters Learn to use inverse filtering and determine how often a requested resource is returned. FREE2 min License Overview This module outlines the concept of licenses as they relate to ExtraHop appliances and features. FREE3 min ExtraHop Administrator Overview Pages Get acquainted with the RevealX Overview pages to take a look at your environment from a bird's-eye perspective. FREE3 min RevealX Overview Distinguish RevealX 360 from RevealX Enterprise in this course. FREE2 min ExtraHop Administrator Security Hardening Dashboard Explore key security metrics that contribute to an environment's security hygiene using the Security Hardening dashboard. FREE4 min Adding Multiple Metrics This module will enable you to create charts to display data across multiple metrics and protocols. FREE3 min Connect to the RevealX 360 Console Walk through the process of connecting packet sensors (EDAs) and packetstores (ETAs) to the RevealX 360 Console. FREE4 min Authentication Schemes This course identifies the methods that can be used to create users and assign permissions in ExtraHop. FREE3 min ExtraHop Administrator Packetstore System Processes This module provides an overview of the main system processes used within the Packetstore. FREE1 min ExtraHop Administrator Assets This module provides basic instructions for reviewing and drilling down on metric data using the Assets page. FREE5 min Alert History and Activity Groups Widgets This module identifies the function of Alert History and Activity Groups widgets and explains how to add each widget type to a custom dashboard. FREE2 min Alerts This module covers the basics of accessing and viewing Alerts in the ExtraHop web UI. FREE3 min Analysis Priorities In this module, you'll learn how to view analysis priorities in the ExtraHop web UI. FREE4 min Anomaly Detection This course is an introduction to the machine learning, anomaly and event detection capability of the ExtraHop platform. FREE1 min Anomaly Detections This module explains anomaly detections and demonstrates how they can be useful for monitoring your network. FREE5 min Application Containers Application containers allow you to organize metrics using attributes of the data. This module is an introduction into that organizational concept. FREE2 min Asymmetric Encryption This module explains asymmetric encryption and highlights some differences between asymmetric encryption and symmetric encryption. FREE4 min Auto-discovery and Grouping This course is an introduction to the ExtraHop platform device/metric grouping capability and auto-discovery concept. FREE2 min Capturing Wire Data This course is an introduction to the ExtraHop platform's technical architecture and capability around wire data processing and auto-discovery. FREE1 min Choosing a Metric This module explains how to find relevant metrics in the Metric Explorer and when to use different types of metrics. FREE6 min Cipher Suites This course introduces encryption, discusses common components of cipher suites, and demonstrates how to explore cipher suites

In this guide, you will learn how to deploy a virtual ExtraHop recordstore with the vSphere client running on a Windows machine and to join multiple recordstores to create a recordstore cluster. You should be familiar with administering VMware ESX and ESXi environments before proceeding. The virtual recordstore is distributed as an OVA package that includes a preconfigured virtual machine (VM) with a 64-bit, Linux-based operating system (OS) that is optimized to work with VMware ESX and ESXi version 6.5 and later. Important:If you want to deploy more than one ExtraHop virtual sensor, create the new instance with the original deployment package or clone an existing instance that has never been started. System requirements Your environment must meet the following requirements to deploy a virtual ExtraHop recordstore: Important:ExtraHop tests virtual clusters on local storage for optimal performance. ExtraHop strongly recommends deploying virtual clusters on continuously available, low latency storage, such as a local disk, direct-attached storage (DAS), network-attached storage (NAS), or storage area network (SAN). An existing installation of VMware ESX or ESXi server version 6.5 or later capable of hosting the virtual recordstore. The virtual recordstore is available in the following configurations: Recordstore Manager-Only Node 5100v Extra-Small 5100v Small 5100v Medium 5100v Large 4 CPUs 4 CPUs 8 CPUs 16 CPUs 32 CPUs 8 GB RAM 8 GB RAM 16 GB RAM 32 GB RAM 64 GB RAM 4 GB boot disk 4 GB boot disk 4 GB boot disk 4 GB boot disk 4 GB boot disk 12 GB 250 GB or smaller datastore disk 500 GB or smaller datastore disk 1 TB or smaller datastore disk 2 TB or smaller datastore disk The hypervisor CPU should provide Streaming SIMD Extensions 4.2 (SSE4.2) and POPCNT instruction support.Note:The recordstore manager-only node is preconfigured with a 12 GB datastore disk. You must manually configure a second virtual disk to the other recordstore configurations to store record data. Consult with your ExtraHop sales representative or Technical Support to determine the datastore disk size that is best for your needs. A vSphere client A virtual recordstore license key. The following TCP ports must be open: TCP ports 80 and 443: Enables you to administer the recordstore. Requests sent to port 80 are automatically redirected to HTTPS port 443. TCP port 9443: Enables recordstore nodes to communicate with other recordstore nodes in the same cluster. Before you beginIf you have not already done so, download the virtual ExtraHop recordstore OVA file for VMware from the ExtraHop Customer Portal. Note:If you must migrate the virtual machine (VM) to a different host after deployment, shut down the virtual recordstore first and then migrate with a tool such as VMware VMotion. Live migration is not supported. Start the VMware vSphere client and connect to your ESX server. From the File menu, select Deploy OVF Template. Follow the Virtual Machine wizard prompts to deploy the OVF template: For most deployments, the default settings are sufficient. Browse to the location of the downloaded OVA file, select the file,

Customer StoryKONKAT SA Bolsters Network Security and Availability with RevealXLearn how Greek conglomerate KONKAT SA improved security posture and network performance with RevealX.Security & PerformanceRead MoreCustomer StoryRevealX Delivers Network Facts that Empower Financial Organization’s Security and IT StaffDiscover how a financial organization uses ExtraHop RevealX to amplify the capabilities of its network and security teams.Security & PerformanceRead MoreCustomer StoryHealthcare Provider Improves Network Performance with RevealXHealthcare Provider Improves Network Performance with RevealXperformanceRead MoreCustomer StoryOCBC Indonesia Improves Security Hygiene and IT Monitoring with Unprecedented Network VisibilityLearn how financial group OCBC Indonesia accelerated threat hunting and improved security hygiene with RevealX.securityRead MoreCustomer StoryRevealX Enables Frictionless Security and Agile Development for Wizards of the CoastWizards of the Coast uses RevealX from ExtraHop to remove friction caused by security concerns in their development and deployment processes.securityRead MoreCustomer StoryViasat Confidently Manages Risk with RevealXViasat uses RevealX from ExtraHop to protect its infrastructure and its customers from ransomware attacks and other cyber threats. securityRead MoreCustomer StoryUlta and ExtraHop Team Up for Network and Security FaceliftLearn how Ulta Beauty, the largest U.S. beauty retailer, reduced false positive alerts and accelerated their cloud migration with RevealX from ExtraHop.securityRead MoreCustomer StoryTarrant Regional Water District Achieves Network Clarity with RevealXTarrant Regional Water District Mitigates Risk and Enhances Cybersecurity with ExtraHopsecurityRead MoreCustomer StorySeattle Children’s and RevealX Secure Better HealthRead the case study to learn how Seattle Children’s Hospital improved their security posture to protect sensitive data with RevealX from ExtraHop.performanceRead MoreCustomer StoryPrisma Health Improves Security and Patient Experience with RevealXRead the case study to learn how Prisma Health delivers better patient care and a secure experience with RevealX from ExtraHop.securityRead MoreCustomer StoryMEDHOST Uses ExtraHop RevealX to Help Protect Healthcare Customers and PatientsRead the case study to learn how MEDHOST optimized their threat detection and network visibility to stop ransomware attacks with ExtraHop RevealX.securityRead MoreCustomer StoryMAPCO Finds Convenient, All-in-One Solution with RevealXLearn how MAPCO uses RevealX from ExtraHop to improve network detection and response (NDR) and network performance management (NPM).Security & PerformanceRead MoreCustomer StoryIG Group Reduces MTTR with Complete Network Visibility From RevealX Read the case study to learn how IG Group, a global trading platform, improved network performance management with ExtraHop RevealX.performanceRead MoreCustomer StoryHealth Services Provider Thwarts Ransomware Attack with RevealXLearn how a leading health services provider thwarted a ransomware attack with RevealX network detection and response ExtraHopsecurityRead MoreCustomer StoryGlobal Telco Provider Improves Compliance and Security with RevealXGlobal Telecommunications Provider Uses RevealX from ExtraHop to Monitor External Connections to Improve Compliance and Security.securityRead MoreCustomer StoryCity of Geel Dramatically Improves Application and Network Performance with ExtraHop With insight from ExtraHop, the IT team for the city of Geel has correlated, cross-tier visibility across all applications and systems, on-premises to cloud.securityRead MoreCustomer StoryCity of