New in RevealX 9.7: Network-Based File Analysis and Upgraded AI Search Capabilities

SOC analysts and network engineers only have so many hours in a day. The best solutions empower them to make the most of their limited time by reducing the need to pivot between tools or write complex queries. That’s why we’re sure you’re going to enjoy the latest updates in RevealX 9.7. We’ve added new capabilities, enhanced existing features, and made it easier to tailor your RevealX implementation to your organization’s needs.

The latest version of RevealX introduces several new features:

Network-Based File Analysis – Allows you to quickly analyze files for malware, ransomware, or data loss prevention (DLP) with file hashing, metadata extraction, malware detection, and file carving for download.

Expanded Record Lookback Options – Gives RevealX 360 customers the flexibility to choose from 30 day, 90 day, or 180 day record lookback periods.

Upgrades to AI Search Assistant – The natural language search capabilities provided by AI Search Assistant just got even better. Now, analysts can query records as well as assets, filter queries to a specific date range, leverage suggested queries to search more effectively, and more.

And we’re always adding new Threat Briefings to RevealX so you can stay ahead of the latest high-risk vulnerabilities, like CVE-2024-6387, a.k.a. “regreSSHion.”

Network-Based File Analysis

With the 9.7 release, RevealX customers can now leverage the power of the network for file-based analysis and detection capabilities. Swiveling between multiple tools to analyze files for malware, ransomware, or DLP is a daily challenge for analysts. Now, SOC teams can save time and resources by conducting file analysis within RevealX.

On-demand file carving capabilities enable analysts to efficiently extract and examine files flagged as suspicious directly from packets, accelerating threat hunting and reducing mean time to respond. And customers with IDS can leverage the power of the network and the integration with CrowdStrike Premium Threat Intelligence to detect known malicious files.

Expanded Record Lookback Options

You asked; we listened. RevealX 360 customers now have greater flexibility to choose the length of their Standard Investigation record lookback period. With options for 30 days, 90 days, or 180 days, RevealX 360 customers can tailor their lookback period to their specific investigation, compliance, threat hunting, incident response, and budgetary needs.

Our unique record parsing and processing technology means records are lightweight, but also provide broad and deep historical visibility into network activity that SOC analysts, threat hunters, incident responders, and network and application performance teams need. RevealX makes it easy to query records associated with security incidents and network performance issues without the need for additional hardware, storage infrastructure, or multiple tools.

Upgrades to AI Search Assistant

The AI Search Assistant released in RevealX 9.6 just got even better. The natural language search capabilities introduced in May have been updated to increase the speed and optimization of searches and expanded to include new features, like support for customers in EMEA and APAC through our Frankfurt and Sydney datacenters.

Analysts can now search within specific time ranges to target the data they need more precisely. Meanwhile, suggested queries provide examples of how to use the search tool, and are tailored to help new users quickly understand how to use the AI Search Assistant to its full potential. Additionally, the last ten user queries are now displayed, making it easier for analysts to reference and follow-up on previous searches.

The large language model (LLM) powering the AI Search Assistant was trained extensively on the ExtraHop API. It is never trained on any customer data. The Search Assistant was designed so that the LLM generates a query that leads customers to their data only after the LLM has safely exited the conversation. So the only way customer data could be exposed to the LLM is if a customer includes it in a query.

What’s more, AI Search Assistant now allows users to query more than just devices. All customers, regardless of whether they use RevealX for network detection and response (NDR) or network performance management (NPM), can now search their ExtraHop records with the help of AI. This means analysts spend less time sifting through network traffic to find important detections and can start taking steps to resolve network issues sooner, leading to accelerated threat hunting, quicker investigations, and less network downtime.

Check out the full 9.7 release notes for all the details.