What's New in 8.1 and Reveal(x)

While release notes provide a comprehensive view of our 8.1 release updates, here is a preview of our most exciting new features.

Detections

Detections help teams watch for common and emerging threats by identifying known attack vectors and linking to industry knowledgebases, such as the MITRE ATT&CK® framework. In 8.1, we've added a matrix of MITRE tactics and techniques that showcases the threats that are covered by ExtraHop detections and the detections on your system that match those techniques. Plus, we've added a filter that enables you to search matching detections by specific technique IDs.

You can now hide all detections from a particular participant: victim or offender. Create a rule to hide detections from noisy (but approved) vulnerability scanners.

When grouping by source, you can also view details about the role that source has played in detections on the network and a summary of the detection types that involve that source device.

Assets & Endpoints

The 8.1 release has enhanced how the ExtraHop system tracks your discovered devices and connections to remote endpoints.

Identify users who have logged in through WiFI login credentials to track users that are accessing mobile devices on your network, such as phones, tablets, and laptops.

Track the history of an IP address across multiple devices when the ExtraHop system is configured for L2 Discovery.

Internal VPN traffic is now classified. These devices are assigned the VPN Client role and associated with their external hostname or IP address. You can also now add observations through the REST API to associate IP addresses. For example, you can associate the IP address of a VPN client on your network with the external IP address assigned to the VPN user on the internet.

Reveal(x) systems show connections to and from external cloud service providers on the Perimeter overview page's halo visualization.

For ExtraHop systems with a recordstore, a set of L7 records is automatically collected without the need to write a trigger. You can view the default selections and enable or disable records from the Settings / Records page.

For ExtraHop Administrators

• Map SAML SSO attribute values from an identity provider to ExtraHop user privileges so that you can set permissions for SAML users without adding ExtraHop-specific configurations to your IdP.
• Configure multiple packetstores for 6100v on VMware
• View improved system health metrics and cluster settings for Explore appliances.

Visit our Customer Community for upgrade options and let us know if you have any questions!