BlogWith an ExtraHop Explore appliance, you can offload information from your Discover appliance and selectively retrieve it down the line. But not all data is important, space costs money, and you only want to store records that are worth it.
First, check out our Explore appliance deployment guides to learn how to install and configure an Explore appliance, create a cluster of appliances (we recommend three for optimal performance), and connect your Explore appliance cluster to your Discover appliance. We have guides for physical deployments and a number of flavors of virtual deployments in AWS, Azure, KVM, and VMware.
Then, learn how to commit a custom record to monitor suspicious port activity (or modify our instructions to the type of information you want to collect). You'll learn how to write a trigger to collect selected records and send them to the Explore appliance, and then you'll learn how to query for those records through the Discover appliance.
Finally, for a more detailed look at how to query for stored records, check out our previous walkthrough on how to discover missing web resources.
