While release notes provide a comprehensive view of our 8.5 release updates, here is a preview of our most exciting new features.
Detections
Investigation Tracking enables you to track and annotate detections as part of your investigative workflow directly in the ExtraHop system. You can set a status, assign work, and add notes directly to a detection. Optionally, you can still configure tracking through a third-party ticketing system.
And, when a detection that matches your specified criteria occurs, the ExtraHop system can now send an email to your designated recipients through Detection Notifications.
Devices
When you log back in to an ExtraHop system, the last relative time interval that you viewed appears by default.
We also added a Currently Active filter so you can find devices with activity observed in the last 30 minutes.
Records
A record query can result in millions of records based on the time interval and filter criteria. In 8.5, queries from Google BigQuery pause intermittently to display batches of the most recent records first. Click Continue Query to display the next batch of records.
Filter records by cloud services in the Refine Results section.
Reveal(x) 360 Only
Import threat collections from CrowdStrike Falcon to gain threat intelligence about IP addresses, domains, and hostnames.
For ExtraHop Administrators
- Track and verify the progress of some administration tasks, such as upgrades, through the new /jobs REST API endpoint. For an example, see the upgrade_system script in the ExtraHop code-examples GitHub repository. Note that you can only track upgrades with the /jobs endpoint on versions 8.5.0 and later.
- Download scheduled reports as a PDF file through the /reports/{id}/download endpoint.
- Command appliance for Google Cloud Platform is now available.
Visit our Customer Community for upgrade options and let us know if you have any questions!