While release notes provide a comprehensive view of our 9.1 release updates, here is a preview of our most exciting new features.
Detections
You can now tune detections by custom network localities in which the victim or offender is a participant.
You can also filter and tune hardening detections from summary pages that are available for all hardening detection types.
A summary of perimeter traffic now appears next to the halo visualizations (Cloud Services, Countries, Large Uploads) on the Perimeter Overview. Quickly identify external connections in the halo visualization, and then drill down into device properties and records.
Assets
A global privilege policy in the Administration settings now lets you control whether users with limited write privileges can create and edit device groups.
And, there is a new role for attack simulators that can be assigned to a device that runs breach and attack simulation (BAS) software.
Notifications
ExtraHop Reveal(x) now displays a screen upon login that includes features available in the most current version. Users can access the feature list later by selecting System Notices from the System Settings menu.
In Reveal(x) 360, administrators can now create a system notification rule to email a recipient list whenever daily record ingest nears or exceeds the daily ingest capacity.
Administrators
- Reveal(x) administrators users will see a system notice when new firmware is available.
- There are two new permission levels: one allows you to download packet slices (the first 64 bytes of the packet) and one that allows you to download PCAPs and session keys in a single ng file.
- REST API updates include the following changes:
- Added the result_fields field to the POST /devices/search operation, which enables you to specify which fields are returned by the operation.
- Added the editors field to the POST /devicegroups operation, which enables you to specify users with limited write privileges who can edit a device group.