ExtraHop Reveal(x) is great at Security Detections. In Reveal(x) currently you cannot create custom dashboards on detections because the ML Detections are not available as metrics. There are also no available trending dashboards out of the box. If you are interested in this capability you can you use my custom bundle “EH ML Detections to Custom Metrics v1". With this bundle dashboard you can now create, schedule and email the dashboard panels as pdf reports.
I have attached my custom bundle to this post. It includes a custom trigger, an application, a dashboard and a record type.
If you would like to configure the debug messages you can send it to any ODS. The default configuration is to send debug logs to Splunk.
EH ML Detections to Custom Metrics v1.json (104.6 KB)
- I liked this post
- I did not like this post