Few things in life are patently irrefutable. We do, however, find comfort in those things that are. The things that we know, down to the very fiber of our being, beyond the marrow of our bones, to be beyond contestation. Things like: Han shot first, it's definitely bigger on the inside, and wire data is the truth. You know, truths all geeks tend to use as the cornerstone of their understanding of the world around them. Okay I may have added that last one, but that doesn't make it any less true.
In addition to that list, I know one other thing for sure: goodness has been happening. Many forms of goodness, of course, but the goodness I'm referring to today is the myriad of good things happening here at ExtraHop HQ. There is so much happening, in fact, that I couldn't possibly list everything we've been up to since the last Top5. I can, however, pick a few to talk about, hoping to help you keep up with some of the brains at ExtraHop and the things they've spent their waking hours on in recent history. To do so, I give you this week's ExtraHop Top5:
Real-User Monitoring's Next Frontier: Context, Context, Context!
If you've heard us talking about RUM for the past couple of months, I'm here to reassure you that it is not that we're all a bunch of salty sailors, swilling rum every … err … wait, I'm not sure I can promise that. What I mean is, the RUM that we are speaking of is Real-User Monitoring. What is RUM? It's the idea of tracking not just server or application health, but the actual end user's experience on the client side. Tracking granular, specific pieces of user experience, load times, rendering times, etc. gives a massive amount of insight that many folks want.
Still trying to figure out how ExtraHop plays into monitoring that's happening on the client side? Fortunately, Chase threw together a pretty great article that describes Ryan's truly slick solution using ExtraHop for RUM. It's seamless, it's elegant, and it's a heck of a way to improve your user experience. Interested yet? You should be. Check it out.
Outranging HTTP.sys Range-Based Attacks, Trigger Style
Security isn't exactly my main focus, but given the world in which we live, it's a thing that all self-respecting geeks are aware of, after a fashion. As such, I had the good fortune to be in the right place at the right time to slam together a pretty cool security solution a few weeks back. There was an HTTP.sys vuln that lots of folks got all up in arms about, the way that only security can send arms in an upward trajectory. Turns out, attempts to exploit this vulnerability are near trivial to detect using the ExtraHop platform and a pretty straightforward trigger. Enter headphones, loud rock music, and a few hours later I had a working trigger, dashboard and bundle to keep an eye on this particular issue. Click the link to check out the full description of the issue, the solution, the link to the CVE, and some pictures of the dashboard. Oh, and of course a link to the bundle itself. Get your hands dirty!
I have said it before, on numerous occasions, and I can assure you beyond a shadow of a doubt that this will not be my last time. However, it must be said: I dig dashboards. The dashboarding functionality in the ExtraHop platform is pretty stellar stuff. Allowing for flexible, rapidly developed and deployed solutions to problems, questions, and requirements that just wouldn't be possible otherwise, this tech is top notch. As a dashboard fanboy, I was stoked to see Nojan start cranking out a series on the subject. His latest installment in the series is definitely worth a look. If you aren't already following the series, you should be. Until then, here's where to get on board.
It's got triggers. It's got dashboards. It's got a unique and difficult-to-solve problem being solved with tech I dig. It's got everything but slicing and dicing, and those things I can forgive, in this case. Terry has truly outdone himself with his work in the HL7 field as of late. While this post and accompanying video walkthrough may only scratch the surface of his HL7 knowledge, it was a killer primer for me, and I imagine a few of you as well. Want to know what HL7 is? How to parse it? Why you might want to? The code needed to coerce the ExtraHop platform into a lean, mean HL7 parsing machine? Well he's your huckleberry, and he's dishing out HL7-fu by the bucketful. I've read this post twice (not joking) to soak it all up. Bookmark it now, because I'm here to tell you you'll be coming back to it.
They're alive! ALIVE! Ahhh my beloved War Room Chronicles (WRC). From a random thought in a meandering conversation between Chris and me to a fully functioning death star podcast, this has been a fun ride. I was asked to whip up a piece to describe the podcast, why we're doing it, what can be expected and the like. Apparently "IT'S SO COOL GAIZ! YOU SHOULD TOTALLY LISTEN!!!!111" wasn't enough clarification. Confusing. As such, however, there's this post available to give you the WRC lowdown on the whats and whys. If you're already a fan, this might give you some more insider info. If you're not yet, maybe this'll be enough to make you a follower.
Bam! Top5 complete. The cadence of these will increase as the content engine gets truly humming, but for now we'll see you in a few weeks with five more wicked cool tidbits.
This is a companion discussion topic for the original entry at https://www.extrahop.com/blog/2015/extrahop-top5-june-8-2015/