ExtraHop Reveal(x) is great at Security Detections. I recommend running Firmware v7.8.2+. In Reveal(x) currently you cannot create new custom dashboards because the ML Detections are not available metrics. There are also no available trending dashboards out of the box. If you are interested in this capability you can you use a custom trigger and send ML Detections to your SIEM.
I have attached my EH ML Detections To Splunk Bundle. It includes a simple Trigger to send ML events to Splunk. I have also attached my Splunk custom dashboard for the ML detections.
You must make sure that you configure Splunk as a Syslog target in your Reveal(x) appliance.
- I liked this post
- I didn’t like this post