extrahop/revealx Dashboards | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support

extrahop/revealx Dashboards

ExtraHop Detection Summary
Reveal(X): Unmanaged Systems

ExtraHop Detection Summary

Widget	Description	Type
Top Primary Victims (By Name)	Displays a chart of the top primary victims by name using ExtraHop Reveal(x)360 data. Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby(victim_primary.name) \| sort((_count))`	`Bar Chart`
Top MITRE Tactics	Displays a pie chart of top MITRE tactics using ExtraHop Rx360 data. Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby("mitre_tactics_string") \| sort((_count))`	`Pie Chart`
Top Primary Victims (By IP)	Displays a chart of top primary victims by IP address using ExtraHop Rx360 data. Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby(victim_primary.ipaddr) \| sort((_count))`	`Bar Chart`
Top External Offenders Map	Displays a world map of top external offenders by IP address. Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| case { offender_primary.external = "true" \| _ip := offender_primary.ipaddr} \| worldmap(ip=_ip)`	`World Map`
Top Primary Offenders (By IP)	Displays a chart of top primary offenders by IP address. Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby(offender_primary.ipaddr) \| sort((_count))`	`Bar Chart`
Top Primary Offenders (By Name)	Displays a list of primary offenders by name using ExtraHop Reveal(x) 360. Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby(offender_primary.name) \| sort((_count))`	`Bar Chart`
Top Categories	Displays a pie chart of the top ExtraHop R(x)360 categories. Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby(categories_array[0]) \| sort((_count))`	`Pie Chart`

Reveal(X): Unmanaged Systems

Widget	Description	Type
Total Unmanaged Systems	Displays the number of total unmanaged ExFlow systems Hide Query Show Query logscale `format = "ExFlow" \|!undefined \| count(name,distinct=true)`	`Gauge`
Top 10 Peers	Displays a table of the top 10 ExFlow peers in descending order. Hide Query Show Query logscale `format = "ExFlow" \| !undefined \| !169.254 \| groupby(field=receiverAddr, function=count()) \| sort(field=_count, type=number, limit=10, order=desc)`	`Table`
ExFlow Data (Unmanaged Systems)	Displays a list of Windows ExFlow PCAP data in table format. Hide Query Show Query logscale `ExFlow OS \| format("[PCAP Download](%s)", field=pcap, as=PCAP)\| format("%s", field=pcap, as="pcapLink")\|table([@timestamp,OS, name, mac ,senderAddr, senderPort,receiverAddr, receiverPort, bytes, pkts, l7proto, proto, age,PCAP])`	`Table`
Outbound Connections	Displays a world map of outbound connections by IP address. Hide Query Show Query logscale `//\| receiverAddr = ?ReceiverIP AND senderAddr = ?SenderIP \| worldMap(ip=receiverAddr)`	`World Map`
New Devices (Last 24 Hours)	Displays new devices used in the last 24 hours. Hide Query Show Query logscale `format = "ExFlow" \| New Device \| count(receiverAddr, distinct=True)`	`Gauge`
Incoming Connections	Displays a world map of incoming connections using the sender's IP address. Hide Query Show Query logscale `worldMap(ip=senderAddr)`	`World Map`
NDR Detections	Displays a table of the top 10 NDR detections in descending order. Hide Query Show Query logscale `type = EH-ThreatHunt \| groupby(name) \| sort(field=_count, type=number, limit=10, order=desc)`	`Table`
Top Protocols in use by Unmanaged SYstems	Displays a pie chart of top protocols in use by unmanaged systems and limits results to the first 10 entries in descending order. Hide Query Show Query logscale `format = "ExFlow" \| !undefined \| !169.254 \| groupby(field=l7proto, function=count()) \| sort(field=_count, type=number, limit=10, order=desc)`	`Pie Chart`

Enter search term