extrahop/revealx Dashboards

ExtraHop Detection Summary

The ExtraHop Detection Summary dashboard provides comprehensive threat analysis through multi-dimensional detection visualizations. This dashboard enables identification of primary victims and offenders, analysis of MITRE tactics, and monitoring of external threat patterns through geographical mapping.
Reveal(X): Unmanaged Systems

The Reveal(X): Unmanaged Systems dashboard presents detailed visibility into unauthorized devices through specialized detection visualizations. This dashboard enables discovery of unmanaged assets, tracking of unauthorized system activities, and monitoring of shadow IT presence across the network environment.

ExtraHop Detection Summary

The ExtraHop Detection Summary dashboard provides comprehensive threat analysis through multi-dimensional detection visualizations. This dashboard enables identification of primary victims and offenders, analysis of MITRE tactics, and monitoring of external threat patterns through geographical mapping.

Widget	Description	Type
Top Primary Victims (By Name)	Displays a chart of the top primary victims by name using ExtraHop Reveal(x)360 data. Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby(victim_primary.name) \| sort((_count))`	`Bar Chart`
Top MITRE Tactics	Displays a pie chart of top MITRE tactics using ExtraHop Rx360 data. Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby("mitre_tactics_string") \| sort((_count))`	`Pie Chart`
Top Primary Victims (By IP)	Displays a chart of top primary victims by IP address using ExtraHop Rx360 data. Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby(victim_primary.ipaddr) \| sort((_count))`	`Bar Chart`
Top External Offenders Map	Displays a world map of top external offenders by IP address. Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| case { offender_primary.external = "true" \| _ip := offender_primary.ipaddr} \| worldmap(ip=_ip)`	`World Map`
Top Primary Offenders (By IP)	Displays a chart of top primary offenders by IP address. Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby(offender_primary.ipaddr) \| sort((_count))`	`Bar Chart`
Top Primary Offenders (By Name)	Displays a list of primary offenders by name using ExtraHop Reveal(x) 360. Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby(offender_primary.name) \| sort((_count))`	`Bar Chart`
Top Categories	Displays a pie chart of the top ExtraHop R(x)360 categories. Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby(categories_array[0]) \| sort((_count))`	`Pie Chart`

Reveal(X): Unmanaged Systems

The Reveal(X): Unmanaged Systems dashboard presents detailed visibility into unauthorized devices through specialized detection visualizations. This dashboard enables discovery of unmanaged assets, tracking of unauthorized system activities, and monitoring of shadow IT presence across the network environment.

Widget	Description	Type
Total Unmanaged Systems	Displays the number of total unmanaged ExFlow systems Hide Query Show Query logscale `format = "ExFlow" \|!undefined \| count(name,distinct=true)`	`Gauge`
Top 10 Peers	Displays a table of the top 10 ExFlow peers in descending order. Hide Query Show Query logscale `format = "ExFlow" \| !undefined \| !169.254 \| groupby(field=receiverAddr, function=count()) \| sort(field=_count, type=number, limit=10, order=desc)`	`Table`
ExFlow Data (Unmanaged Systems)	Displays a list of Windows ExFlow PCAP data in table format. Hide Query Show Query logscale `ExFlow OS \| format("[PCAP Download](%s)", field=pcap, as=PCAP)\| format("%s", field=pcap, as="pcapLink")\|table([@timestamp,OS, name, mac ,senderAddr, senderPort,receiverAddr, receiverPort, bytes, pkts, l7proto, proto, age,PCAP])`	`Table`
Outbound Connections	Displays a world map of outbound connections by IP address. Hide Query Show Query logscale `//\| receiverAddr = ?ReceiverIP AND senderAddr = ?SenderIP \| worldMap(ip=receiverAddr)`	`World Map`
New Devices (Last 24 Hours)	Displays new devices used in the last 24 hours. Hide Query Show Query logscale `format = "ExFlow" \| New Device \| count(receiverAddr, distinct=True)`	`Gauge`
Incoming Connections	Displays a world map of incoming connections using the sender's IP address. Hide Query Show Query logscale `worldMap(ip=senderAddr)`	`World Map`
NDR Detections	Displays a table of the top 10 NDR detections in descending order. Hide Query Show Query logscale `type = EH-ThreatHunt \| groupby(name) \| sort(field=_count, type=number, limit=10, order=desc)`	`Table`
Top Protocols in use by Unmanaged SYstems	Displays a pie chart of top protocols in use by unmanaged systems and limits results to the first 10 entries in descending order. Hide Query Show Query logscale `format = "ExFlow" \| !undefined \| !169.254 \| groupby(field=l7proto, function=count()) \| sort(field=_count, type=number, limit=10, order=desc)`	`Pie Chart`

Versions of this Page

Package Marketplace

Package Reference

Dashboard Reference

Package Management

Other Integrations

Log Formats

extrahop/revealx Dashboards

ExtraHop Detection Summary

Reveal(X): Unmanaged Systems

Enter search term