Listing Thumbnail

    ExtraHop Packet Basics (Free)

     Info
    Sold by: ExtraHop  
    ExtraHop Packet Basics is a free PCAP offering for forensic investigations, incident response, and threat hunting.
    Listing Thumbnail

    ExtraHop Packet Basics (Free)

     Info
    Sold by: ExtraHop  

    Overview

    Forensic investigation is more critical than ever as organizations navigate the landscape of a post-compromise world. Attacks evolve daily, and the number of advanced threats security teams are forced to confront continues to rise. The new realities of cloud and hybrid security also show the value of incident response. With ExtraHop Packet Basics, cloud-focused security teams now have the forensic detail they need to get to ground truth or to fulfill chain-of-custody requirements.

    Highlights

    • Enhances incident response workflows with instant access to network packets.
    • Reduces the amount of time, effort, and expense required for PCAP in the cloud.
    • Enables PCAP only for the packets needed for incident response and more.

    Details

    Categories

    Delivery method

    Delivery option
    ExtraHop Packet Basics Appliance (Recommended)
    64-bit (x86) Amazon Machine Image (AMI)

    Latest version

    Operating system
    OtherLinux 7.6.0-r2

    Typical total price

    This estimate is based on use of the seller's recommended configuration (m5.xlarge) in the US East (N. Virginia) Region. View pricing details

    $0.192/hour

    Pricing

    ExtraHop Packet Basics (Free)

     Info
    Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    Usage costs (1)

     Info
    Instance type
    Product cost/hour
    EC2 cost/hour
    Total/hour
    m5.xlarge
    Recommended
    $0.00
    $0.192
    $0.192

    Additional AWS infrastructure costs

    Type
    Cost
    EBS General Purpose SSD (gp3) volumes
    $0.08/per GB/month of provisioned storage

    Vendor refund policy

    The product is free and you can cancel at any time.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    64-bit (x86) Amazon Machine Image (AMI)

    Amazon Machine Image (AMI)

    An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.

    Additional details

    Usage instructions

    You can log in to Packet Basics from a web browser at https://<management_ip>/extrahop. The username is setup and the password is the instance ID (the string of numbers after the i).

    For more information, visit https://forums.extrahop.com/c/packet-basics/ 

    Support

    Vendor support

    Support is available through the ExtraHop-hosted Community Forums.

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Similar products

    Customer reviews

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 AWS reviews
    |
    67 external reviews
    External reviews are sourced from G2  and are not included in the star rating for this product.
    Telecommunications

    RevealX from a daily user perspective

    Reviewed on Feb 28, 2024
    Review provided by G2
    What do you like best about the product?
    Overall, RevealX is easy to use and provides great visibility into the network. ExtraHop has very thorough documentation and if you can't find what you're looking for the support and training teams are always willing to help. I've experienced a quick turnaround for questions around the product. The training team is excellent at maintain user engagement in a virtual setting. The product is also super customizable which is great for unique use and abuse cases.
    I use RevealX almost daily, my top three pros from a technical perspective are the increased visibility of the network, customizing doesn't mean learning a new language, and low barrier to entry for analysts who are new to networking and security.
    What do you dislike about the product?
    My top three cons for the product are that when adjusting baseline metrics, the baseline completely resets and there is a 3-4 week period before the baseline is calculated. Going off the above, it does not perform "lookback" searches for detections, meaning I can't craft a detection today and then see if the logic matches any stored data in the tool. Some of the customization areas need a bit of work so that they tie into the other features of the product.
    What problems is the product solving and how is that benefiting you?
    ExtraHop enables us to have better visibility. This has resulted in us making configuration changes on hardware and network devices to decrease our attack surface.
    Higher Education

    ExtraHOP provides visibility to quickly resolve performance and security issues

    Reviewed on Feb 21, 2024
    Review provided by G2
    What do you like best about the product?
    ExtraHOP provides great visibility for performance and security issues in our environment. Many of the detections, dashboards, and device groups provide easy starting points for learning to use extraHOP. Then, building custom dashboards and detections is very simple. We use extraHOP every day to assist us resolving problemes. The customer support and partnership we have with extraHOP has been key to our success.
    What do you dislike about the product?
    You need to really understand your environment from the network layer to the application layers. extraHOP provides many options, but you need to determine what works best for your environment. It does take some time for planning the implementation properly but the planning and design time is worth it.
    What problems is the product solving and how is that benefiting you?
    extraHOP has helped us solve authentication issues, storage issues, server issues, network performance issues, security problems and other application problems. We had many blind spots and extraHOP has helped us gain visibility to many of our services.
    Internet

    you get what you pay for

    Reviewed on Feb 14, 2024
    Review provided by G2
    What do you like best about the product?
    We've tested the product using reputable 3rd party pentesters manual and automated. And we've compared it with other products. The difference between seeing that you are being compromised and not seeing it is huge. How do you choose a competitive product that is cheaper if it doesn't see that you are being compromised? Or how do you rest at night knowing that you've done everything you can to safeguard your network? Extrahop's visibility is far above the rest.
    What do you dislike about the product?
    It is pricey. So if you are Misinformed and think that backups, firewalls, and anti-virus solutions are going to save you then you aren't going to understand the price of this product.
    What problems is the product solving and how is that benefiting you?
    Mainly keeping our company from experiencing a ransomware event. We have staff dedicated to keeping their eye on the product and chasing down alerts 24/7/365.
    Jeff H.

    One stop shop for network detections and notifications Easy to use and easy to understand.

    Reviewed on Feb 05, 2024
    Review provided by G2
    What do you like best about the product?
    I like that ExtraHop identifies the alert in a mannert that is easy to follow. It gives the risk level of the alert, shows the metrics, breaks down the records for the incident, shows the packets involved, and even includes a pcap of the packets that can be used in WireShark to analyze further. It also gives the Mitre techniques as well as mitigation options to mitigate the attack.
    What do you dislike about the product?
    I haven't found to many things I dislike about ExtraHop. It is not an automated system that will block an attack as it is happening, but it does e-mail out alerts so that I have the ability to begin investigating the incident as soon as possible leading to a faster mitigation scenario.
    What problems is the product solving and how is that benefiting you?
    As an ISP our network security is very important. ExtraHop is a tool to help ensure we are seeing any attack in realtime, giving us the ability to troubleshoot and mitigate the issue in a speedy manner. We have the abilty to isolate traffic quickly when an issue arises.
    Khaja Ahmed M.

    Overall good product but needs more flexibility.

    Reviewed on Jan 30, 2024
    Review provided by G2
    What do you like best about the product?
    1. Seamless monitoring.
    2. Simple and straightforward rule tuning.
    3. Dashboard capabilities
    What do you dislike about the product?
    1. Lot of false positives.
    2. Machine learning model is not flexible to the requirements.
    3. Sometimes performance issues.
    What problems is the product solving and how is that benefiting you?
    Its providing detections that are required to ensure all the permiters are covered.
    View all reviews