Analysis Priorities in ExtraHop System

This guide details the analysis priorities within the ExtraHop system, which is designed to analyze traffic and collect data from discovered devices. Each device is assigned an analysis level that dictates the data and metrics collected. The document outlines five distinct analysis levels: Discovery Mode, Standard Analysis, Advanced Analysis, L2 Parent Analysis, and Flow Analysis. It explains how devices can be prioritized for Advanced Analysis through a watchlist or device groups. Important considerations regarding the watchlist, such as the retention of inactive devices and the maximum capacity for Advanced Analysis, are discussed. The guide also highlights the automatic prioritization process based on device activity and properties. Additionally, it provides a comparison of features associated with each analysis level, including metrics and detection capabilities. The document serves as a comprehensive resource for understanding how to effectively manage and prioritize device analysis within the ExtraHop system.