ExtraHop IDS is an intrusion detection system integrated into the RevealX NDR platform. The system provides real-time detection of known exploits, CVE vulnerabilities, and file-based malware using tens of thousands of curated network signatures maintained by the ExtraHop Threat Research team. The solution monitors both east-west and north-south network traffic with decryption capabilities to detect threats in encrypted traffic as they move laterally across networks. It combines signature-based detection with machine learning to identify both known and unknown threats. ExtraHop IDS includes integrated investigation workflows with risk scoring, correlation, and packet capture evidence repository for forensic analysis. The system provides traffic lookback capabilities, threat briefings, and correlated detection timelines to support incident response activities. The platform deploys and manages IDS from the same RevealX NDR sensor, eliminating the need for separate infrastructure. It includes automated cloud updates for health monitoring and rule updates, including support for sensors with restricted access. The system addresses compliance requirements from standards including PCI DSS and NIST. It integrates with security platforms for coordinated response workflows and provides visibility across hybrid work environments, IoT devices, multi-cloud environments, and third-party services.