Vectra
Version: 1.1
Updated: Jul 07, 2023
The integration with Vectra allows users to retrieve information about detections, hosts, accounts sensor info, system health info and do an advanced search.
Vectra AI detects and prioritises high-fidelity alerts in real time and responds with automated enforcement or alerts to security personnel. Security teams use this information for threat hunting and retrospective investigations via a subscription service.
Actions​
- List Detections (Enrichment) - Security detection events.
- List Hosts (Enrichment) - Host information.
- List Accounts (Enrichment) - List accounts.
- Get Detection (Enrichment) - Detection Information.
- Get Host (Enrichment) - Host information.
- Advanced Search (Enrichment) - Advanced search on hosts, accounts, and detections.
- Sensors Info (Enrichment) - Sensor information.
- System Health Info (Enrichment) - System Health information.
Vectra configuration​
- Sign in to Vectra.
- In the main page, click on the section My Profile.
- Click on the copy button in API Token (or click generate a new token and then copy button).
Vectra in Automation Service and Cloud SOAR​
- Access integrations in the Automation Service or Cloud SOAR.
- After the list of the integrations appears, search/look for the integration and click on the row.
- The integration details will appear. Click on the "+" button to add new Resource.
- Populate all the required fields (*) and then click SAVE. Populate all the required fields:
- Label. The name of the resource.
- Host. 'https://apitest.vectracloudlab.com/api/v2.2/'
- Token. API Token copied earlier.
- Click SAVE.
- To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
- Click TEST SAVED SETTINGS.
- You should receive a successful notification in the bottom right corner.
Change Log​
- December 15, 2021 - First upload
- July 7, 2023 (v1.1) - Updated the integration with Environmental Variables