Vectra RUX | Marketplace

Details
Content
Dependencies
Version History

Vectra RUX pack empowers the SOC to create incidents based on events detection using Vectra AI's Attack Signal Intelligence.

Vectra RUX pack allows the security operations center to create incidents based on Events Detections, powered by Vectra AI's Attack Signal Intelligence. This pack enables security teams to synchronize the Vectra RUX Detections with Cortex XSOAR incidents in real time, making it feasible to manage operations from a single place.

What does this pack do?

Fetch detections from Vectra RUX.
List and Describe Entities and Detections.
List, Create, Update, and Resolve Entity Assignments.
List, Create, Update, and Delete Entity notes.
List, Create, Update, and Delete Detection notes.
List, Update, and Remove Entity tags.
List, Update, and Remove Detection tags.
List, Assign, and Unassign members in Group.
Download PCAP of detection.
Update Investigation Status of the Detection.
Reset unresolved-priority of an Entity.
Update the External Reference ID of an Entity and Detection.
Send Investigation Query and Get Results for an Investigation Query.

Support

If you have questions or concerns about the content you're receiving, please reach out for support at https://support.vectra.ai or support@vectra.ai.

For more information, visit our Cortex XSOAR Developer Docs

Vectra RUX pack allows the security operations center to create incidents based on Events Detections, powered by Vectra AI's Attack Signal Intelligence. This pack enables security teams to synchronize the Vectra RUX Detections with Cortex incidents in real time, making it feasible to manage operations from a single place.

What does this pack do?

Fetch detections from Vectra RUX.
List and Describe Entities and Detections.
List, Create, Update, and Resolve Entity Assignments.
List, Create, Update, and Delete Entity notes.
List, Create, Update, and Delete Detection notes.
List, Update, and Remove Entity tags.
List, Update, and Remove Detection tags.
List, Assign, and Unassign members in Group.
Download PCAP of detection.
Update Investigation Status of the Detection.
Reset unresolved-priority of an Entity.
Update the External Reference ID of an Entity and Detection.
Send Investigation Query and Get Results for an Investigation Query.

Support

If you have questions or concerns about the content you're receiving, please reach out for support at https://support.vectra.ai or support@vectra.ai.

For more information, visit our Cortex XSOAR Developer Docs

Automations

Name	Description
VectraRUXSyncEntityAssignment	Sync Entity Assignment details from the Vectra platform.
VectraRUXLinkEntityDetections	Link the Detections which have the same entity ID.
VectraRUXGetIncidents	Get the incidents with the type Vectra RUX Events Detection.
VectraRUXSyncDetectionNotes	Sync the Detection Notes from the Vectra platform.
VectraRUXSyncDetectionSummary	Sync the detection summary from the Vectra platform.
VectraRUXLinkTicketDetections	Link the Detections which have the same External Reference ID.

Classifiers

Name	Description
Vectra RUX - Incoming Mapper

Incident Fields

Name	Description
Vectra RUX Is Event Triaged
Vectra RUX Entity Privilege Category
Vectra RUX Access Key ID
Vectra RUX Process Context Investigate Entity Link
Vectra RUX Event IPs
Vectra RUX Entity Priority Status
Vectra RUX Entity Assignment Assigned to
Vectra RUX Detection Notes
Vectra RUX Detection Type
Vectra RUX Entity Assignment Details
Vectra RUX Entity Type
Vectra RUX Event External Targets
Vectra RUX Entity URL
Vectra RUX Investigation Status
Vectra RUX Process Context Query Link
Vectra RUX Last Timestamp
Vectra RUX Destination Host Information
Vectra RUX Event Protocols
Vectra RUX Destination Account Information
Vectra RUX Data Source Type
Vectra RUX Entity IP
Vectra RUX Identity Type
Vectra RUX Entity Urgency Score
Vectra RUX Entity Unresolved Priority Status
Vectra RUX External Reference ID
Vectra RUX Process Context Error Message
Vectra RUX Event DNS
Vectra RUX Process Context Date Created
Vectra RUX Certainty Score
Vectra RUX User Agent
Vectra RUX Entity UID
Vectra RUX Entity Assignment Resolved By
Vectra RUX Entity Importance
Vectra RUX Entity Assignment Outcome
Vectra RUX Event Domains
Vectra RUX Process Context Processes
Vectra RUX Data Source Sensor ID
Vectra RUX Event Hosts
Vectra RUX Entity Assignment Assigned Date
Vectra RUX AWS Region
Vectra RUX Data Source Sensor Name
Vectra RUX Process Context Query Status
Vectra RUX Entity ID
Vectra RUX Mitre IDs
Vectra RUX Source External Host Name
Vectra RUX Event Timestamp
Vectra RUX Assumed Role
Vectra RUX Entity Assignment Resolved Date
Vectra RUX Entity Assignment Assigned By
Vectra RUX Detection Category
Vectra RUX Event Change Type
Vectra RUX Event Accounts
Vectra RUX Event Ports
Vectra RUX Entity Name
Vectra RUX Event Name
Vectra RUX Detection Reason
Vectra RUX Entity Assignment ID
Vectra RUX Role Sequence
Vectra RUX Source External Host IP
Vectra RUX Threat Score
Vectra RUX Account ID
Vectra RUX Detection ID
Vectra RUX Event Severity
Vectra RUX Destination Domain Information
Vectra RUX Entity External Reference ID

Incident Types

Name	Description
Vectra RUX Events Detection

Integrations

Name	Description
Vectra RUX - Network Detection & Response (Partner Contribution)	This integration allows the security operations center to create and manage incidents based on Vectra Events Detections.

Layouts

Name	Description
Vectra RUX Events Detection	Show Details about Vectra Events Detections

Playbooks

Name	Description
Find Detection State and Expire Inactive Detections - Vectra RUX	This playbook identifies the detection states of incidents and updates the investigation status of inactive detections to "expired".
Expire Inactive Detections - Vectra RUX	This playbook identifies incidents with inactive detections and updates their investigation status to "expired".

Automations

Name	Description
VectraRUXSyncEntityAssignment	Sync Entity Assignment details from the Vectra platform.
VectraRUXGetIncidents	Get the incidents with the type Vectra RUX Events Detection.
VectraRUXGetAlerts	Get the alerts with the type Vectra RUX Events Detection.
VectraRUXSyncDetectionNotes	Sync the Detection Notes from the Vectra platform.
VectraRUXLinkTicketDetections	Link the Detections which have the same External Reference ID.
VectraRUXSyncDetectionSummary	Sync the detection summary from the Vectra platform.
VectraRUXLinkEntityDetections	Link the Detections which have the same entity ID.

Classifiers

Name	Description
Vectra RUX - Incoming Mapper

Incident Fields

Name	Description
Vectra RUX Data Source Sensor ID
Vectra RUX Process Context Query Link
Vectra RUX Process Context Processes
Vectra RUX Process Context Error Message
Vectra RUX Certainty Score
Vectra RUX Event Change Type
Vectra RUX Entity Assignment Assigned to
Vectra RUX Last Timestamp
Vectra RUX Mitre IDs
Vectra RUX Event External Targets
Vectra RUX Entity UID
Vectra RUX Process Context Investigate Entity Link
Vectra RUX Destination Host Information
Vectra RUX Threat Score
Vectra RUX Is Event Triaged
Vectra RUX Entity Assignment Assigned By
Vectra RUX Detection Category
Vectra RUX Account ID
Vectra RUX Event Ports
Vectra RUX Source External Host Name
Vectra RUX Entity Assignment Assigned Date
Vectra RUX Entity Assignment ID
Vectra RUX Entity Assignment Resolved Date
Vectra RUX Event Name
Vectra RUX Detection Notes
Vectra RUX Detection ID
Vectra RUX Event Severity
Vectra RUX Entity Importance
Vectra RUX Access Key ID
Vectra RUX Entity ID
Vectra RUX Entity Assignment Details
Vectra RUX Event IPs
Vectra RUX Data Source Type
Vectra RUX Process Context Date Created
Vectra RUX Role Sequence
Vectra RUX Entity Assignment Resolved By
Vectra RUX Assumed Role
Vectra RUX Detection Reason
Vectra RUX External Reference ID
Vectra RUX Detection Type
Vectra RUX Source External Host IP
Vectra RUX Entity IP
Vectra RUX Entity Assignment Outcome
Vectra RUX Entity Privilege Category
Vectra RUX Entity URL
Vectra RUX Entity Name
Vectra RUX Entity External Reference ID
Vectra RUX Event Hosts
Vectra RUX Identity Type
Vectra RUX Entity Type
Vectra RUX User Agent
Vectra RUX Destination Account Information
Vectra RUX Event Accounts
Vectra RUX Process Context Query Status
Vectra RUX Event Timestamp
Vectra RUX Data Source Sensor Name
Vectra RUX Event DNS
Vectra RUX Destination Domain Information
Vectra RUX Entity Urgency Score
Vectra RUX AWS Region
Vectra RUX Investigation Status
Vectra RUX Entity Unresolved Priority Status
Vectra RUX Entity Priority Status
Vectra RUX Event Domains
Vectra RUX Event Protocols

Incident Types

Name	Description
Vectra RUX Events Detection

Integrations

Name	Description
Vectra RUX - Network Detection & Response (Partner Contribution)	This integration allows the security operations center to create and manage incidents based on Vectra Events Detections.

Playbooks

Name	Description
Find Detection State and Expire Inactive Detections - Vectra RUX	This playbook identifies the detection states of alerts and updates the investigation status of inactive detections to "expired".
Expire Inactive Detections - Vectra RUX	This playbook identifies alerts with inactive detections and updates their investigation status to "expired".

Required Content Packs (5)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Common Types	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Phishing	By: Cortex XSOAR

Optional Content Packs (2)

Pack Name	Pack By
Vectra XDR	By: Vectra AI
Vectra AI	By: Vectra TME Integrations

All level dependencies (9)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Phishing	By: Cortex XSOAR
Common Types	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	May 25, 2026
Last Release	May 25, 2026

Network Security

Asset Management

Vulnerability Management

Breach Notification

Incident Response

WORKS WITH THE FOLLOWING INTEGRATIONS:

Vectra RUX - Network Detection & Response

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.