Vectra XDR | Marketplace

Details
Content
Dependencies
Version History

Vectra XDR pack empowers the SOC to create incidents using Vectra AI's Attack Signal Intelligence.

Vectra XDR pack allows the security operations center to create incidents based on prioritized Entities, powered by Vectra AI's Attack Signal Intelligence. This pack enables security teams to synchronize the Vectra XDR Entities with Cortex XSOAR incidents in real time, making it feasible to manage operations from a single place.

What does this pack do?

Fetch entities and their detections from Vectra XDR.
List and Describe Entities and Detections.
List, Create, Update, and Resolve Entity Assignments.
List Assignment Outcomes.
List, Create, Update, and Delete Entity notes.
List, Update, and Remove Entity tags.
List, Assign, and Unassign members in Group.
Mark and Unmark Entity’s detections as fixed.
Download PCAP of detection.

Support

If you have questions or concerns about the content you're receiving, please reach out for support at https://support.vectra.ai or support@vectra.ai.

For more information, visit our Cortex XSOAR Developer Docs

Vectra XDR pack allows the security operations center to create incidents based on prioritized Entities, powered by Vectra AI's Attack Signal Intelligence. This pack enables security teams to synchronize the Vectra XDR Entities with Cortex XSIAM incidents in real time, making it feasible to manage operations from a single place.

What does this pack do?

Fetch entities and their detections from Vectra XDR.
List and Describe Entities and Detections.
List, Create, Update, and Resolve Entity Assignments.
List Assignment Outcomes.
List, Create, Update, and Delete Entity notes.
List, Update, and Remove Entity tags.
List, Assign, and Unassign members in Group.
Mark and Unmark Entity’s detections as fixed.
Download PCAP of detection.

Support

If you have questions or concerns about the content you're receiving, please reach out for support at https://support.vectra.ai or support@vectra.ai.

For more information, visit our Cortex XSIAM Developer Docs

Automations

Name	Description
VectraXDRDisplayEntityDetections	This script enables the display of detection details, available in the context, in the form of a markdown table.
VectraXDRSyncEntityAssignment	Sync Entity Assignment details from the Vectra platform.
VectraXDRAddNotesInLayout	This script allows to add Entity notes in the layout.
VectraXDRSyncEntityDetections	Sync Entity detection details from the Vectra platform.

Classifiers

Name	Description
Vectra XDR - Incoming Mapper

Incident Fields

Name	Description
Vectra XDR Entity Type
Vectra XDR Entity Name
Vectra XDR Entity ID
Vectra XDR Entity Assignment Details
Vectra XDR Entity Attack Rating
Vectra XDR Entity Assignment Outcome
Vectra XDR Entity Last Detection Timestamp
Vectra XDR Entity IP
Vectra XDR Entity State
Vectra XDR Entity Priority Status
Vectra XDR Entity Last Modification Timestamp
Vectra XDR Entity Detection Details
Vectra XDR Entity Velocity
Vectra XDR Entity Assignment Resolved By
Vectra XDR Entity Filter Tags
Vectra XDR Entity Host Type
Vectra XDR Entity Assignment Assigned Date
Vectra XDR Entity Assignment ID
Vectra XDR Entity Importance
Vectra XDR Entity Notes
Vectra XDR Entity Account Type
Vectra XDR Entity Assignment Assigned to
Vectra XDR Entity Urgency Score
Vectra XDR Entity Assignment Assigned By
Vectra XDR Entity Assignment Resolved Date
Vectra XDR Entity Attack Profile

Incident Types

Name	Description
Vectra XDR Entity

Integrations

Name	Description
Vectra XDR (Partner Contribution)	This integration allows to create incidents based on Vectra XDR Entities.

Layouts

Name	Description
Vectra XDR Entity	Show Details about Vectra Entity

Playbooks

Name	Description
Process Incident - Vectra XDR	This playbook is used to initiate the processing of an incident. This playbook runs when a pending incident is selected for investigation. It will change the state from pending to active and it will list the available users in Vectra and request the user ID to use for assignment. Once the data collection is complete, it will call the Dispatch Incident - Vectra XDR playbook.
Dispatch Incident - Vectra XDR	This playbook is called from the Process Incident - Vectra XDR playbook. It will fetch all active detections for the entity under investigation. It will then assign the entity to a user; if an assignment already exists, it will update that assignment and add a note in Vectra.
Add Note - Vectra XDR	This playbook will add a note in Vectra for an entity based on its type.

Automations

Name	Description
VectraXDRDisplayEntityDetections	This script enables the display of detection details, available in the context, in the form of a markdown table.
VectraXDRSyncEntityDetections	Sync Entity detection details from the Vectra platform.
VectraXDRSyncEntityAssignment	Sync Entity Assignment details from the Vectra platform.
VectraXDRAddNotesInLayout	This script allows to add Entity notes in the layout.

Classifiers

Name	Description
Vectra XDR - Incoming Mapper

Incident Fields

Name	Description
Vectra XDR Entity Priority Status
Vectra XDR Entity Assignment Details
Vectra XDR Entity ID
Vectra XDR Entity Filter Tags
Vectra XDR Entity Assignment Assigned to
Vectra XDR Entity Assignment Assigned By
Vectra XDR Entity Velocity
Vectra XDR Entity State
Vectra XDR Entity Notes
Vectra XDR Entity Last Detection Timestamp
Vectra XDR Entity Importance
Vectra XDR Entity Attack Profile
Vectra XDR Entity Detection Details
Vectra XDR Entity Name
Vectra XDR Entity IP
Vectra XDR Entity Assignment Assigned Date
Vectra XDR Entity Assignment Resolved By
Vectra XDR Entity Host Type
Vectra XDR Entity Account Type
Vectra XDR Entity Last Modification Timestamp
Vectra XDR Entity Assignment Outcome
Vectra XDR Entity Attack Rating
Vectra XDR Entity Assignment Resolved Date
Vectra XDR Entity Urgency Score
Vectra XDR Entity Type
Vectra XDR Entity Assignment ID

Incident Types

Name	Description
Vectra XDR Entity

Integrations

Name	Description
Vectra XDR (Partner Contribution)	This integration allows to create incidents based on Vectra XDR Entities.

Playbooks

Name	Description
Dispatch Alert - Vectra XDR	This playbook is called from the Process Alert - Vectra XDR playbook. It will fetch all active detections for the entity under investigation. It will then assign the entity to a user; if an assignment already exists, it will update that assignment and add a note in Vectra.
Add Note - Vectra XDR	This playbook will add a note in Vectra for an entity based on its type.
Process Alert - Vectra XDR	This playbook is used to initiate the processing of an alert. This playbook runs when a pending alert is selected for investigation. It will change the state from pending to active and it will list the available users in Vectra and request the user ID to use for assignment. Once the data collection is complete, it will call the Dispatch Alert - Vectra XDR playbook.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (2)

Pack Name	Pack By
Common Types	By: Cortex XSOAR
Phishing	By: Cortex XSOAR

All level dependencies (4)

Pack Name	Pack By
Filters And Transformers	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR

PUBLISHER

Vectra AI

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	November 26, 2023
Last Release	January 16, 2024

Network Security

Asset Management

Vulnerability Management

Breach Notification

Incident Response

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.