Vectra AI | Marketplace

Details
Content
Dependencies
Version History

This content pack allows to create incidents based on Vectra Accounts/Hosts/Detections objects.

Vectra® is the leading AI-driven threat detection and response platform for the enterprise.
Only Vectra optimizes AI to detect advanced attacker behaviors across hybrid and multi-cloud environments.
The resulting high-fidelity signal and rich context enables security teams to prioritize, investigate and respond to threats in real-time.
Learn more at Vectra Website.

This pack is designed to quickly integrate with Vectra Detect platform to detect and analyze malicious attacks in progress by creating incident based on Accounts, Hosts or Detections. It gives security engineers visibility into advanced threats to speed detection and remediation response times.

What does this pack do?

Mirrors incidents between Cortex XSOAR incidents and Vectra Detect Accounts, Hosts and Detections alerts.
Enriches incidents
Download detection PCAP
Push tags to Vectra Detect platform
Create/Update/Resolve Vectra assignments
Create XSIAM Events from Detections and Audits

Configuration on Server Side

To get up and running with this pack, you must have a valid API token on your Vectra AI instance. In your Vectra AI instance:

Navigate to My Profile.
Click the General tab.
Create an API Token.

Be sure that the user has a role with sufficient permissions to do all the actions.

Pack Contributors:

DUDA Olivier

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

This pack includes Cortex XSIAM content.

What does this pack do?

Mirrors incidents between Cortex XSIAM incidents and Vectra Detect Accounts, Hosts and Detections alerts.
Enriches incidents
Download detection PCAP
Push tags to Vectra Detect platform
Create/Update/Resolve Vectra assignments
Create XSIAM Events from Detections and Audits

Configuration on Server Side

To get up and running with this pack, you must have a valid API token on your Vectra AI instance. In your Vectra AI instance:

Navigate to My Profile.
Click the General tab.
Create an API Token.

Be sure that the user has a role with sufficient permissions to do all the actions.

Collect Events from Vendor

REST API

The integration uses the 2.2 API version of detections and audits endpoints to collect events.

Pack Contributors:

DUDA Olivier

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Classifiers

Name	Description
Vectra Detect	Classifies Vectra Detect incidents.
Vectra Detect - Incoming Mapper	Maps incoming Vectra Detect incidents fields.

Incident Fields

Name	Description
Vectra Threat Score
Vectra Certainty Score

Incident Types

Name	Description
Vectra Host
Vectra Account
Vectra Detection

Integrations

Name	Description
Vectra Detect (Partner Contribution)	This integration allows to create incidents based on Vectra Accounts/Hosts/Detections objects.

Classifiers

Name	Description
Vectra Detect	Classifies Vectra Detect incidents.
Vectra Detect - Incoming Mapper	Maps incoming Vectra Detect incidents fields.

Incident Fields

Name	Description
Vectra Threat Score
Vectra Certainty Score

Incident Types

Name	Description
Vectra Account
Vectra Detection
Vectra Host

Integrations

Name	Description
Vectra AI Event Collector (Partner Contribution)	Collects Vectra Detections and Audits into XSIAM Events.
Vectra Detect (Partner Contribution)	This integration allows to create incidents based on Vectra Accounts/Hosts/Detections objects.

Modeling Rules

Name	Description
Vectra AI Event Collector Modeling Rule

Pack Name	Pack By
Base	By: Cortex XSOAR

Pack Name	Pack By
Common Types	By: Cortex XSOAR

Pack Name	Pack By
Base	By: Cortex XSOAR

1.2.12 - 765039 (January 16, 2024)

Integrations

Vectra Detect

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32212

Download

1.2.11 - 733853 (January 2, 2024)

Integrations

Vectra Detect

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31878

Download

1.2.10 - 6679159 (October 23, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 30084

Download

1.2.9 - 6574459 (October 11, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 30125

Download

1.2.8 - R6303396 (September 12, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 29241

Download

1.2.7 - 5925411 (August 1, 2023)

Integrations

Vectra Detect

Updated the Docker image to: demisto/python3:3.10.12.66339.

Related pull requests:
- 28643

Download

1.2.6 - R5866730 (July 25, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 27751

Download

1.2.5 - R5692327 (July 5, 2023)

Integrations

Vectra Detect

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27779
- 27751

Download

1.2.4 - 5401502 (May 30, 2023)

Integrations

Vectra Detect

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 27049

Download

1.2.3 - 5277943 (May 16, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 26512

Download

1.2.2 - 5265019 (May 14, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 24824

Download

1.2.1 - R5170573 (May 2, 2023)

Integrations

Vectra Detect

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24981

Download

1.2.0 - R4718798 (March 1, 2023)

Integrations

Vectra Detect

Updated the Docker image to: demisto/python3:3.10.8.37233.
Integration is no more in Beta Added 4 commands to handle Vectra Assignments:
- vectra-search-assignments
- vectra-assignment-describe
- vectra-assignment-assign
- vectra-assignment-resolve
  Added 3 commands to handle Vectra Assignment Outcomes:
- vectra-search-outcomes
- vectra-outcome-describe
- vectra-outcome-create
  Added 2 commands to search upon Vectra Users:
- vectra-search-users
- vectra-user-describe

Related pull requests:
- 22102
- 21679

Download

1.1.0 - R3917401 (October 26, 2022)

Incident Fields

Vectra Certainty Score
Note: This the field to now available on any used Incident Types (Vectra or "Common Types" ones).
Vectra Threat Score
Note: This the field to now available on any used Incident Types (Vectra or "Common Types" ones).

Integrations

Vectra Detect (Beta)

Updated the Docker image to: demisto/python3:3.10.7.33922.
Added support for Vectra Account entity, allowing you to create incidents and/or interact with Vectra Account entities.
Added the accounts_fetch_query integration param.
Added support for a new entity type choice: Accounts under the Entity types to fetch setting.
Added 4 commands:
- vectra-search-accounts
- vectra-account-describe
- vectra-account-add-tags
- vectra-account-del-tags
Improved implementation of Detection commands output: fixed "Description" field abd added "DestinationIPs" and "DestinationPorts" fields.
Note: Updated default value for Hosts fetch query from host.threat:>=50 AND host.certainty:>50 to host.threat:>=50 to be aligned with Vectra guidelines.

Related pull requests:
- 21324
- 21240

Download

PUBLISHER

Vectra TME Integrations

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	August 24, 2022
Last Release	January 16, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.