Skip to main content

Vectra AI

Download With Dependencies

This content pack allows to create incidents based on Vectra Accounts/Hosts/Detections objects.

Vectra® is the leading AI-driven threat detection and response platform for the enterprise.
Only Vectra optimizes AI to detect advanced attacker behaviors across hybrid and multi-cloud environments.
The resulting high-fidelity signal and rich context enables security teams to prioritize, investigate and respond to threats in real-time.
Learn more at Vectra Website.

This pack is designed to quickly integrate with Vectra Detect platform to detect and analyze malicious attacks in progress by creating incident based on Accounts, Hosts or Detections. It gives security engineers visibility into advanced threats to speed detection and remediation response times.

What does this pack do?

  • Mirrors incidents between Cortex XSOAR incidents and Vectra Detect Accounts, Hosts and Detections alerts.
  • Enriches incidents
  • Download detection PCAP
  • Push tags to Vectra Detect platform
  • Create/Update/Resolve Vectra assignments

Before you start

Make sure you have the following content packs:

  • Base
  • Common Scripts
  • Common Types

Pack configuration

To get up and running with this pack, you must have a valid API token on your Vectra Detect instance.

It can be retrieved from the Vectra UI > My Profile > General (tab) > API Token.
Be sure that the user has a role with sufficient permissions to do all the actions.

Pack Contributors:

  • DUDA Olivier

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.


Vectra TME Integrations


Cortex XSOARCortex XSIAM


CertificationRead more
Supported ByPartner
CreatedAugust 24, 2022
Last ReleaseNovember 14, 2022

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.