Skip to main content

Vectra AI

Download With Dependencies

This content pack allows to create incidents based on Vectra Accounts/Hosts/Detections objects.

Vectra® is the leading AI-driven threat detection and response platform for the enterprise.
Only Vectra optimizes AI to detect advanced attacker behaviors across hybrid and multi-cloud environments.
The resulting high-fidelity signal and rich context enables security teams to prioritize, investigate and respond to threats in real-time.
Learn more at Vectra Website.

This pack is designed to quickly integrate with Vectra Detect platform to detect and analyze malicious attacks in progress by creating incident based on Accounts, Hosts or Detections. It gives security engineers visibility into advanced threats to speed detection and remediation response times.

What does this pack do?

  • Mirrors incidents between Cortex XSOAR incidents and Vectra Detect Accounts, Hosts and Detections alerts.
  • Enriches incidents
  • Download detection PCAP
  • Push tags to Vectra Detect platform
  • Create/Update/Resolve Vectra assignments
  • Create XSIAM Events from Detections and Audits

Configuration on Server Side

To get up and running with this pack, you must have a valid API token on your Vectra AI instance. In your Vectra AI instance:

  1. Navigate to My Profile.
  2. Click the General tab.
  3. Create an API Token.

Be sure that the user has a role with sufficient permissions to do all the actions.

Collect Events from Vendor


The integration uses the 2.2 API version of detections and audits endpoints to collect events.

Pack Contributors:

  • DUDA Olivier

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.


Vectra TME Integrations


Cortex XSOARCortex XSIAM


CertificationRead more
Supported ByPartner
CreatedAugust 24, 2022
Last ReleaseOctober 23, 2023

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.