Vectra Detect
App Vendor: Vectra Detect
App Category: Network Security
Connector Version: 1.0.0
API Version: v2.2
About App
Vectra Detect uses the 2.2 version of the APIs to enable users to uncover hidden attackers in hybrid networks, providing rapid detection and mitigation of unknown attacks. It offers comprehensive capabilities, including fast attack detection, network visibility without decryption, account privilege focus, and empowering conclusive investigations through metadata search capabilities.
The Vectra Detect app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Add Detection Notes | This action creates detection notes in the Vectra Detect. |
Generic Action | This is a generic action that transcends the actions implemented by making a request to any endpoint. |
Get Detection Details | This action retrieves a detection in the Vectra Detect. |
Get Pcap From Detection | This action retrieves pcap from detection in the Vectra Detect. |
List All Detections | This action lists all detections in the Vectra Detect. |
Mark Detection as Fixed | This action marks detection as fixed in the Vectra Detect. |
Configuration Parameters
The following configuration parameters are required for the Vectra Detect app to communicate with the Vectra Detect enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL of the Vectra Detect server. | Text | Required |
|
API Key | Enter the API key of the Vectra Detect server. | Password | Required |
|
Verify | Select the SSL/TLS certification status. | Boolean | Optional | Default value: true |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Vectra Detect. | Integer | Optional | Available range: 15-120 seconds. Default value: 15 seconds |
Action: Add Detection Notes
This action creates detection notes in the Vectra Detect
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Note | Enter the note to be created in the detection. Example: 'this is a test note' | Text | Required |
|
Detection ID | Enter the detection ID to create the detection notes. | Text | Required |
|
Action: Generic Action
This is a generic action used to transcend the actions implemented by making a request to any endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make a request. | Text | Required | Allowed values: GET POST PUT PATCH DELETE |
Endpoint | Enter the endpoint to make the request. Example: /api/vulnerabilities/{cve_id}/affected-projects | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional |
Action: Get Detection Details
This action retrieves detection details in the Vectra Detect.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Detection ID | Enter the detection ID to get the detection details. | Text | Required |
Action: Get PCAP From Detection
This action retrieves PCAP from detection in the Vectra Detect.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Detection ID | Enter the detection ID to get PCAP from detection. | Text | Required |
|
Action: List All Detections
This action lists all detections in the Vectra Detect.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Extra Params | Enter the extra parameters to pass to the API. | Key Value | Optional |
Action: Mark Detection as Fixed
This action marks detection as fixed in the Vectra Detect.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Detection IDs | Enter the detection IDs to mark them as fixed. | List | Required |
|
Mark as Fixed | Enter the mark as a fixed value. | Boolean | Required | Allowed values:
|