Vectra Detect for Microsoft Sentinel
Solution: Vectra AI Detect
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Vectra AI |
| Support Tier | Partner |
| Support Link | https://www.vectra.ai/support |
| Categories | domains |
| Version | 3.0.2 |
| Author | Vectra AI |
| First Published | 2022-05-24 |
| Last Updated | 2023-04-17 |
| Solution Folder | Vectra AI Detect |
| Marketplace | Azure Marketplace · Popularity: 🟡 Low (25%) |
| Pre-requisites | Common Event Format |
The Vectra AI Detect solution for Microsoft Sentinel enables you to ingest Vectra AI logs into Microsoft Sentinel, using the Common Event Format (CEF) for Security Monitoring.
This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.
NOTE: Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on Aug 31, 2024.
Contents
Pre-requisites
This solution depends on 1 other solution(s):
| Solution |
|---|
| Common Event Format |
Data Connectors
This solution has 2 discovered data connector(s)⚠️ (not in Solution definition):
Connectors from dependency solutions:
- Common Event Format (CEF) (dependency on Common Event Format)
- Common Event Format (CEF) via AMA (dependency on Common Event Format)
🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.
Tables Used
This solution uses 1 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
CommonSecurityLog |
Common Event Format (CEF) (dependency), Common Event Format (CEF) via AMA (dependency), [Deprecated] Vectra AI Detect via AMA, [Deprecated] Vectra AI Detect via Legacy Agent | Analytics, Workbooks |
Content Items
This solution includes 8 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 7 |
| Workbooks | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Vectra AI Detect - Detections with High Severity | High | CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact | CommonSecurityLog |
| Vectra AI Detect - New Campaign Detected | Medium | LateralMovement, CommandAndControl | CommonSecurityLog |
| Vectra AI Detect - Suspected Compromised Account | Informational | CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact | CommonSecurityLog |
| Vectra AI Detect - Suspected Compromised Host | Informational | CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact | CommonSecurityLog |
| Vectra AI Detect - Suspicious Behaviors by Category | Informational | CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact | CommonSecurityLog |
| Vectra Account's Behaviors | Informational | CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact | CommonSecurityLog |
| Vectra Host's Behaviors | Informational | CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact | CommonSecurityLog |
Workbooks
| Name | Tables Used |
|---|---|
| AIVectraDetectWorkbook | CommonSecurityLog |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.2 | 02-12-2024 | Removed Deprecated Data Connectors |
| 3.0.1 | 27-06-2024 | Deprecating Data Connectors |
| 3.0.0 | 16-02-2024 | Addition of new Vectra AI Detect AMA Data Connector |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊