Vectra AI Stream for Microsoft Sentinel

Solution: Vectra AI Stream

Vectra AI Stream Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Vectra AI
Support Tier	Partner
Support Link	https://www.vectra.ai/support
Categories	domains
Version	3.0.1
Author	Vectra TME Team - tme@vetcra.ai
First Published	2021-10-18
Last Updated	2024-05-02
Solution Folder	Vectra AI Stream
Marketplace	Azure Marketplace · Popularity: ⚪ Very Low (0%)

Note: Please refer to the following before installing the solution:

• There may be known issues pertaining to this Solution, please refer to them before installing.

The Vectra AI Stream solution allows you to easily connect your Vectra Platform with Microsoft Sentinel, to ingest network metadata collected at scale throughout your environment by Vectra sensors (On-premise or Cloud). This gives you deep insight into your organization's network traffic and improves your security operation capabilities. For a complete list of protocols and attributes supported, check out our Network Metadata reference guide

** Vectra AI Stream (Network Enriched Metadata) via AMA - This data connector helps ingest Vectra AI Stream events into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent here. Microsoft recommends using this Data Connector**.
** Vectra AI Stream (Network Enriched Metadata) via Legacy Agent** - This data connector helps ingest Vectra AI Stream events into your Log Analytics Workspace using the legacy Log Analytics agent.

NOTE: Microsoft recommends installation of ** Vectra AI Stream (Network Enriched Metadata) via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31, 2024, and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost more details.

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 2 data connector(s):

🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Tables Used

This solution uses 18 table(s):

Table	Used By Connectors	Used By Content
`VectraStream_CL` 🔶	AI Vectra Stream via Legacy Agent	-
`vectra_beacon_CL`	[Recommended] Vectra AI Stream via AMA	-
`vectra_dcerpc_CL`	[Recommended] Vectra AI Stream via AMA	-
`vectra_dhcp_CL`	[Recommended] Vectra AI Stream via AMA	-
`vectra_dns_CL`	[Recommended] Vectra AI Stream via AMA	-
`vectra_http_CL`	[Recommended] Vectra AI Stream via AMA	-
`vectra_isession_CL`	[Recommended] Vectra AI Stream via AMA	-
`vectra_kerberos_CL`	[Recommended] Vectra AI Stream via AMA	-
`vectra_ldap_CL`	[Recommended] Vectra AI Stream via AMA	-
`vectra_ntlm_CL`	[Recommended] Vectra AI Stream via AMA	-
`vectra_radius_CL`	[Recommended] Vectra AI Stream via AMA	-
`vectra_rdp_CL`	[Recommended] Vectra AI Stream via AMA	-
`vectra_smbfiles_CL`	[Recommended] Vectra AI Stream via AMA	-
`vectra_smbmapping_CL`	[Recommended] Vectra AI Stream via AMA	-
`vectra_smtp_CL`	[Recommended] Vectra AI Stream via AMA	-
`vectra_ssh_CL`	[Recommended] Vectra AI Stream via AMA	-
`vectra_ssl_CL`	[Recommended] Vectra AI Stream via AMA	-
`vectra_x509_CL`	[Recommended] Vectra AI Stream via AMA	-

🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Content Items

This solution includes 20 content item(s):

Content Type	Count
Parsers	20

Parsers

Name	Description	Tables Used
VectraStream_function	-	`VectraStream_CL` (read)
vectra_beacon	-	`vectra_beacon_CL` (read)
vectra_dcerpc	-	`vectra_dcerpc_CL` (read)
vectra_dhcp	-	`vectra_dhcp_CL` (read)
vectra_dns	-	`vectra_dns_CL` (read)
vectra_http	-	`vectra_http_CL` (read)
vectra_isession	-	`vectra_isession_CL` (read)
vectra_kerberos	-	`vectra_kerberos_CL` (read)
vectra_ldap	-	`vectra_ldap_CL` (read)
vectra_match	-	`vectra_match_CL` (read)
vectra_ntlm	-	`vectra_ntlm_CL` (read)
vectra_radius	-	`vectra_radius_CL` (read)
vectra_rdp	-	`vectra_rdp_CL` (read)
vectra_smbfiles	-	`vectra_smbfiles_CL` (read)
vectra_smbmapping	-	`vectra_smbmapping_CL` (read)
vectra_smtp	-	`vectra_smtp_CL` (read)
vectra_ssh	-	`vectra_ssh_CL` (read)
vectra_ssl	-	`vectra_ssl_CL` (read)
vectra_stream	-	-
vectra_x509	-	`vectra_x509_CL` (read)

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.1	19-11-2024	Added new Parser vectra_match to the Solution Update the solution to support a new metadata type: match (suricata)
3.0.0	10-07-2024	Added new AMA Data Connector Removed deprecated content Hunting Queries And Workbooks Added new Parsers to the Solution