Vectra XDR for Microsoft Sentinel
Solution: Vectra XDR
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Vectra Support |
| Support Tier | Partner |
| Support Link | https://www.vectra.ai/support |
| Categories | domains |
| Version | 3.3.0 |
| Author | TME - tme@vetcra.ai |
| First Published | 2023-07-04 |
| Last Updated | 2024-08-01 |
| Solution Folder | Vectra XDR |
| Marketplace | Azure Marketplace · Popularity: ⚪ Very Low (0%) |
Vectra AI is the leader in AI-driven threat detection and response for hybrid and multi-cloud enterprises. Vectra AI's cloud-native platform - powered by our patented Attack Signal Intelligence- provide security teams with unified threat visibility, context and control across public cloud, SaaS, identity and data center networks in a prioritized feed. Vectra AI-driven Attack Signal IntelligenceTM, empowers SOC analysts to rapidly prioritize, investigate and respond to the most urgent cyber-attacks in their hybrid cloud environment. Organizations worldwide rely on Vectra AI's cloud-native platform and MDR services to see and stop attacks from becoming breaches. The Vectra AI App enables the security operations team to consume the industry's richest threat signals spanning public cloud, SaaS, identity and data center networks inside of Microsoft Sentinel. For more information, visit www.vectra.ai.
The Vectra XDR App for Microsoft Sentinel contains: Data Connector to ingest events generated by Vectra XDR (through OMS agent). Workbook: Dynamic dashboard view of Entities, Detections, Lockdown, Audit and, Health
Contents
Data Connectors
This solution provides 1 data connector(s):
Tables Used
This solution uses 6 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
Audits_Data_CL |
Vectra XDR | Workbooks |
Detections_Data_CL |
Vectra XDR | Analytics, Workbooks |
Entities_Data_CL |
Vectra XDR | Analytics |
Entity_Scoring_Data_CL |
Vectra XDR | Workbooks |
Health_Data_CL |
Vectra XDR | Workbooks |
Lockdown_Data_CL |
Vectra XDR | Workbooks |
Internal Tables
The following 3 table(s) are used internally by this solution's content items:
| Table | Used By Connectors | Used By Content |
|---|---|---|
AlertEvidence |
- | Analytics |
SecurityAlert |
- | Playbooks |
SecurityIncident |
- | Playbooks |
Content Items
This solution includes 33 content item(s):
| Content Type | Count |
|---|---|
| Playbooks | 20 |
| Analytic Rules | 7 |
| Parsers | 5 |
| Workbooks | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Defender Alert Evidence | High | Persistence | Internal use:AlertEvidence |
| Vectra Create Detection Alert for Accounts | Medium | Persistence | Detections_Data_CL |
| Vectra Create Detection Alert for Hosts | Medium | Persistence | Detections_Data_CL |
| Vectra Create Incident Based on Priority for Accounts | Medium | Persistence | Entities_Data_CL |
| Vectra Create Incident Based on Priority for Hosts | Medium | Persistence | Entities_Data_CL |
| Vectra Create Incident Based on Tag for Accounts | High | Persistence | Entities_Data_CL |
| Vectra Create Incident Based on Tag for Hosts | High | Persistence | Entities_Data_CL |
Workbooks
| Name | Tables Used |
|---|---|
| VectraXDR | Audits_Data_CLDetections_Data_CLEntity_Scoring_Data_CLHealth_Data_CLLockdown_Data_CL |
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| Vectra Add Note To Entity | This playbook extracts notes from incident comments and adds them to Vectra Entity if comment added ... | - |
| Vectra Add Tag To Entity | This playbook extracts tags from incident comments and adds them to the entity if comment found with... | - |
| Vectra Add Tag To Entity All Detections | This playbook enables user to add tags to all detections associated with a Vectra Entity. Tags can b... | - |
| Vectra Add Tag To Entity Selected Detections | This playbook enables users to add tags to selected detections associated with an entity. Users can ... | - |
| Vectra Assign Dynamic User To Entity | This playbook will assign a user selected by user from teams adpative card to an entity in Vectra wh... | - |
| Vectra Assign Static User To Entity | This playbook will assign a predefined user to an entity in Vectra when the status of an incident ch... | - |
| Vectra Close Detections | This playbook enables user to close detections associated with a Vectra Entity with reason as Remedi... | - |
| Vectra Decorate Incident Based On Tag | This playbook will add pre-defined or user customizable comment to an incident generated based on ta... | - |
| Vectra Decorate Incident Based On Tags And Notify | This playbook will add pre-defined or user customizable comment to an incident generated based on ta... | - |
| Vectra Download Pcap File To Storage | This playbook enables user to download pcap file of any detections associated with a Vectra Entity t... | - |
| Vectra Dynamic Assign Member To Group | This playbook allows users to filter the group list by providing a group type and a description. Fro... | - |
| Vectra Dynamic Resolve Assignment | When an incident is closed, This playbook will prompt the operator to select an outcome from a prede... | - |
| Vectra Generate Access Token | This playbook will generate access token and refresh token for another playbooks. | - |
| Vectra Incident Timeline Update | This playbook will update the incident timeline by keeping most recent alerts and adding most recent... | Internal use:SecurityAlert (read)SecurityIncident (read) |
| Vectra Mark Detections As Fixed | This playbook will mark active detection as fixed associated with an entity based on choice of user ... | - |
| Vectra Open Closed Detections | This playbook enables user to close opened detections associated with a Vectra Entity. User can add ... | - |
| Vectra Operate On Entity Source IP | This Playbook will extract the ip from entities associated with an incident on which playbook is tri... | - |
| Vectra Static Assign Member To Group | This playbook will take input of group id and members from user via MS teams and assign members to t... | - |
| Vectra Static Resolve Assignment | This playbook resolves the assignment for an entity in Vectra and adds a note for the assignment whe... | - |
| Vectra Update Incident Based on Tag And Notify | This playbook runs hourly to identify entities with Medium severity incidents, checks for user-defin... | - |
Parsers
| Name | Description | Tables Used |
|---|---|---|
| VectraAudits | - | Audits_Data_CL (read) |
| VectraDetections | - | Detections_Data_CL (read) |
| VectraEntityScoring | - | Entity_Scoring_Data_CL (read) |
| VectraHealth | - | Health_Data_CL (read) |
| VectraLockdown | - | Lockdown_Data_CL (read) |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.3.0 | 29-10-2025 | Added Playbooks, Vectra API version update and Log ingestion API support |
| 3.2.0 | 01-08-2024 | Added Playbooks, Analytic rules and updated Data Connector and Workbook |
| 3.1.1 | 03-04-2024 | Repackaged for parser issue fix on reinstall |
| 3.1.0 | 04-01-2024 | Included Parser files in yaml format |
| 3.0.2 | 04-10-2023 | Enhanced Data Connector logic to post data into Sentinel |
| 3.0.1 | 21-08-2023 | Workbook metadata issue resolved |
| 3.0.0 | 03-08-2023 | Initial Solution Release |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊