Vectra provides automated threat detection; thereby empowers threat hunting and exposes hidden attackers.
This document provides information about the Vectra connector, which facilitates automated interactions with Vectra using FortiSOAR™ playbooks. Add the Vectra connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving host details and reports from Vectra.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-vectra
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here
In FortiSOAR™, on the connectors page, select the Vectra connector and click Configure to configure the following parameters:
| Parameter | Description |
|---|---|
| Server URL | Server URL of the Vectra server. |
| Port | Port number used for connecting to the Vectra server. |
| Username | Username to access the Vectra server. |
| Password | Password to access the Vectra server. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Hosts | Retrieves hosts details. | get_hosts Investigation |
| Get Detections | Retrieves Vectra detections. | get_detections Investigation |
| Get Reports | Retrieves all reports from Vectra. | get_reports Investigation |
| Get Rules | Retrieves Vectra rules. | get_rules Investigation |
| Get Sensors | Retrieves Vectra sensors. | get_sensors Investigation |
| Parameter | Description |
|---|---|
| Name | Retrieves hosts details by name. |
| Fields | Retrieves hosts details by field. |
| State | Retrieves hosts details by state. |
| Last Source | Retrieves hosts details by source. |
| T-Score | Retrieves hosts details by T-Score. |
| T-Score GTE | Retrieves hosts details by T-Score GTE. |
| C-Score | Retrieves hosts details by C-Score. |
| C-Score GTE | Retrieves hosts details by C-Score GTE. |
| Last Timestamp | Retrieves hosts details by timestamp. |
| Tags | Retrieves hosts details by tag. |
| Key Asset | Retrieves hosts details by key asset. |
| Ordering | Sort results by provided order. |
| Page | Retrieves results from this page. |
| Page Size | Number of results that we want to retrieve. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Name | Retrieves hosts details by name. |
| Fields | Retrieves hosts details by field. |
| State | Retrieves hosts details by state. |
| Last Source | Retrieves hosts details by source. |
| T-Score | Retrieves hosts details by T-Score. |
| T-Score GTE | Retrieves hosts details by T-Score GTE. |
| C-Score | Retrieves hosts details by C-Score. |
| C-Score GTE | Retrieves hosts details by C-Score GTE. |
| Last Timestamp | Retrieves hosts details by timestamp. |
| Tags | Retrieves hosts details by tag. |
| Key Asset | Retrieves hosts details by key asset. |
| Ordering | Sort result by provided order. |
| Filter Parameters | Retrieves detection by provided parameters. parameters are below: fields, page, page_size, ordering, min_id, max_id, state, type_vname, category, source, t_score, t_score_gte, c_score, c_score_gte, last_timestamp, host_id, tags, destination, proto, dst_port, inbound_ip, inbound_proto, inbound_port, inbound_dns, outbound_ip, outbound_proto, outbound_port, outbound_dns, dns_ip, dns_request, resp_code, resp. Note: If you have included a parameter in the Filter Parameter field, then only this parameter definition is considered; and any previous definitions of the same parameter will be ignored. |
| Page | Retrieves result from this page. |
| Page Size | Number of results that you want to retrieve. |
The output contains a non-dictionary value.
None.
The output contains a non-dictionary value.
None.
The output contains a non-dictionary value.
None.
The output contains a non-dictionary value.
The Sample - Vectra - 1.0.0 playbook collection comes bundled with the Vectra connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Vectra connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Vectra provides automated threat detection; thereby empowers threat hunting and exposes hidden attackers.
This document provides information about the Vectra connector, which facilitates automated interactions with Vectra using FortiSOAR™ playbooks. Add the Vectra connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving host details and reports from Vectra.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-vectra
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here
In FortiSOAR™, on the connectors page, select the Vectra connector and click Configure to configure the following parameters:
| Parameter | Description |
|---|---|
| Server URL | Server URL of the Vectra server. |
| Port | Port number used for connecting to the Vectra server. |
| Username | Username to access the Vectra server. |
| Password | Password to access the Vectra server. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Hosts | Retrieves hosts details. | get_hosts Investigation |
| Get Detections | Retrieves Vectra detections. | get_detections Investigation |
| Get Reports | Retrieves all reports from Vectra. | get_reports Investigation |
| Get Rules | Retrieves Vectra rules. | get_rules Investigation |
| Get Sensors | Retrieves Vectra sensors. | get_sensors Investigation |
| Parameter | Description |
|---|---|
| Name | Retrieves hosts details by name. |
| Fields | Retrieves hosts details by field. |
| State | Retrieves hosts details by state. |
| Last Source | Retrieves hosts details by source. |
| T-Score | Retrieves hosts details by T-Score. |
| T-Score GTE | Retrieves hosts details by T-Score GTE. |
| C-Score | Retrieves hosts details by C-Score. |
| C-Score GTE | Retrieves hosts details by C-Score GTE. |
| Last Timestamp | Retrieves hosts details by timestamp. |
| Tags | Retrieves hosts details by tag. |
| Key Asset | Retrieves hosts details by key asset. |
| Ordering | Sort results by provided order. |
| Page | Retrieves results from this page. |
| Page Size | Number of results that we want to retrieve. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Name | Retrieves hosts details by name. |
| Fields | Retrieves hosts details by field. |
| State | Retrieves hosts details by state. |
| Last Source | Retrieves hosts details by source. |
| T-Score | Retrieves hosts details by T-Score. |
| T-Score GTE | Retrieves hosts details by T-Score GTE. |
| C-Score | Retrieves hosts details by C-Score. |
| C-Score GTE | Retrieves hosts details by C-Score GTE. |
| Last Timestamp | Retrieves hosts details by timestamp. |
| Tags | Retrieves hosts details by tag. |
| Key Asset | Retrieves hosts details by key asset. |
| Ordering | Sort result by provided order. |
| Filter Parameters | Retrieves detection by provided parameters. parameters are below: fields, page, page_size, ordering, min_id, max_id, state, type_vname, category, source, t_score, t_score_gte, c_score, c_score_gte, last_timestamp, host_id, tags, destination, proto, dst_port, inbound_ip, inbound_proto, inbound_port, inbound_dns, outbound_ip, outbound_proto, outbound_port, outbound_dns, dns_ip, dns_request, resp_code, resp. Note: If you have included a parameter in the Filter Parameter field, then only this parameter definition is considered; and any previous definitions of the same parameter will be ignored. |
| Page | Retrieves result from this page. |
| Page Size | Number of results that you want to retrieve. |
The output contains a non-dictionary value.
None.
The output contains a non-dictionary value.
None.
The output contains a non-dictionary value.
None.
The output contains a non-dictionary value.
The Sample - Vectra - 1.0.0 playbook collection comes bundled with the Vectra connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Vectra connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
