Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

Vectra provides automated threat detection; thereby empowers threat hunting and exposes hidden attackers.

This document provides information about the Vectra connector, which facilitates automated interactions with Vectra using FortiSOAR™ playbooks. Add the Vectra connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving host details and reports from Vectra.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-vectra

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

  • You must have the URL of Vectra server to which you will connect and perform automated operations and credentials to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the connectors page, select the Vectra connector and click Configure to configure the following parameters:

Parameter Description
Server URL Server URL of the Vectra server.
Port Port number used for connecting to the Vectra server.
Username Username to access the Vectra server.
Password Password to access the Vectra server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get Hosts Retrieves hosts details. get_hosts
Investigation
Get Detections Retrieves Vectra detections. get_detections
Investigation
Get Reports Retrieves all reports from Vectra. get_reports
Investigation
Get Rules Retrieves Vectra rules. get_rules
Investigation
Get Sensors Retrieves Vectra sensors. get_sensors
Investigation

operation: Get Hosts

Input parameters

Parameter Description
Name Retrieves hosts details by name.
Fields Retrieves hosts details by field.
State Retrieves hosts details by state.
Last Source Retrieves hosts details by source.
T-Score Retrieves hosts details by T-Score.
T-Score GTE Retrieves hosts details by T-Score GTE.
C-Score Retrieves hosts details by C-Score.
C-Score GTE Retrieves hosts details by C-Score GTE.
Last Timestamp Retrieves hosts details by timestamp.
Tags Retrieves hosts details by tag.
Key Asset Retrieves hosts details by key asset.
Ordering Sort results by provided order.
Page Retrieves results from this page.
Page Size Number of results that we want to retrieve.

Output

The output contains a non-dictionary value.

operation: Get Detections

Input parameters

Parameter Description
Name Retrieves hosts details by name.
Fields Retrieves hosts details by field.
State Retrieves hosts details by state.
Last Source Retrieves hosts details by source.
T-Score Retrieves hosts details by T-Score.
T-Score GTE Retrieves hosts details by T-Score GTE.
C-Score Retrieves hosts details by C-Score.
C-Score GTE Retrieves hosts details by C-Score GTE.
Last Timestamp Retrieves hosts details by timestamp.
Tags Retrieves hosts details by tag.
Key Asset Retrieves hosts details by key asset.
Ordering Sort result by provided order.
Filter Parameters Retrieves detection by provided parameters. parameters are below: fields, page, page_size, ordering, min_id, max_id, state, type_vname, category, source, t_score, t_score_gte, c_score, c_score_gte, last_timestamp, host_id, tags, destination, proto, dst_port, inbound_ip, inbound_proto, inbound_port, inbound_dns, outbound_ip, outbound_proto, outbound_port, outbound_dns, dns_ip, dns_request, resp_code, resp.
Note: If you have included a parameter in the Filter Parameter field, then only this parameter definition is considered; and any previous definitions of the same parameter will be ignored.
Page Retrieves result from this page.
Page Size Number of results that you want to retrieve.

Output

The output contains a non-dictionary value.

operation: Get Reports

Input parameters

None.

Output

The output contains a non-dictionary value.

operation: Get Rules

Input parameters

None.

Output

The output contains a non-dictionary value.

operation: Get Sensors

Input parameters

None.

Output

The output contains a non-dictionary value.

Included playbooks

The Sample - Vectra - 1.0.0 playbook collection comes bundled with the Vectra connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Vectra connector.

  • Get Hosts
  • Get Detections
  • Get Reports
  • Get Rules
  • Get Sensors

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

Vectra provides automated threat detection; thereby empowers threat hunting and exposes hidden attackers.

This document provides information about the Vectra connector, which facilitates automated interactions with Vectra using FortiSOAR™ playbooks. Add the Vectra connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving host details and reports from Vectra.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-vectra

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the connectors page, select the Vectra connector and click Configure to configure the following parameters:

Parameter Description
Server URL Server URL of the Vectra server.
Port Port number used for connecting to the Vectra server.
Username Username to access the Vectra server.
Password Password to access the Vectra server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get Hosts Retrieves hosts details. get_hosts
Investigation
Get Detections Retrieves Vectra detections. get_detections
Investigation
Get Reports Retrieves all reports from Vectra. get_reports
Investigation
Get Rules Retrieves Vectra rules. get_rules
Investigation
Get Sensors Retrieves Vectra sensors. get_sensors
Investigation

operation: Get Hosts

Input parameters

Parameter Description
Name Retrieves hosts details by name.
Fields Retrieves hosts details by field.
State Retrieves hosts details by state.
Last Source Retrieves hosts details by source.
T-Score Retrieves hosts details by T-Score.
T-Score GTE Retrieves hosts details by T-Score GTE.
C-Score Retrieves hosts details by C-Score.
C-Score GTE Retrieves hosts details by C-Score GTE.
Last Timestamp Retrieves hosts details by timestamp.
Tags Retrieves hosts details by tag.
Key Asset Retrieves hosts details by key asset.
Ordering Sort results by provided order.
Page Retrieves results from this page.
Page Size Number of results that we want to retrieve.

Output

The output contains a non-dictionary value.

operation: Get Detections

Input parameters

Parameter Description
Name Retrieves hosts details by name.
Fields Retrieves hosts details by field.
State Retrieves hosts details by state.
Last Source Retrieves hosts details by source.
T-Score Retrieves hosts details by T-Score.
T-Score GTE Retrieves hosts details by T-Score GTE.
C-Score Retrieves hosts details by C-Score.
C-Score GTE Retrieves hosts details by C-Score GTE.
Last Timestamp Retrieves hosts details by timestamp.
Tags Retrieves hosts details by tag.
Key Asset Retrieves hosts details by key asset.
Ordering Sort result by provided order.
Filter Parameters Retrieves detection by provided parameters. parameters are below: fields, page, page_size, ordering, min_id, max_id, state, type_vname, category, source, t_score, t_score_gte, c_score, c_score_gte, last_timestamp, host_id, tags, destination, proto, dst_port, inbound_ip, inbound_proto, inbound_port, inbound_dns, outbound_ip, outbound_proto, outbound_port, outbound_dns, dns_ip, dns_request, resp_code, resp.
Note: If you have included a parameter in the Filter Parameter field, then only this parameter definition is considered; and any previous definitions of the same parameter will be ignored.
Page Retrieves result from this page.
Page Size Number of results that you want to retrieve.

Output

The output contains a non-dictionary value.

operation: Get Reports

Input parameters

None.

Output

The output contains a non-dictionary value.

operation: Get Rules

Input parameters

None.

Output

The output contains a non-dictionary value.

operation: Get Sensors

Input parameters

None.

Output

The output contains a non-dictionary value.

Included playbooks

The Sample - Vectra - 1.0.0 playbook collection comes bundled with the Vectra connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Vectra connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.