Vectra provides automated threat detection; thereby empowers threat hunting and exposes hidden attackers.
This document provides information about the Vectra connector, which facilitates automated interactions with Vectra using FortiSOAR™ playbooks. Add the Vectra connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving host details and reports from Vectra.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-vectra
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here
In FortiSOAR™, on the connectors page, select the Vectra connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | Server URL of the Vectra server. |
Port | Port number used for connecting to the Vectra server. |
Username | Username to access the Vectra server. |
Password | Password to access the Vectra server. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Hosts | Retrieves hosts details. | get_hosts Investigation |
Get Detections | Retrieves Vectra detections. | get_detections Investigation |
Get Reports | Retrieves all reports from Vectra. | get_reports Investigation |
Get Rules | Retrieves Vectra rules. | get_rules Investigation |
Get Sensors | Retrieves Vectra sensors. | get_sensors Investigation |
Parameter | Description |
---|---|
Name | Retrieves hosts details by name. |
Fields | Retrieves hosts details by field. |
State | Retrieves hosts details by state. |
Last Source | Retrieves hosts details by source. |
T-Score | Retrieves hosts details by T-Score. |
T-Score GTE | Retrieves hosts details by T-Score GTE. |
C-Score | Retrieves hosts details by C-Score. |
C-Score GTE | Retrieves hosts details by C-Score GTE. |
Last Timestamp | Retrieves hosts details by timestamp. |
Tags | Retrieves hosts details by tag. |
Key Asset | Retrieves hosts details by key asset. |
Ordering | Sort results by provided order. |
Page | Retrieves results from this page. |
Page Size | Number of results that we want to retrieve. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Name | Retrieves hosts details by name. |
Fields | Retrieves hosts details by field. |
State | Retrieves hosts details by state. |
Last Source | Retrieves hosts details by source. |
T-Score | Retrieves hosts details by T-Score. |
T-Score GTE | Retrieves hosts details by T-Score GTE. |
C-Score | Retrieves hosts details by C-Score. |
C-Score GTE | Retrieves hosts details by C-Score GTE. |
Last Timestamp | Retrieves hosts details by timestamp. |
Tags | Retrieves hosts details by tag. |
Key Asset | Retrieves hosts details by key asset. |
Ordering | Sort result by provided order. |
Filter Parameters | Retrieves detection by provided parameters. parameters are below: fields, page, page_size, ordering, min_id, max_id, state, type_vname, category, source, t_score, t_score_gte, c_score, c_score_gte, last_timestamp, host_id, tags, destination, proto, dst_port, inbound_ip, inbound_proto, inbound_port, inbound_dns, outbound_ip, outbound_proto, outbound_port, outbound_dns, dns_ip, dns_request, resp_code, resp. Note: If you have included a parameter in the Filter Parameter field, then only this parameter definition is considered; and any previous definitions of the same parameter will be ignored. |
Page | Retrieves result from this page. |
Page Size | Number of results that you want to retrieve. |
The output contains a non-dictionary value.
None.
The output contains a non-dictionary value.
None.
The output contains a non-dictionary value.
None.
The output contains a non-dictionary value.
The Sample - Vectra - 1.0.0
playbook collection comes bundled with the Vectra connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Vectra connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Vectra provides automated threat detection; thereby empowers threat hunting and exposes hidden attackers.
This document provides information about the Vectra connector, which facilitates automated interactions with Vectra using FortiSOAR™ playbooks. Add the Vectra connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving host details and reports from Vectra.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-vectra
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here
In FortiSOAR™, on the connectors page, select the Vectra connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | Server URL of the Vectra server. |
Port | Port number used for connecting to the Vectra server. |
Username | Username to access the Vectra server. |
Password | Password to access the Vectra server. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Hosts | Retrieves hosts details. | get_hosts Investigation |
Get Detections | Retrieves Vectra detections. | get_detections Investigation |
Get Reports | Retrieves all reports from Vectra. | get_reports Investigation |
Get Rules | Retrieves Vectra rules. | get_rules Investigation |
Get Sensors | Retrieves Vectra sensors. | get_sensors Investigation |
Parameter | Description |
---|---|
Name | Retrieves hosts details by name. |
Fields | Retrieves hosts details by field. |
State | Retrieves hosts details by state. |
Last Source | Retrieves hosts details by source. |
T-Score | Retrieves hosts details by T-Score. |
T-Score GTE | Retrieves hosts details by T-Score GTE. |
C-Score | Retrieves hosts details by C-Score. |
C-Score GTE | Retrieves hosts details by C-Score GTE. |
Last Timestamp | Retrieves hosts details by timestamp. |
Tags | Retrieves hosts details by tag. |
Key Asset | Retrieves hosts details by key asset. |
Ordering | Sort results by provided order. |
Page | Retrieves results from this page. |
Page Size | Number of results that we want to retrieve. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Name | Retrieves hosts details by name. |
Fields | Retrieves hosts details by field. |
State | Retrieves hosts details by state. |
Last Source | Retrieves hosts details by source. |
T-Score | Retrieves hosts details by T-Score. |
T-Score GTE | Retrieves hosts details by T-Score GTE. |
C-Score | Retrieves hosts details by C-Score. |
C-Score GTE | Retrieves hosts details by C-Score GTE. |
Last Timestamp | Retrieves hosts details by timestamp. |
Tags | Retrieves hosts details by tag. |
Key Asset | Retrieves hosts details by key asset. |
Ordering | Sort result by provided order. |
Filter Parameters | Retrieves detection by provided parameters. parameters are below: fields, page, page_size, ordering, min_id, max_id, state, type_vname, category, source, t_score, t_score_gte, c_score, c_score_gte, last_timestamp, host_id, tags, destination, proto, dst_port, inbound_ip, inbound_proto, inbound_port, inbound_dns, outbound_ip, outbound_proto, outbound_port, outbound_dns, dns_ip, dns_request, resp_code, resp. Note: If you have included a parameter in the Filter Parameter field, then only this parameter definition is considered; and any previous definitions of the same parameter will be ignored. |
Page | Retrieves result from this page. |
Page Size | Number of results that you want to retrieve. |
The output contains a non-dictionary value.
None.
The output contains a non-dictionary value.
None.
The output contains a non-dictionary value.
None.
The output contains a non-dictionary value.
The Sample - Vectra - 1.0.0
playbook collection comes bundled with the Vectra connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Vectra connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.