About the connector
Vectra provides automated threat detection; thereby empowers threat hunting and exposes hidden attackers.
This document provides information about the Vectra connector, which facilitates automated interactions with Vectra using FortiSOAR™ playbooks. Add the Vectra connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving host details and reports from Vectra.
Version information
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
Installing the connector
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-vectra
For the detailed procedure to install a connector, click here
Prerequisites to configuring the connector
- You must have the URL of Vectra server to which you will connect and perform automated operations and credentials to access that server.
- To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
Configuring the connector
For the procedure to configure a connector, click here
Configuration parameters
In FortiSOAR™, on the connectors page, select the Vectra connector and click Configure to configure the following parameters:
| Parameter |
Description |
| Server URL |
Server URL of the Vectra server. |
| Port |
Port number used for connecting to the Vectra server. |
| Username |
Username to access the Vectra server. |
| Password |
Password to access the Vectra server. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
| Function |
Description |
Annotation and Category |
| Get Hosts |
Retrieves hosts details. |
get_hosts
Investigation |
| Get Detections |
Retrieves Vectra detections. |
get_detections
Investigation |
| Get Reports |
Retrieves all reports from Vectra. |
get_reports
Investigation |
| Get Rules |
Retrieves Vectra rules. |
get_rules
Investigation |
| Get Sensors |
Retrieves Vectra sensors. |
get_sensors
Investigation |
operation: Get Hosts
Input parameters
| Parameter |
Description |
| Name |
Retrieves hosts details by name. |
| Fields |
Retrieves hosts details by field. |
| State |
Retrieves hosts details by state. |
| Last Source |
Retrieves hosts details by source. |
| T-Score |
Retrieves hosts details by T-Score. |
| T-Score GTE |
Retrieves hosts details by T-Score GTE. |
| C-Score |
Retrieves hosts details by C-Score. |
| C-Score GTE |
Retrieves hosts details by C-Score GTE. |
| Last Timestamp |
Retrieves hosts details by timestamp. |
| Tags |
Retrieves hosts details by tag. |
| Key Asset |
Retrieves hosts details by key asset. |
| Ordering |
Sort results by provided order. |
| Page |
Retrieves results from this page. |
| Page Size |
Number of results that we want to retrieve. |
Output
The output contains a non-dictionary value.
operation: Get Detections
Input parameters
| Parameter |
Description |
| Name |
Retrieves hosts details by name. |
| Fields |
Retrieves hosts details by field. |
| State |
Retrieves hosts details by state. |
| Last Source |
Retrieves hosts details by source. |
| T-Score |
Retrieves hosts details by T-Score. |
| T-Score GTE |
Retrieves hosts details by T-Score GTE. |
| C-Score |
Retrieves hosts details by C-Score. |
| C-Score GTE |
Retrieves hosts details by C-Score GTE. |
| Last Timestamp |
Retrieves hosts details by timestamp. |
| Tags |
Retrieves hosts details by tag. |
| Key Asset |
Retrieves hosts details by key asset. |
| Ordering |
Sort result by provided order. |
| Filter Parameters |
Retrieves detection by provided parameters. parameters are below: fields, page, page_size, ordering, min_id, max_id, state, type_vname, category, source, t_score, t_score_gte, c_score, c_score_gte, last_timestamp, host_id, tags, destination, proto, dst_port, inbound_ip, inbound_proto, inbound_port, inbound_dns, outbound_ip, outbound_proto, outbound_port, outbound_dns, dns_ip, dns_request, resp_code, resp.
Note: If you have included a parameter in the Filter Parameter field, then only this parameter definition is considered; and any previous definitions of the same parameter will be ignored. |
| Page |
Retrieves result from this page. |
| Page Size |
Number of results that you want to retrieve. |
Output
The output contains a non-dictionary value.
operation: Get Reports
Input parameters
None.
Output
The output contains a non-dictionary value.
operation: Get Rules
Input parameters
None.
Output
The output contains a non-dictionary value.
operation: Get Sensors
Input parameters
None.
Output
The output contains a non-dictionary value.
Included playbooks
The Sample - Vectra - 1.0.0 playbook collection comes bundled with the Vectra connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Vectra connector.
- Get Hosts
- Get Detections
- Get Reports
- Get Rules
- Get Sensors
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
