Vectra XDR Splunk SOAR

Vectra AI is the leader in AI-driven threat detection and response for hybrid and multi-cloud enterprises. Organizations worldwide rely on Vectra to stay ahead of modern cyber-attacks. The Vectra AI App enables the security operations team to consume the industry's richest threat signals spanning public cloud, SaaS, identity and data center networks and take appropriate action whether automated, semi-automated, or manual, using Splunk SOAR

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using supplied configuration
• describe detection: Describes detection
• mark detection: Mark detection as fixed
• unmark detection: Unmark detection as fixed
• mark entity detections: Mark entity detections as fixed
• describe entity: Get all the details of an entity
• add assignment: Add assignment to the entity
• update assignment: Updates assignment of an entity
• resolve assignment: Resolves assignment of an entity
• add tags: Add tags to the entity
• remove tags: Remove tags from an entity
• add note: Add note to the entity
• update note: Update the note of an entity
• remove note: Remove the note from an entity
• list entity detections: List all active detections present in an entity
• download pcap: Download PCAP of a detection
• on poll: Ingest entities from Vectra using Vectra API