Vectra Cognito Detect Splunk SOAR

Vectra AI is the leader in AI-driven threat detection and response for hybrid and multi-cloud enterprises. Organizations worldwide rely on Vectra to stay ahead of modern cyber-attacks. The Vectra AI App enables the security operations team to consume Vectra's Quadrant User Experience signal and take appropriate action whether automated, semi-automated, or manual, using Splunk SOAR

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using supplied configuration
• describe detection: Get all the details of a detection
• describe entity: Get all the details of an entity
• mark detection: Mark detection as fixed
• unmark detection: Unmark detection as fixed
• list entity detections: List all active detections present in an entity
• mark entity detections: Mark entity detections as fixed
• download pcap: Download PCAP of a detection
• add note: Add note to a specific entity/detection
• update note: Update note of a specific entity
• remove note: Remove note of a specific entity
• add tags: Add tags to an entity/detection
• remove tags: Remove tags from an entity
• add assignment: Add assignment for an entity
• update assignment: Update assignment for an entity
• resolve assignment: Resolves assignment of an entity
• on poll: Ingest entities from Vectra using Vectra API