Document toolboxDocument toolbox

Vectra 365 collector

Overview

Vectra REST API is available for administrators and developers to integrate Vectra’s breach detection data into their applications. Vectra RESTful API provides access to security event data, platform configuration, and health information via URI paths.

Devo collector features

Feature

Details

Feature

Details

Allow parallel downloading (multipod)

not allowed

Running environments

  • collector server

  • on-premise

Data sources

Data source

Description

Devo table

Data source

Description

Devo table

Detections

Detection objects contain all the information related to security events detected in the environment

ndr.vectra.platform.detection

For more information on how the events are parsed, visit our page.

Flattening preprocessing

Data source

Collector service

Optional

Flattening details

Data source

Collector service

Optional

Flattening details

Source

Service

  • yes

  • no

Flattening steps

Vendor setup

API Clients

Getting access to the Vectra Platform API is done through the creation of an API Client. Creation of an API Client will provide a set of OAuth 2.0 credentials that will be used to gain authorization to the Vectra Platform API. Please note that management of API Clients is restricted to Detect users with the role Super Admin. To create an API client, log in to your Detect portal and navigate to Manage → API Clients.

a66b962d-133b-4a1c-8dbc-a07198b920cd.png

Creating a new API Client

From the API Clients page, select Add API Client to create a new client.

image-20240425-195648.png

Creating a new API Client has one required parameter:

  • Role – the role maps the API Client to a set of permissions, similar to the way a Detect UI user
    would be assigned a role. The role must be the following:

    • Read-Only

Creating a new API Client has two optional parameters:

  • Name – a user-friendly name to identify the client (up to 256 characters)

  • Description – a brief description to aid in identifying the client (up to 2048 characters)

Once you have entered the API Client information, select Generate Credentials to get your client credentials.

Be sure to record your Client ID and Secret Key for safekeeping. You will need these two credentials to authenticate as an API Client in the Vectra Platform API.

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

Change log

Release

Released on

Release type

Details

Recommendations

Release

Released on

Release type

Details

Recommendations

v1.0.0

Apr 24, 2024

NEW FEATURE



New features:

  • Used DCSDK v1.11.1

  • Created services:

    • detection

  • Created modules:

    • initializer

    • requester

    • paginator

    • processing

    • puller

    • puller_setup

  • Tests with 93% coverage

-