Vectra 365 collector

Overview

Vectra REST API is available for administrators and developers to integrate Vectra’s breach detection data into their applications. Vectra RESTful API provides access to security event data, platform configuration, and health information via URI paths.

Devo collector features

Data sources

For more information on how the events are parsed, visit our page.

Flattening preprocessing

Vendor setup

API Clients

Getting access to the Vectra Platform API is done through the creation of an API Client. Creation of an API Client will provide a set of OAuth 2.0 credentials that will be used to gain authorization to the Vectra Platform API. Please note that management of API Clients is restricted to Detect users with the role Super Admin. To create an API client, log in to your Detect portal and navigate to Manage → API Clients.

Open

Creating a new API Client

From the API Clients page, select Add API Client to create a new client.

Open

Creating a new API Client has one required parameter:

• Role – the role maps the API Client to a set of permissions, similar to the way a Detect UI user
  would be assigned a role. The role must be the following:

  • Read-Only

Creating a new API Client has two optional parameters:

• Name – a user-friendly name to identify the client (up to 256 characters)

• Description – a brief description to aid in identifying the client (up to 2048 characters)

Once you have entered the API Client information, select Generate Credentials to get your client credentials.

Be sure to record your Client ID and Secret Key for safekeeping. You will need these two credentials to authenticate as an API Client in the Vectra Platform API.

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

Change log