Vectra is the leader in Security AI-driven hybrid cloud threat detection and response. The Vectra platform and MDR services provide attack coverage across public cloud, SaaS, identity, and network infrastructure. Unlike traditional threat detection approaches that simply alert on what is “different”, Vectra’s Attack Signal Intelligence™ detects and correlates attacker behaviors - the TTPs at the heart of all attacks. The resulting alert signal clarity enables security operations teams to rapidly prioritize, investigate and respond to the most urgent cyber-attacks and stop them from becoming breaches. Organizations worldwide rely on the Vectra platform and MDR services to get ahead and stay ahead of attackers. For more information, visit www.vectra.ai
The main features of the integration include:
- Ability to create Security Incidents from Accounts and Hosts.
- Automatically creates Security Incidents in ServiceNow based on the specified criteria.
- Fetch detections based on Accounts and Hosts.
- Ability to download a PCAP file attached to a detection.
- Ability to mark the detection/s as fixed from ServiceNow to Vectra Detect.
- Manage tags of host, account and detections from ServiceNow to Vectra Detect.
- Ability to enrich the observables based on IP(s).
Provided support for Utah, Vancouver and Washington DC version.
Dependencies should be installed.
Security Incident Response - 12.9.5
Threat Intelligence - 13.1.1
For integration with Onprem Vectra Detect, the Mid Server Application needs to be set up.
Vectra Detect Version Compatibility : Vectra Detect AI Version 2.2