For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/integrations/vectra.md. A documentation index is available at /llms.txt.

Vectra

Integration version1.0.0

To find out if this integration is available in your organization, see your Datadog Integrations page or ask your organization administrator.

To initiate an exception request to enable this integration for your organization, email [email protected].

Vectra Overview
Vectra Overview
Vectra Detection Insights
Vectra Detection Insights
Vectra Entity Score Change Insights
Vectra Entity Score Change Insights
Vectra Audit Insights
Vectra Audit Insights

Overview

Vectra provides a platform for detecting, investigating, and responding to advanced threats across hybrid environments.

This integration ingests the following logs:

  • Detections: Detections provide detailed information about security events detected within the Vectra platform, with events generated upon the initial detection and each subsequent update.
  • Entity Scoring Events: Entity Scoring Events provide detailed information on changes to an entity’s score, which occur upon initial threat detection, the discovery of additional detections, and updates to any previously discovered detections.
  • Audit Events: Audit Events provide detailed information on user actions performed within the system.

Integrate Vectra with Datadog to gain insights into detections, entity scoring events and audit events using pre-built dashboard visualizations. Datadog uses its built-in log pipelines to parse and enrich these logs, facilitating easy search and detailed insights. Additionally, the integration can be used with Cloud SIEM detection rules for enhanced monitoring and security.

Setup

Obtaining Client Credentials

  1. Log in to Vectra Platform and navigate to Configuration > Access > API Clients.
  2. Click Add API Client and configure the following parameters:
    • Client Name: A user-friendly name to identify the client
    • Role: Choose Auditor
  3. Click Generate Credentials and copy the Client ID and Secret Key for later use.
  4. Identify your Sub Domain by checking the hostname suffix of your Vectra Platform URL. For example, if <example>.portal.vectra.ai is your platform URL, then example is your Sub Domain.

Connect your Vectra Account to Datadog

  1. Add your Sub Domain, Client ID and Secret Key.
    ParametersDescription
    Sub DomainThe Sub Domain from Vectra Platform URL
    Client IDThe Client ID of your Vectra Platform
    Secret KeyThe Secret Key of your Vectra Platform
    Get DetectionsControls the collection of Detections from Vectra.
    Enabled by default.
    Get Entity Scoring EventsControls the collection of Entity Scoring Events from Vectra.
    Enabled by default.
    Get Audit EventsControls the collection of Audit Events from Vectra.
    Enabled by default.
  2. Click Save.

Data Collected

Logs

Vectra collects and forwards detections, entity scoring events, and audit events to Datadog.

Metrics

Vectra does not include any metrics.

Events

Vectra does not include any events.

Troubleshooting

Need help? Contact Datadog support.