...
Comprehensive threat detection: Detect uses a variety of techniques to detect threats, including machine learning, behavioral analysis, and anomaly detection.
Actionable insights: Detect provides actionable insights that can be used to investigate and respond to threats.
Integration with other security tools: Detect can be integrated with other security tools, such as firewalls and intrusion detection systems, to provide a comprehensive security solution.
Device Information
Entity | Particulars |
|---|---|
Vendor Name | Vectra (Previously Known as TraceVector) |
Product Name | Detect (Previously Known as Cognito Detect) |
Type of Device | Hosted |
Collection Method
Log Type | Ingestion label | Preferred Logging Protocol - Format | Log collection method |
|---|---|---|---|
Vectra Detect | VECTRA_DETECT | Syslog - JSON | CyberHub |
Port Requirements
Source | Destination | Port |
|---|---|---|
Vectra Detect | CyberHub | 601(TCP) |
Device Configuration
Log in to Vectra Brain/Detect UI.
Navigate to Settings → Notification → Syslog
Configure DESTINATION (Enter the IP address of LCP CyberHUB), PORT and PROTOCOL.
Select FORMAT as JSON.
Select ALL LOG TYPES.
Enable 'Include filtered Detections’, ‘Include detections in info category’, ‘Include host/account score decreases’ and ‘Include enhanced detail’.
Click Save to complete the configuration and click Test to verify Syslog configuration.
...
Parameters required from customer for Integration.
Property | Default Value | Description |
|---|---|---|
IP Address | Vectra Detect interface IP address | Hostname or IP address of the device which forwards logs to the CyberHub |