Vectra AI Commands
Comprehensive Vectra AI platform commands and workflows for network detection and response (NDR).
| Command |
Description |
curl -H "Authorization: Token <token>" <endpoint> |
API authentication |
vectra-cli auth login |
Login to Vectra platform |
vectra-cli auth logout |
Logout from platform |
vectra-cli auth status |
Check authentication status |
export VECTRA_TOKEN=<token> |
Set environment token |
export VECTRA_URL=<url> |
Set platform URL |
Detection Management
| Command |
Description |
GET /api/v3.3/detections |
List all detections |
GET /api/v3.3/detections/{id} |
Get detection details |
PATCH /api/v3.3/detections/{id} |
Update detection |
DELETE /api/v3.3/detections/{id} |
Delete detection |
GET /api/v3.3/detections?state=active |
Filter active detections |
GET /api/v3.3/detections?certainty=high |
Filter by certainty |
Host Management
| Command |
Description |
GET /api/v3.3/hosts |
List all hosts |
GET /api/v3.3/hosts/{id} |
Get host details |
PATCH /api/v3.3/hosts/{id} |
Update host information |
GET /api/v3.3/hosts?threat_score_gte=50 |
Filter by threat score |
GET /api/v3.3/hosts?certainty_score_gte=80 |
Filter by certainty score |
Account Management
| Command |
Description |
GET /api/v3.3/accounts |
List all accounts |
GET /api/v3.3/accounts/{id} |
Get account details |
PATCH /api/v3.3/accounts/{id} |
Update account |
GET /api/v3.3/accounts?privilege_level=admin |
Filter by privilege level |
GET /api/v3.3/accounts?threat_score_gte=50 |
Filter by threat score |
Campaign Management
| Command |
Description |
GET /api/v3.3/campaigns |
List all campaigns |
GET /api/v3.3/campaigns/{id} |
Get campaign details |
PATCH /api/v3.3/campaigns/{id} |
Update campaign |
GET /api/v3.3/campaigns?state=active |
Filter active campaigns |
Assignment Management
| Command |
Description |
GET /api/v3.3/assignments |
List assignments |
POST /api/v3.3/assignments |
Create assignment |
GET /api/v3.3/assignments/{id} |
Get assignment details |
PATCH /api/v3.3/assignments/{id} |
Update assignment |
DELETE /api/v3.3/assignments/{id} |
Delete assignment |
Threat Intelligence
| Command |
Description |
GET /api/v3.3/threat_feeds |
List threat feeds |
POST /api/v3.3/threat_feeds |
Create threat feed |
GET /api/v3.3/threat_feeds/{id} |
Get threat feed details |
PATCH /api/v3.3/threat_feeds/{id} |
Update threat feed |
DELETE /api/v3.3/threat_feeds/{id} |
Delete threat feed |
Search and Filtering
| Command |
Description |
GET /api/v3.3/search/detections |
Search detections |
GET /api/v3.3/search/hosts |
Search hosts |
GET /api/v3.3/search/accounts |
Search accounts |
GET /api/v3.3/detections?ordering=-threat_score |
Order by threat score |
GET /api/v3.3/detections?page_size=100 |
Set page size |
MCP Server Integration
| Command |
Description |
vectra-mcp install |
Install Vectra MCP server |
vectra-mcp configure |
Configure MCP server |
vectra-mcp start |
Start MCP server |
vectra-mcp stop |
Stop MCP server |
vectra-mcp status |
Check MCP server status |
AI Assistant Commands
| Command |
Description |
vectra-mcp claude connect |
Connect to Claude Desktop |
vectra-mcp cursor connect |
Connect to Cursor IDE |
vectra-mcp chat enable |
Enable chat interface |
vectra-mcp investigate <query> |
AI-assisted investigation |
vectra-mcp visualize <data> |
Generate visualizations |
Incident Investigation
| Command |
Description |
vectra-cli investigate --host <host-id> |
Investigate host |
vectra-cli investigate --detection <detection-id> |
Investigate detection |
vectra-cli timeline --host <host-id> |
Generate host timeline |
vectra-cli timeline --account <account-id> |
Generate account timeline |
vectra-cli correlate --detection <detection-id> |
Correlate detections |
Response Actions
| Command |
Description |
vectra-cli response block --host <host-id> |
Block host |
vectra-cli response isolate --host <host-id> |
Isolate host |
vectra-cli response quarantine --account <account-id> |
Quarantine account |
vectra-cli response whitelist --host <host-id> |
Whitelist host |
vectra-cli response unblock --host <host-id> |
Unblock host |
Reporting and Analytics
| Command |
Description |
GET /api/v3.3/reports |
List available reports |
POST /api/v3.3/reports |
Generate report |
GET /api/v3.3/reports/{id} |
Get report details |
GET /api/v3.3/analytics/summary |
Get analytics summary |
GET /api/v3.3/analytics/trends |
Get trend analysis |
Configuration Management
| Command |
Description |
GET /api/v3.3/settings |
Get platform settings |
PATCH /api/v3.3/settings |
Update settings |
GET /api/v3.3/sensors |
List sensors |
GET /api/v3.3/sensors/{id} |
Get sensor details |
PATCH /api/v3.3/sensors/{id} |
Update sensor configuration |
User and Role Management
| Command |
Description |
GET /api/v3.3/users |
List users |
POST /api/v3.3/users |
Create user |
GET /api/v3.3/users/{id} |
Get user details |
PATCH /api/v3.3/users/{id} |
Update user |
DELETE /api/v3.3/users/{id} |
Delete user |
Alert Management
| Command |
Description |
GET /api/v3.3/alerts |
List alerts |
POST /api/v3.3/alerts |
Create alert rule |
GET /api/v3.3/alerts/{id} |
Get alert details |
PATCH /api/v3.3/alerts/{id} |
Update alert rule |
DELETE /api/v3.3/alerts/{id} |
Delete alert rule |
Integration Management
| Command |
Description |
GET /api/v3.3/integrations |
List integrations |
POST /api/v3.3/integrations |
Create integration |
GET /api/v3.3/integrations/{id} |
Get integration details |
PATCH /api/v3.3/integrations/{id} |
Update integration |
DELETE /api/v3.3/integrations/{id} |
Delete integration |
Data Export
| Command |
Description |
vectra-cli export detections --format json |
Export detections |
vectra-cli export hosts --format csv |
Export hosts |
vectra-cli export accounts --format json |
Export accounts |
vectra-cli export --start-date 2025-01-01 |
Export with date filter |
vectra-cli export --threat-score-min 50 |
Export with score filter |
Monitoring and Health
| Command |
Description |
GET /api/v3.3/health |
Check platform health |
GET /api/v3.3/system/status |
Get system status |
GET /api/v3.3/sensors/health |
Check sensor health |
GET /api/v3.3/system/metrics |
Get system metrics |
GET /api/v3.3/system/logs |
Get system logs |
Advanced Queries
| Command |
Description |
GET /api/v3.3/detections?detection_type=command_and_control |
Filter by detection type |
GET /api/v3.3/detections?src_ip=192.168.1.100 |
Filter by source IP |
GET /api/v3.3/detections?dst_port=443 |
Filter by destination port |
GET /api/v3.3/hosts?last_detection_timestamp_gte=2025-01-01 |
Filter by timestamp |
Bulk Operations
| Command |
Description |
vectra-cli bulk assign --detections <file> |
Bulk assign detections |
vectra-cli bulk update --hosts <file> |
Bulk update hosts |
vectra-cli bulk export --query <query> |
Bulk export with query |
vectra-cli bulk remediate --actions <file> |
Bulk remediation actions |
Automation and Scripting
| Command |
Description |
vectra-cli script run --file <script> |
Run automation script |
vectra-cli script validate --file <script> |
Validate script |
vectra-cli workflow create --name <name> |
Create workflow |
vectra-cli workflow run --id <workflow-id> |
Run workflow |
| Command |
Description |
vectra-cli optimize --cache-size 1GB |
Set cache size |
vectra-cli optimize --parallel 10 |
Set parallel processing |
vectra-cli optimize --timeout 300 |
Set timeout |
vectra-cli cache clear |
Clear cache |
vectra-cli cache status |
Check cache status |
Debugging and Troubleshooting
| Command |
Description |
vectra-cli debug --log-level debug |
Enable debug logging |
vectra-cli debug connectivity |
Test connectivity |
vectra-cli debug api --endpoint <endpoint> |
Test API endpoint |
vectra-cli debug permissions |
Check permissions |
vectra-cli logs --tail 100 |
View recent logs |
Environment Variables
| Variable |
Description |
VECTRA_TOKEN |
API authentication token |
VECTRA_URL |
Platform URL |
VECTRA_TIMEOUT |
Request timeout |
VECTRA_LOG_LEVEL |
Logging level |
VECTRA_CACHE_DIR |
Cache directory |
Configuration Files
| File |
Description |
vectra.config.json |
Main configuration file |
vectra-rules.yml |
Detection rules |
vectra-integrations.yml |
Integration settings |
.vectra-credentials |
Stored credentials |
Common Detection Types
| Type |
Description |
command_and_control |
C2 communication |
lateral_movement |
Lateral movement activity |
data_exfiltration |
Data exfiltration attempts |
reconnaissance |
Network reconnaissance |
privilege_escalation |
Privilege escalation |