Aller au contenu

Vectra AI Commands

Comprehensive Vectra AI platform commands and workflows for network detection and response (NDR).

Platform API Authentication

Command	Description
`curl -H "Authorization: Token <token>" <endpoint>`	API authentication
`vectra-cli auth login`	Login to Vectra platform
`vectra-cli auth logout`	Logout from platform
`vectra-cli auth status`	Check authentication status
`export VECTRA_TOKEN=<token>`	Set environment token
`export VECTRA_URL=<url>`	Set platform URL

Detection Management

Command	Description
`GET /api/v3.3/detections`	List all detections
`GET /api/v3.3/detections/{id}`	Get detection details
`PATCH /api/v3.3/detections/{id}`	Update detection
`DELETE /api/v3.3/detections/{id}`	Delete detection
`GET /api/v3.3/detections?state=active`	Filter active detections
`GET /api/v3.3/detections?certainty=high`	Filter by certainty

Host Management

Command	Description
`GET /api/v3.3/hosts`	List all hosts
`GET /api/v3.3/hosts/{id}`	Get host details
`PATCH /api/v3.3/hosts/{id}`	Update host information
`GET /api/v3.3/hosts?threat_score_gte=50`	Filter by threat score
`GET /api/v3.3/hosts?certainty_score_gte=80`	Filter by certainty score

Account Management

Command	Description
`GET /api/v3.3/accounts`	List all accounts
`GET /api/v3.3/accounts/{id}`	Get account details
`PATCH /api/v3.3/accounts/{id}`	Update account
`GET /api/v3.3/accounts?privilege_level=admin`	Filter by privilege level
`GET /api/v3.3/accounts?threat_score_gte=50`	Filter by threat score

Campaign Management

Command	Description
`GET /api/v3.3/campaigns`	List all campaigns
`GET /api/v3.3/campaigns/{id}`	Get campaign details
`PATCH /api/v3.3/campaigns/{id}`	Update campaign
`GET /api/v3.3/campaigns?state=active`	Filter active campaigns

Assignment Management

Command	Description
`GET /api/v3.3/assignments`	List assignments
`POST /api/v3.3/assignments`	Create assignment
`GET /api/v3.3/assignments/{id}`	Get assignment details
`PATCH /api/v3.3/assignments/{id}`	Update assignment
`DELETE /api/v3.3/assignments/{id}`	Delete assignment

Threat Intelligence

Command	Description
`GET /api/v3.3/threat_feeds`	List threat feeds
`POST /api/v3.3/threat_feeds`	Create threat feed
`GET /api/v3.3/threat_feeds/{id}`	Get threat feed details
`PATCH /api/v3.3/threat_feeds/{id}`	Update threat feed
`DELETE /api/v3.3/threat_feeds/{id}`	Delete threat feed

Search and Filtering

Command	Description
`GET /api/v3.3/search/detections`	Search detections
`GET /api/v3.3/search/hosts`	Search hosts
`GET /api/v3.3/search/accounts`	Search accounts
`GET /api/v3.3/detections?ordering=-threat_score`	Order by threat score
`GET /api/v3.3/detections?page_size=100`	Set page size

MCP Server Integration

Command	Description
`vectra-mcp install`	Install Vectra MCP server
`vectra-mcp configure`	Configure MCP server
`vectra-mcp start`	Start MCP server
`vectra-mcp stop`	Stop MCP server
`vectra-mcp status`	Check MCP server status

AI Assistant Commands

Command	Description
`vectra-mcp claude connect`	Connect to Claude Desktop
`vectra-mcp cursor connect`	Connect to Cursor IDE
`vectra-mcp chat enable`	Enable chat interface
`vectra-mcp investigate <query>`	AI-assisted investigation
`vectra-mcp visualize <data>`	Generate visualizations

Incident Investigation

Command	Description
`vectra-cli investigate --host <host-id>`	Investigate host
`vectra-cli investigate --detection <detection-id>`	Investigate detection
`vectra-cli timeline --host <host-id>`	Generate host timeline
`vectra-cli timeline --account <account-id>`	Generate account timeline
`vectra-cli correlate --detection <detection-id>`	Correlate detections

Response Actions

Command	Description
`vectra-cli response block --host <host-id>`	Block host
`vectra-cli response isolate --host <host-id>`	Isolate host
`vectra-cli response quarantine --account <account-id>`	Quarantine account
`vectra-cli response whitelist --host <host-id>`	Whitelist host
`vectra-cli response unblock --host <host-id>`	Unblock host

Reporting and Analytics

Command	Description
`GET /api/v3.3/reports`	List available reports
`POST /api/v3.3/reports`	Generate report
`GET /api/v3.3/reports/{id}`	Get report details
`GET /api/v3.3/analytics/summary`	Get analytics summary
`GET /api/v3.3/analytics/trends`	Get trend analysis

Configuration Management

Command	Description
`GET /api/v3.3/settings`	Get platform settings
`PATCH /api/v3.3/settings`	Update settings
`GET /api/v3.3/sensors`	List sensors
`GET /api/v3.3/sensors/{id}`	Get sensor details
`PATCH /api/v3.3/sensors/{id}`	Update sensor configuration

User and Role Management

Command	Description
`GET /api/v3.3/users`	List users
`POST /api/v3.3/users`	Create user
`GET /api/v3.3/users/{id}`	Get user details
`PATCH /api/v3.3/users/{id}`	Update user
`DELETE /api/v3.3/users/{id}`	Delete user

Alert Management

Command	Description
`GET /api/v3.3/alerts`	List alerts
`POST /api/v3.3/alerts`	Create alert rule
`GET /api/v3.3/alerts/{id}`	Get alert details
`PATCH /api/v3.3/alerts/{id}`	Update alert rule
`DELETE /api/v3.3/alerts/{id}`	Delete alert rule

Integration Management

Command	Description
`GET /api/v3.3/integrations`	List integrations
`POST /api/v3.3/integrations`	Create integration
`GET /api/v3.3/integrations/{id}`	Get integration details
`PATCH /api/v3.3/integrations/{id}`	Update integration
`DELETE /api/v3.3/integrations/{id}`	Delete integration

Data Export

Command	Description
`vectra-cli export detections --format json`	Export detections
`vectra-cli export hosts --format csv`	Export hosts
`vectra-cli export accounts --format json`	Export accounts
`vectra-cli export --start-date 2025-01-01`	Export with date filter
`vectra-cli export --threat-score-min 50`	Export with score filter

Monitoring and Health

Command	Description
`GET /api/v3.3/health`	Check platform health
`GET /api/v3.3/system/status`	Get system status
`GET /api/v3.3/sensors/health`	Check sensor health
`GET /api/v3.3/system/metrics`	Get system metrics
`GET /api/v3.3/system/logs`	Get system logs

Advanced Queries

Command	Description
`GET /api/v3.3/detections?detection_type=command_and_control`	Filter by detection type
`GET /api/v3.3/detections?src_ip=192.168.1.100`	Filter by source IP
`GET /api/v3.3/detections?dst_port=443`	Filter by destination port
`GET /api/v3.3/hosts?last_detection_timestamp_gte=2025-01-01`	Filter by timestamp

Bulk Operations

Command	Description
`vectra-cli bulk assign --detections <file>`	Bulk assign detections
`vectra-cli bulk update --hosts <file>`	Bulk update hosts
`vectra-cli bulk export --query <query>`	Bulk export with query
`vectra-cli bulk remediate --actions <file>`	Bulk remediation actions

Automation and Scripting

Command	Description
`vectra-cli script run --file <script>`	Run automation script
`vectra-cli script validate --file <script>`	Validate script
`vectra-cli workflow create --name <name>`	Create workflow
`vectra-cli workflow run --id <workflow-id>`	Run workflow

Performance Optimization

Command	Description
`vectra-cli optimize --cache-size 1GB`	Set cache size
`vectra-cli optimize --parallel 10`	Set parallel processing
`vectra-cli optimize --timeout 300`	Set timeout
`vectra-cli cache clear`	Clear cache
`vectra-cli cache status`	Check cache status

Debugging and Troubleshooting

Command	Description
`vectra-cli debug --log-level debug`	Enable debug logging
`vectra-cli debug connectivity`	Test connectivity
`vectra-cli debug api --endpoint <endpoint>`	Test API endpoint
`vectra-cli debug permissions`	Check permissions
`vectra-cli logs --tail 100`	View recent logs

Environment Variables

Variable	Description
`VECTRA_TOKEN`	API authentication token
`VECTRA_URL`	Platform URL
`VECTRA_TIMEOUT`	Request timeout
`VECTRA_LOG_LEVEL`	Logging level
`VECTRA_CACHE_DIR`	Cache directory

Configuration Files

File	Description
`vectra.config.json`	Main configuration file
`vectra-rules.yml`	Detection rules
`vectra-integrations.yml`	Integration settings
`.vectra-credentials`	Stored credentials

Common Detection Types

Type	Description
`command_and_control`	C2 communication
`lateral_movement`	Lateral movement activity
`data_exfiltration`	Data exfiltration attempts
`reconnaissance`	Network reconnaissance
`privilege_escalation`	Privilege escalation