Vectra AI Commands
Comprehensive Vectra AI platform commands and workflows for network detection and response (NDR).
| Command |
Description |
curl -H "Authorization: Token <token>" <endpoint> |
API authentication |
vectra-cli auth login |
Login to Vectra platform |
vectra-cli auth logout |
Logout from platform |
vectra-cli auth status |
Check authentication status |
export VECTRA_TOKEN=<token> |
Set environment token |
export VECTRA_URL=<url> |
Set platform URL |
| ## Detection Management |
|
| Command |
Description |
GET /api/v3.3/detections |
List all detections |
GET /api/v3.3/detections/{id} |
Get detection details |
PATCH /api/v3.3/detections/{id} |
Update detection |
DELETE /api/v3.3/detections/{id} |
Delete detection |
GET /api/v3.3/detections?state=active |
Filter active detections |
GET /api/v3.3/detections?certainty=high |
Filter by certainty |
| ## Host Management |
|
| Command |
Description |
GET /api/v3.3/hosts |
List all hosts |
GET /api/v3.3/hosts/{id} |
Get host details |
PATCH /api/v3.3/hosts/{id} |
Update host information |
GET /api/v3.3/hosts?threat_score_gte=50 |
Filter by threat score |
GET /api/v3.3/hosts?certainty_score_gte=80 |
Filter by certainty score |
| ## Account Management |
|
| Command |
Description |
GET /api/v3.3/accounts |
List all accounts |
GET /api/v3.3/accounts/{id} |
Get account details |
PATCH /api/v3.3/accounts/{id} |
Update account |
GET /api/v3.3/accounts?privilege_level=admin |
Filter by privilege level |
GET /api/v3.3/accounts?threat_score_gte=50 |
Filter by threat score |
| ## Campaign Management |
|
| Command |
Description |
GET /api/v3.3/campaigns |
List all campaigns |
GET /api/v3.3/campaigns/{id} |
Get campaign details |
PATCH /api/v3.3/campaigns/{id} |
Update campaign |
GET /api/v3.3/campaigns?state=active |
Filter active campaigns |
| ## Assignment Management |
|
| Command |
Description |
GET /api/v3.3/assignments |
List assignments |
POST /api/v3.3/assignments |
Create assignment |
GET /api/v3.3/assignments/{id} |
Get assignment details |
PATCH /api/v3.3/assignments/{id} |
Update assignment |
DELETE /api/v3.3/assignments/{id} |
Delete assignment |
| ## Threat Intelligence |
|
| Command |
Description |
GET /api/v3.3/threat_feeds |
List threat feeds |
POST /api/v3.3/threat_feeds |
Create threat feed |
GET /api/v3.3/threat_feeds/{id} |
Get threat feed details |
PATCH /api/v3.3/threat_feeds/{id} |
Update threat feed |
DELETE /api/v3.3/threat_feeds/{id} |
Delete threat feed |
| ## Search and Filtering |
|
| Command |
Description |
GET /api/v3.3/search/detections |
Search detections |
GET /api/v3.3/search/hosts |
Search hosts |
GET /api/v3.3/search/accounts |
Search accounts |
GET /api/v3.3/detections?ordering=-threat_score |
Order by threat score |
GET /api/v3.3/detections?page_size=100 |
Set page size |
| ## MCP Server Integration |
|
| Command |
Description |
vectra-mcp install |
Install Vectra MCP server |
vectra-mcp configure |
Configure MCP server |
vectra-mcp start |
Start MCP server |
vectra-mcp stop |
Stop MCP server |
vectra-mcp status |
Check MCP server status |
| ## AI Assistant Commands |
|
| Command |
Description |
vectra-mcp claude connect |
Connect to Claude Desktop |
vectra-mcp cursor connect |
Connect to Cursor IDE |
vectra-mcp chat enable |
Enable chat interface |
vectra-mcp investigate <query> |
AI-assisted investigation |
vectra-mcp visualize <data> |
Generate visualizations |
| ## Incident Investigation |
|
| Command |
Description |
vectra-cli investigate --host <host-id> |
Investigate host |
vectra-cli investigate --detection <detection-id> |
Investigate detection |
vectra-cli timeline --host <host-id> |
Generate host timeline |
vectra-cli timeline --account <account-id> |
Generate account timeline |
vectra-cli correlate --detection <detection-id> |
Correlate detections |
| ## Response Actions |
|
| Command |
Description |
vectra-cli response block --host <host-id> |
Block host |
vectra-cli response isolate --host <host-id> |
Isolate host |
vectra-cli response quarantine --account <account-id> |
Account di quarantena |
vectra-cli response whitelist --host <host-id> |
Host whitelist |
vectra-cli response unblock --host <host-id> |
Sblocca host |
| ## Reporting and Analytics |
|
| Comando |
Descrizione |
GET /api/v3.3/reports |
Elenca report disponibili |
POST /api/v3.3/reports |
Genera report |
GET /api/v3.3/reports/{id} |
Ottieni dettagli report |
GET /api/v3.3/analytics/summary |
Ottieni riepilogo analytics |
GET /api/v3.3/analytics/trends |
Ottieni analisi delle tendenze |
| ## Configuration Management |
|
| Comando |
Descrizione |
GET /api/v3.3/settings |
Ottieni impostazioni piattaforma |
PATCH /api/v3.3/settings |
Aggiorna impostazioni |
GET /api/v3.3/sensors |
Elenco sensori |
GET /api/v3.3/sensors/{id} |
Ottieni dettagli sensore |
PATCH /api/v3.3/sensors/{id} |
Aggiorna configurazione sensore |
| ## User and Role Management |
|
| Comando |
Descrizione |
GET /api/v3.3/users |
Elenca utenti |
POST /api/v3.3/users |
Crea utente |
GET /api/v3.3/users/{id} |
Ottieni dettagli utente |
PATCH /api/v3.3/users/{id} |
Aggiorna utente |
DELETE /api/v3.3/users/{id} |
Elimina utente |
| ## Alert Management |
|
| Comando |
Descrizione |
GET /api/v3.3/alerts |
Elenco avvisi |
POST /api/v3.3/alerts |
Crea regola di avviso |
GET /api/v3.3/alerts/{id} |
Ottieni dettagli alert |
PATCH /api/v3.3/alerts/{id} |
Aggiorna regola di avviso |
DELETE /api/v3.3/alerts/{id} |
Elimina regola di avviso |
| ## Integration Management |
|
| Comando |
Descrizione |
GET /api/v3.3/integrations |
Elenco integrazioni |
POST /api/v3.3/integrations |
Creare integrazione |
GET /api/v3.3/integrations/{id} |
Ottieni dettagli di integrazione |
PATCH /api/v3.3/integrations/{id} |
Aggiornamento integrazione |
DELETE /api/v3.3/integrations/{id} |
Elimina integrazione |
| ## Data Export |
|
| Comando |
Descrizione |
vectra-cli export detections --format json |
Esporta rilevamenti |
vectra-cli export hosts --format csv |
Esporta host |
vectra-cli export accounts --format json |
Esporta account |
vectra-cli export --start-date 2025-01-01 |
Esporta con filtro data |
vectra-cli export --threat-score-min 50 |
Esporta con filtro del punteggio |
| ## Monitoring and Health |
|
| Comando |
Descrizione |
GET /api/v3.3/health |
Controlla l'integrità della piattaforma |
GET /api/v3.3/system/status |
Ottieni stato del sistema |
GET /api/v3.3/sensors/health |
Controlla lo stato di salute del sensore |
GET /api/v3.3/system/metrics |
Ottieni metriche di sistema |
GET /api/v3.3/system/logs |
Ottieni log di sistema |
| ## Advanced Queries |
|
| Comando |
Descrizione |
GET /api/v3.3/detections?detection_type=command_and_control |
Filtra per tipo di rilevamento |
GET /api/v3.3/detections?src_ip=192.168.1.100 |
Filtra per IP sorgente |
GET /api/v3.3/detections?dst_port=443 |
Filtra per porta di destinazione |
GET /api/v3.3/hosts?last_detection_timestamp_gte=2025-01-01 |
Filtra per timestamp |
| ## Bulk Operations |
|
| Comando |
Descrizione |
vectra-cli bulk assign --detections <file> |
Assegnazione bulk delle rilevazioni |
vectra-cli bulk update --hosts <file> |
Aggiornamento bulk degli host |
vectra-cli bulk export --query <query> |
Esportazione in blocco con query |
vectra-cli bulk remediate --actions <file> |
Azioni di bonifica in massa |
| ## Automation and Scripting |
|
| Comando |
Descrizione |
vectra-cli script run --file <script> |
Esegui script di automazione |
vectra-cli script validate --file <script> |
Convalidare script |
vectra-cli workflow create --name <name> |
Crea workflow |
vectra-cli workflow run --id <workflow-id> |
Esegui workflow |
| ## Performance Optimization |
|
| Comando |
Descrizione |
vectra-cli optimize --cache-size 1GB |
Imposta dimensione cache |
vectra-cli optimize --parallel 10 |
Imposta elaborazione parallela |
vectra-cli optimize --timeout 300 |
Imposta timeout |
vectra-cli cache clear |
Cancella cache |
vectra-cli cache status |
Controlla stato cache |
| ## Debugging and Troubleshooting |
|
| Comando |
Descrizione |
vectra-cli debug --log-level debug |
Abilita registrazione debug |
vectra-cli debug connectivity |
Verifica connettività |
vectra-cli debug api --endpoint <endpoint> |
Endpoint di test API |
vectra-cli debug permissions |
Controlla permessi |
vectra-cli logs --tail 100 |
Visualizza log recenti |
| ## Environment Variables |
|
| Variabile |
Descrizione |
VECTRA_TOKEN |
Token di autenticazione API |
VECTRA_URL |
URL della Piattaforma |
VECTRA_TIMEOUT |
Timeout della richiesta |
VECTRA_LOG_LEVEL |
Livello di logging |
VECTRA_CACHE_DIR |
Directory di cache |
| ## Configuration Files |
|
| File |
Descrizione |
vectra.config.json |
File di configurazione principale |
vectra-rules.yml |
Regole di rilevamento |
vectra-integrations.yml |
Impostazioni di integrazione |
.vectra-credentials |
Credenziali memorizzate |
| ## Common Detection Types |
|
| Tipo |
Descrizione |
command_and_control |
Comunicazione C2 |
lateral_movement |
Attività di movimento laterale |
data_exfiltration |
Tentativi di esfiltrazione di dati |
reconnaissance |
Ricognizione di rete |
privilege_escalation |
Escalation dei privilegi |