Comprehensive Vectra AI platform commands and workflows for network detection and response (NDR).
| Command | Description |
|---|
curl -H "Authorization: Token <token>" <endpoint> | API authentication |
vectra-cli auth login | Login to Vectra platform |
vectra-cli auth logout | Logout from platform |
vectra-cli auth status | Check authentication status |
export VECTRA_TOKEN=<token> | Set environment token |
export VECTRA_URL=<url> | Set platform URL |
Detection Management
| Command | Description |
|---|
GET /api/v3.3/detections | List all detections |
GET /api/v3.3/detections/{id} | Get detection details |
PATCH /api/v3.3/detections/{id} | Update detection |
DELETE /api/v3.3/detections/{id} | Delete detection |
GET /api/v3.3/detections?state=active | Filter active detections |
GET /api/v3.3/detections?certainty=high | Filter by certainty |
Host Management
| Command | Description |
|---|
GET /api/v3.3/hosts | List all hosts |
GET /api/v3.3/hosts/{id} | Get host details |
PATCH /api/v3.3/hosts/{id} | Update host information |
GET /api/v3.3/hosts?threat_score_gte=50 | Filter by threat score |
GET /api/v3.3/hosts?certainty_score_gte=80 | Filter by certainty score |
Account Management
| Command | Description |
|---|
GET /api/v3.3/accounts | List all accounts |
GET /api/v3.3/accounts/{id} | Get account details |
PATCH /api/v3.3/accounts/{id} | Update account |
GET /api/v3.3/accounts?privilege_level=admin | Filter by privilege level |
GET /api/v3.3/accounts?threat_score_gte=50 | Filter by threat score |
Campaign Management
| Command | Description |
|---|
GET /api/v3.3/campaigns | List all campaigns |
GET /api/v3.3/campaigns/{id} | Get campaign details |
PATCH /api/v3.3/campaigns/{id} | Update campaign |
GET /api/v3.3/campaigns?state=active | Filter active campaigns |
Assignment Management
| Command | Description |
|---|
GET /api/v3.3/assignments | List assignments |
POST /api/v3.3/assignments | Create assignment |
GET /api/v3.3/assignments/{id} | Get assignment details |
PATCH /api/v3.3/assignments/{id} | Update assignment |
DELETE /api/v3.3/assignments/{id} | Delete assignment |
Threat Intelligence
| Command | Description |
|---|
GET /api/v3.3/threat_feeds | List threat feeds |
POST /api/v3.3/threat_feeds | Create threat feed |
GET /api/v3.3/threat_feeds/{id} | Get threat feed details |
PATCH /api/v3.3/threat_feeds/{id} | Update threat feed |
DELETE /api/v3.3/threat_feeds/{id} | Delete threat feed |
Search and Filtering
| Command | Description |
|---|
GET /api/v3.3/search/detections | Search detections |
GET /api/v3.3/search/hosts | Search hosts |
GET /api/v3.3/search/accounts | Search accounts |
GET /api/v3.3/detections?ordering=-threat_score | Order by threat score |
GET /api/v3.3/detections?page_size=100 | Set page size |
MCP Server Integration
| Command | Description |
|---|
vectra-mcp install | Install Vectra MCP server |
vectra-mcp configure | Configure MCP server |
vectra-mcp start | Start MCP server |
vectra-mcp stop | Stop MCP server |
vectra-mcp status | Check MCP server status |
AI Assistant Commands
| Command | Description |
|---|
vectra-mcp claude connect | Connect to Claude Desktop |
vectra-mcp cursor connect | Connect to Cursor IDE |
vectra-mcp chat enable | Enable chat interface |
vectra-mcp investigate <query> | AI-assisted investigation |
vectra-mcp visualize <data> | Generate visualizations |
Incident Investigation
| Command | Description |
|---|
vectra-cli investigate --host <host-id> | Investigate host |
vectra-cli investigate --detection <detection-id> | Investigate detection |
vectra-cli timeline --host <host-id> | Generate host timeline |
vectra-cli timeline --account <account-id> | Generate account timeline |
vectra-cli correlate --detection <detection-id> | Correlate detections |
Response Actions
| Command | Description |
|---|
vectra-cli response block --host <host-id> | Block host |
vectra-cli response isolate --host <host-id> | Isolate host |
vectra-cli response quarantine --account <account-id> | Account di quarantena |
vectra-cli response whitelist --host <host-id> | Host whitelist |
vectra-cli response unblock --host <host-id> | Sblocca host |
Reporting and Analytics
| Comando | Descrizione |
|---|
GET /api/v3.3/reports | Elenca report disponibili |
POST /api/v3.3/reports | Genera report |
GET /api/v3.3/reports/{id} | Ottieni dettagli report |
GET /api/v3.3/analytics/summary | Ottieni riepilogo analytics |
GET /api/v3.3/analytics/trends | Ottieni analisi delle tendenze |
Configuration Management
| Comando | Descrizione |
|---|
GET /api/v3.3/settings | Ottieni impostazioni piattaforma |
PATCH /api/v3.3/settings | Aggiorna impostazioni |
GET /api/v3.3/sensors | Elenco sensori |
GET /api/v3.3/sensors/{id} | Ottieni dettagli sensore |
PATCH /api/v3.3/sensors/{id} | Aggiorna configurazione sensore |
User and Role Management
| Comando | Descrizione |
|---|
GET /api/v3.3/users | Elenca utenti |
POST /api/v3.3/users | Crea utente |
GET /api/v3.3/users/{id} | Ottieni dettagli utente |
PATCH /api/v3.3/users/{id} | Aggiorna utente |
DELETE /api/v3.3/users/{id} | Elimina utente |
Alert Management
| Comando | Descrizione |
|---|
GET /api/v3.3/alerts | Elenco avvisi |
POST /api/v3.3/alerts | Crea regola di avviso |
GET /api/v3.3/alerts/{id} | Ottieni dettagli alert |
PATCH /api/v3.3/alerts/{id} | Aggiorna regola di avviso |
DELETE /api/v3.3/alerts/{id} | Elimina regola di avviso |
Integration Management
| Comando | Descrizione |
|---|
GET /api/v3.3/integrations | Elenco integrazioni |
POST /api/v3.3/integrations | Creare integrazione |
GET /api/v3.3/integrations/{id} | Ottieni dettagli di integrazione |
PATCH /api/v3.3/integrations/{id} | Aggiornamento integrazione |
DELETE /api/v3.3/integrations/{id} | Elimina integrazione |
Data Export
| Comando | Descrizione |
|---|
vectra-cli export detections --format json | Esporta rilevamenti |
vectra-cli export hosts --format csv | Esporta host |
vectra-cli export accounts --format json | Esporta account |
vectra-cli export --start-date 2025-01-01 | Esporta con filtro data |
vectra-cli export --threat-score-min 50 | Esporta con filtro del punteggio |
Monitoring and Health
| Comando | Descrizione |
|---|
GET /api/v3.3/health | Controlla l’integrità della piattaforma |
GET /api/v3.3/system/status | Ottieni stato del sistema |
GET /api/v3.3/sensors/health | Controlla lo stato di salute del sensore |
GET /api/v3.3/system/metrics | Ottieni metriche di sistema |
GET /api/v3.3/system/logs | Ottieni log di sistema |
Advanced Queries
| Comando | Descrizione |
|---|
GET /api/v3.3/detections?detection_type=command_and_control | Filtra per tipo di rilevamento |
GET /api/v3.3/detections?src_ip=192.168.1.100 | Filtra per IP sorgente |
GET /api/v3.3/detections?dst_port=443 | Filtra per porta di destinazione |
GET /api/v3.3/hosts?last_detection_timestamp_gte=2025-01-01 | Filtra per timestamp |
Bulk Operations
| Comando | Descrizione |
|---|
vectra-cli bulk assign --detections <file> | Assegnazione bulk delle rilevazioni |
vectra-cli bulk update --hosts <file> | Aggiornamento bulk degli host |
vectra-cli bulk export --query <query> | Esportazione in blocco con query |
vectra-cli bulk remediate --actions <file> | Azioni di bonifica in massa |
Automation and Scripting
| Comando | Descrizione |
|---|
vectra-cli script run --file <script> | Esegui script di automazione |
vectra-cli script validate --file <script> | Convalidare script |
vectra-cli workflow create --name <name> | Crea workflow |
vectra-cli workflow run --id <workflow-id> | Esegui workflow |
| Comando | Descrizione |
|---|
vectra-cli optimize --cache-size 1GB | Imposta dimensione cache |
vectra-cli optimize --parallel 10 | Imposta elaborazione parallela |
vectra-cli optimize --timeout 300 | Imposta timeout |
vectra-cli cache clear | Cancella cache |
vectra-cli cache status | Controlla stato cache |
Debugging and Troubleshooting
| Comando | Descrizione |
|---|
vectra-cli debug --log-level debug | Abilita registrazione debug |
vectra-cli debug connectivity | Verifica connettività |
vectra-cli debug api --endpoint <endpoint> | Endpoint di test API |
vectra-cli debug permissions | Controlla permessi |
vectra-cli logs --tail 100 | Visualizza log recenti |
Environment Variables
| Variabile | Descrizione |
|---|
VECTRA_TOKEN | Token di autenticazione API |
VECTRA_URL | URL della Piattaforma |
VECTRA_TIMEOUT | Timeout della richiesta |
VECTRA_LOG_LEVEL | Livello di logging |
VECTRA_CACHE_DIR | Directory di cache |
Configuration Files
| File | Descrizione |
|---|
vectra.config.json | File di configurazione principale |
vectra-rules.yml | Regole di rilevamento |
vectra-integrations.yml | Impostazioni di integrazione |
.vectra-credentials | Credenziali memorizzate |
Common Detection Types
| Tipo | Descrizione |
|---|
command_and_control | Comunicazione C2 |
lateral_movement | Attività di movimento laterale |
data_exfiltration | Tentativi di esfiltrazione di dati |
reconnaissance | Ricognizione di rete |
privilege_escalation | Escalation dei privilegi |
