# Configuration - [Navigation updates (RUX)](/configuration/navigation-updates-rux.md) - [ACCESS](/configuration/access.md) - [API (RUX)](/configuration/access/api-rux.md) - [RUX API Postman quick start guide](/configuration/access/api-rux/rux-api-postman-quick-start-guide.md): Use the Vectra Platform public Postman collection to get up and running quickly with the new Vectra AI Platform API. - [v3.4 API guide (RUX)](/configuration/access/api-rux/v34-api-guide-rux.md): Vectra Platform API Guide v3.4 (August 2025) for RUX deployments - [v3.3 API guide (RUX)](/configuration/access/api-rux/v33-api-guide-rux.md): Vectra Platform API Guide v3.3 (Sep 2024) for Respond UX deployments - [v3.2 API guide (RUX)](/configuration/access/api-rux/v32-api-guide-rux.md): Vectra SaaS API Guide v3.2 (Jan 2024) - [v3.1 API guide (RUX)](/configuration/access/api-rux/v31-api-guide-rux.md): Vectra SaaS API Guide v3.1 (Jan 2024) - [v3.0 API guide (RUX)](/configuration/access/api-rux/v30-api-guide-rux.md): Vectra SaaS API Guide v3.0 (Jan 2024) - [API (QUX)](/configuration/access/api-qux.md) - [v2.5 Postman quick start guide using OAuth2](/configuration/access/api-qux/v25-postman-quick-start-guide-using-oauth2.md): This article shows how to quickly get started using the QUX v2.5 API using OAuth2 for authentication and the Postman API testing tool. - [v2.5 Postman quick start guide using token auth](/configuration/access/api-qux/v25-postman-quick-start-guide-using-token-auth.md): This article shows how to quickly get started using the QUX v2.5 API using token authentication and the Postman API testing tool. - [v2.5 API guide (QUX)](/configuration/access/api-qux/v25-api-guide-qux.md): This guide is for v2.5 of the Vectra REST API for QUX deployments. - [v2.4 API guide (QUX)](/configuration/access/api-qux/v24-api-guide-qux.md): This guide is for v2.4 of the Vectra REST API. For Vectra AI Platform (RUX) users, please see the v3.x REST API Guide. - [v2.2 API guide (QUX)](/configuration/access/api-qux/v22-api-guide-qux.md): This guide is for the v2.2 of the Vectra REST API. For Vectra AI Platform (RUX) users, please see the v3.x REST API Guide. - [CLI (Vectra appliances)](/configuration/access/cli-vectra-appliances.md): This article explores the commands available in the Command Line Interface (CLI) of Vectra appliances. - [External Authentication (QUX)](/configuration/access/external-authentication-qux.md) - [RADIUS (QUX)](/configuration/access/external-authentication-qux/radius-qux.md) - [LDAP (QUX)](/configuration/access/external-authentication-qux/ldap-qux.md) - [TACACS+ (QUX)](/configuration/access/external-authentication-qux/tacacs-qux.md) - [SAML SSO (RUX)](/configuration/access/saml-sso-rux.md) - [Any IdP SAML (RUX)](/configuration/access/saml-sso-rux/any-idp-saml-rux.md): Enabling RUX (Respond UX) SAML SSO with any SAML 2.0 compliant Identity Provider (IdP). - [ADFS SAML (RUX)](/configuration/access/saml-sso-rux/adfs-saml-rux.md): Enabling RUX (Respond UX) SAML SSO with ADFS as the Identity Provider (IdP). - [Entra ID (Azure AD) SAML (RUX)](/configuration/access/saml-sso-rux/entra-id-azure-ad-saml-rux.md): Enabling RUX (Respond UX) SAML SSO with Entra ID (Azure AD) as the Identity Provider (IdP). - [Keycloak SAML (RUX)](/configuration/access/saml-sso-rux/keycloak-saml-rux.md): Enabling RUX (Respond UX) SAML SSO with Keycloak as the Identity Provider (IdP). - [Okta SAML (RUX)](/configuration/access/saml-sso-rux/okta-saml-rux.md): Enabling RUX (Respond UX) SAML SSO with Okta as the Identity Provider (IdP). - [SAML SSO (QUX)](/configuration/access/saml-sso-qux.md) - [Any IdP SAML (QUX)](/configuration/access/saml-sso-qux/any-idp-saml-qux.md): Enabling QUX (Quadrant UX) SAML SSO with any SAML 2.0 compliant Identity Provider (IdP). - [ADFS SAML (QUX)](/configuration/access/saml-sso-qux/adfs-saml-qux.md): Enabling QUX (Quadrant UX) SAML SSO with ADFS as the Identity Provider (IdP). - [Entra ID (Azure AD) SAML (QUX)](/configuration/access/saml-sso-qux/entra-id-azure-ad-saml-qux.md): Enabling QUX (Quadrant UX) SAML SSO with Entra ID (Azure AD) as the Identity Provider (IdP). - [Okta SAML (QUX)](/configuration/access/saml-sso-qux/okta-saml-qux.md): Enabling QUX (Quadrant UX) SAML SSO with Okta as the Identity Provider (IdP). - [Ping Identity SAML (QUX)](/configuration/access/saml-sso-qux/ping-identity-saml-qux.md): Enabling QUX (Quadrant UX) SAML SSO with Ping Identity as the Identity Provider (IdP). - [Vectra remote support](/configuration/access/vectra-remote-support.md): Configure and verify Vectra Remote Support (VPN, UI access, and CLI access) for RUX and QUX deployments, including connectivity requirements, proxy considerations, and troubleshooting. - [QUX deployments prior to v9.9](/configuration/access/vectra-remote-support/qux-deployments-prior-to-v98.md): Remote support allows authorized Vectra personnel to connect to your Vectra (Brain). This article details how you can enable, disable, and verify the status of remote support. - [COVERAGE](/configuration/coverage.md) - [Brain Setup](/configuration/coverage/brain-setup.md) - [IP address classfication](/configuration/coverage/brain-setup/ip-address-classfication.md): This article addresses the queries related to IP-Address-Classification setting available in Vectra Quadrant and Respond UX. - [EDRs](/configuration/coverage/edrs.md) - [Crowdstrike data source](/configuration/coverage/edrs/crowdstrike-data-source.md): Integration with CrowdStrike as a Data Source will allow detection and incident signal from CrowdStrike EDR to be ingested into the Vectra AI Platform. - [SentinelOne data source](/configuration/coverage/edrs/sentinelone-data-source.md): Integration with SentinelOne as a Data Source will allow detection and incident signal from SentinelOne to be ingested into the Vectra AI Platform. - [Microsoft Defender data source](/configuration/coverage/edrs/microsoft-defender-data-source.md): Integration with Microsoft Defender for Endpoint (Defender) as a Data Source will allow detection and incident signal from Defender to be ingested into the Vectra AI Platform. - [Network Identities (WELI)](/configuration/coverage/network-identities-weli.md) - [Windows Event Log Ingestion (WELI)](/configuration/coverage/network-identities-weli/windows-event-log-ingestion-weli.md): Configure Windows Event Log Ingestion (WELI) to send Kerberos security events to Vectra for analysis. It enables PAA detections, HostID enrichment, and provides metadata for investigation. - [WELI via NXLog](/configuration/coverage/network-identities-weli/weli-via-nxlog.md) - [WELI Splunk (Raw TCP / XML) configuration](/configuration/coverage/network-identities-weli/weli-splunk-raw-tcp-xml-configuration.md): Windows Event Log Ingestion - Collecting Security Events with Splunk Universal Forwarders and sending data to Vectra in Raw TCP / XML format. - [WELI Splunk (syslog / legacy) configuration](/configuration/coverage/network-identities-weli/weli-splunk-syslog-legacy-configuration.md) - [Remote Users](/configuration/coverage/remote-users.md) - [Remote users (SASE / SSE)](/configuration/coverage/remote-users/remote-users-sase-sse.md) - [Netskope Cloud TAP](/configuration/coverage/remote-users/netskope-cloud-tap.md): Configure Netskope Cloud TAP with Vectra NDR, including vSensor setup, SASE IP remapping, and Stitcher deployment guidance for AWS/Azure. - [Zscaler ZIA](/configuration/coverage/remote-users/zscaler-zia.md): This article discusses Vectra\'s support of Zscaler Internet Access (ZIA) and provides details for use with both PCAP ingestion and on-prem capture. - [Zscaler ZPA](/configuration/coverage/remote-users/zscaler-zpa.md) - [Zscaler ZPA log ingestion via QRadar](/configuration/coverage/remote-users/zscaler-zpa-log-ingestion-via-qradar.md) - [Optimizing Vectra for use with VPN clients](/configuration/coverage/remote-users/optimizing-vectra-for-use-with-vpn-clients.md): How to optimize Vectra observability for VPN clients by using Sensor placement, SASE/SSE integration, EDR integration, Windows Event Log Ingestion, and rDNS. - [Threat Feeds](/configuration/coverage/threat-feeds.md) - [External threat intel integration](/configuration/coverage/threat-feeds/external-threat-intel-integration.md) - [Vectra threat intelligence](/configuration/coverage/threat-feeds/vectra-threat-intelligence.md) - [Encapsulation Endpoints (GRE, ERSPAN, GENEVE, VXLAN)](/configuration/coverage/encapsulation-endpoints-gre-erspan-geneve-vxlan.md): Configure Sensor capture interfaces with an IP address to be used as a destination for tunneled encapsulations such as GRE, ERSPAN, GENEVE, and VXLAN traffic. - [RESPONSE](/configuration/response.md) - [Lockdown](/configuration/response/lockdown.md) - [Active Directory Account Lockdown](/configuration/response/lockdown/active-directory-account-lockdown.md): Configure and use Active Directory Account Lockdown, including permissions, automatic thresholds, notifications, API usage, and protected account caveats. - [Active Directory Account Lockdown custom configuration](/configuration/response/lockdown/active-directory-account-lockdown-custom-configuration.md): This article details new Account Lockdown custom configuration options that are available in v8.2+ of Vectra software. - [Entra ID (Azure AD) Account Lockdown (RUX)](/configuration/response/lockdown/entra-id-azure-ad-account-lockdown-rux.md): This article describes the Azure Active Directory (AAD) Account Lockdown feature in a Frequently Asked Questions (FAQ) style. This feature is only available in the Vectra Respond UX. - [Host Lockdown (EDR)](/configuration/response/lockdown/host-lockdown-edr.md): EDR Host Lockdown Information: - [Traffic Lockdown](/configuration/response/lockdown/traffic-lockdown.md) - [Notifications](/configuration/response/notifications.md) - [External app alerts (webhook)](/configuration/response/notifications/external-app-alerts-webhook.md): Configure webhook-based alert destinations for Vectra prioritization and system alerts in tools like Microsoft Teams. - [Syslog guide (QUX)](/configuration/response/notifications/syslog-guide-qux.md) - [Syslog sending to Kafka](/configuration/response/notifications/syslog-sending-to-kafka.md) - [Syslog and Kafka message size limits (QUX)](/configuration/response/notifications/syslog-and-kafka-message-size-limits-qux.md) - [System alerts](/configuration/response/notifications/system-alerts.md) - [SIEM](/configuration/response/siem.md) - [Microsoft Sentinel SIEM integration (RUX)](/configuration/response/siem/azure-sentinel-siem-integration-rux.md): Deploy the Microsoft Sentinel (formerly Azure Sentinel) integration for Vectra Respond UX (package v3.3.0), including ingestion, workbooks, analytics rules, and playbooks. - [Azure Sentinel Stream integration using AMA](/configuration/response/siem/azure-sentinel-stream-integration-using-ama.md): This article provides detailed instructions for deploying and configuring the Vectra Stream app for Azure Sentinel for use with the Microsoft Azure Monitor Agent. - [Azure Sentinel Stream integration using OMS (Deprecated)](/configuration/response/siem/azure-sentinel-stream-integration-using-oms.md): Deprecated guide for sending Vectra Stream Raw JSON to Microsoft Sentinel via the OMS (Log Analytics) agent and a Linux collector. - [Crowdstrike Next-Gen SIEM integration (RUX)](/configuration/response/siem/crowdstrike-next-gen-siem-integration-rux.md): Ingest Vectra entity scoring events, detection events, and audit events from Vectra Respond UX. - [Crowdstrike Next-Gen SIEM integration (QUX)](/configuration/response/siem/crowdstrike-nextgen-siem-integration-qux.md): Send Vectra Detect (QUX) logs to CrowdStrike NextGen-SIEM via a log collector and HEC, using the provided parser and setup guide. - [Google SecOps SIEM integration (QUX)](/configuration/response/siem/google-secops-siem-integration-qux.md): Ingest and parse Vectra Detect (QUX) syslog into Google SecOps SIEM for detections, entities, and audit/health/lockdown data. - [Google SecOps SIEM integration (RUX)](/configuration/response/siem/google-secops-siem-integration-rux.md): Integrate Vectra Respond UX (RUX) with Google SecOps SIEM using the Vectra API, with a deployment guide and configuration template. - [Google SecOps SIEM Stream integration](/configuration/response/siem/google-secops-siem-stream-integration.md): Forward Vectra Stream security-enriched metadata to Google SecOps SIEM via syslog, using the provided implementation guide. - [Microsoft Sentinel NDR (Detect) integration using AMA](/configuration/response/siem/microsoft-sentinel-ndr-detect-integration-using-ama.md): Deploy or migrate Vectra Detect syslog CEF ingestion to Microsoft Sentinel using Azure Monitor Agent (AMA), including Logstash transformation and troubleshooting. - [QRadar SIEM integration (RUX)](/configuration/response/siem/qradar-siem-integration-rux.md) - [QRadar SIEM integration (QUX)](/configuration/response/siem/qradar-siem-integration-qux.md): Install and configure the Vectra Detect app for QRadar (QUX), supporting both Vectra SaaS API polling and Brain syslog ingestion. - [Splunk SIEM / Vectra integration guide (start here for RUX)](/configuration/response/siem/splunk-siem-vectra-integration-guide-start-here-for-rux.md): Start here for Splunk integration with Vectra Respond UX, including supported add-ons/apps, install matrix, API client setup, and data inputs. - [Splunk SIEM / Vectra integration guide (start here for QUX)](/configuration/response/siem/splunk-siem-vectra-integration-guide-start-here-for-qux.md): This article serves as the starting point for Vectra\'s various integrations with Splunk. Read this prior to any other articles regarding Splunk integration. - [Splunk - Vectra Detect Add-On and Syslog Configuration (QUX)](/configuration/response/siem/splunk-vectra-detect-add-on-and-syslog-configuration-qux.md): Install the Technology Add-on for Vectra Detect (JSON) and configure Detect syslog so Splunk parses events into the correct sourcetypes. - [Splunk - Vectra Detect Integration Steps (QUX)](/configuration/response/siem/splunk-vectra-detect-integration-steps-qux.md): End-to-end steps for integrating Vectra Detect (QUX) with Splunk, including which add-ons to install and how to configure the Detect app macro. - [Splunk TA - Changing from CEF to JSON for Vectra Detect (QUX)](/configuration/response/siem/splunk-ta-changing-from-cef-to-json-for-vectra-detect-qux.md): Migrate Splunk ingestion for Vectra Detect from legacy CEF syslog to full JSON using the new TA, with install, configuration, and validation steps. - [Splunk - Vectra SaaS Add-on Configuration (QUX)](/configuration/response/siem/splunk-vectra-saas-add-on-configuration-qux.md): Install and configure the Vectra SaaS add-on for Splunk, including API client details, proxy options, and data inputs for scoring and detections. - [SOAR](/configuration/response/soar.md) - [Google SecOps SOAR integration (RUX)](/configuration/response/soar/google-secops-soar-integration-rux.md) - [Google SecOps SOAR integration (QUX)](/configuration/response/soar/google-secops-soar-integration-qux.md) - [Palo Alto XSOAR integration (QUX)](/configuration/response/soar/palo-alto-xsoar-integration-qux.md) - [Palo Alto XSOAR integration (RUX)](/configuration/response/soar/palo-alto-xsoar-integration-rux.md) - [Splunk SOAR integration (RUX)](/configuration/response/soar/splunk-soar-integration-rux.md) - [Splunk SOAR integration (QUX)](/configuration/response/soar/splunk-soar-integration-qux.md) - [ServiceNow SIR SOAR integration (RUX)](/configuration/response/soar/servicenow-sir-soar-integration-rux.md) - [ServiceNow SIR SOAR integration (QUX)](/configuration/response/soar/servicenow-sir-soar-integration-qux.md) - [Ticketing / CMDB](/configuration/response/ticketing.md) - [ServiceNow ITSM ticketing integration (RUX)](/configuration/response/ticketing/servicenow-itsm-ticketing-integration-rux.md) - [ServiceNow ITSM ticketing integration (QUX)](/configuration/response/ticketing/servicenow-itsm-ticketing-integration-qux.md) - [ServiceNow CMDB integration (RUX)](/configuration/response/ticketing/servicenow-cmdb-integration-rux.md) - [SETUP](/configuration/setup.md) - [Account Association](/configuration/setup/account-association.md) - [EDR Integrations](/configuration/setup/edr-integrations.md) - [Microsoft Defender for Endpoint](/configuration/setup/edr-integrations/microsoft-defender-for-endpoint.md): Microsoft Defender for Endpoint FAQ, formerly Microsoft Defender ATP - [Carbon Black Response](/configuration/setup/edr-integrations/carbon-black-response.md): How to configure Carbon Black Response (On-Prem) integration - [Carbon Black Cloud](/configuration/setup/edr-integrations/carbon-black-cloud.md) - [Trellix (FireEye) Endpoint Security (HX)](/configuration/setup/edr-integrations/trellix-fireeye-endpoint-security-hx.md) - [SentinelOne](/configuration/setup/edr-integrations/sentinelone.md) - [Cybereason](/configuration/setup/edr-integrations/cybereason.md) - [Crowdstrike](/configuration/setup/edr-integrations/crowdstrike.md): Configuring integration with Crowdstrike EDR to enable EDR process AI stitching, Host Lockdown capability, and add host details from Crowdstrike to host details pages and Vectra's automated HostID. - [External Connectors](/configuration/setup/external-connectors.md) - [Active Directory](/configuration/setup/external-connectors/active-directory.md): This article provides configuration advice for integration AD with Vectra NDR (formerly known as Vectra Detect for Network). This is supported for both Respond UX and Quadrant UX deployments. - [AWS HostID integration](/configuration/setup/external-connectors/aws-hostid-integration.md): This article goes over the AWS HostID integration available for Vectra NDR deployments that see traffic from AWS VPCs. - [Azure HostID integration](/configuration/setup/external-connectors/azure-hostid-integration.md): This article goes over the Azure HostID integration available for Vectra NDR deployments that see traffic from Azure virtual networks. - [GCP HostID integration](/configuration/setup/external-connectors/gcp-hostid-integration.md): This article goes over the GCP HostID integration available for Vectra NDR deployments that capture traffic from GCP VPCs. - [SIEM (Vectra Brain ingesting logs)](/configuration/setup/external-connectors/siem-vectra-brain-ingesting-logs.md) - [vCenter integration (VMware)](/configuration/setup/external-connectors/vcenter-integration-vmware.md): Configure the Vectra Brain to query the VMware vCenter API (read-only) for infrastructure visibility and vSensor planning. - [Proxies](/configuration/setup/proxies.md): This article is designed to assist in understanding how Vectra appliances interact with proxy systems. - [TUNING](/configuration/tuning.md) - [Triage best practices](/configuration/tuning/triage-best-practices.md) - [Active Directory (AD) groups](/configuration/tuning/active-directory-ad-groups.md) - [Dynamic groups](/configuration/tuning/dynamic-groups.md) - [Creating triage filters via API](/configuration/tuning/creating-triage-filters-via-api.md) - [Noise elimination for Tanium and other mesh scanners](/configuration/tuning/noise-elimination-for-tanium-and-other-mesh-scanners.md) - [QUX specific](/configuration/qux-specific.md) - [SSL certificate installation](/configuration/qux-specific/ssl-certificate-installation.md): This article discusses SSL certificate options for Quadrant UX deployments. For RUX deployments, the cert used to support the GUI is fully managed by Vectra only. - [Digest emails](/configuration/qux-specific/digest-emails.md): Digest Emails provide a feature to send a summary of detections count per category in for last 24 hours - [Login caption](/configuration/qux-specific/login-caption.md): This article covers the steps to create a login caption on Vectra Quadrant UX. - [SMTP configuration (QUX)](/configuration/qux-specific/smtp-configuration-qux.md): Vectra Brain appliances that serve the Quadrant UX can be configured to support SMTP for sending email alert notifications. This article describes how to configure the required SMTP settings.