v3.4 API guide (RUX)
Vectra Platform API Guide v3.4 (August 2025) for RUX deployments
The Vectra AI Platform, running the Respond UX (RUX), has a REST API available to help with integration into customer operations such as:
Programatic polling of system data
SIEM and SOAR integrations for actionable alerting and response
Building new custom integrations
Common task automation
The legacy .pdf documentation for the version this article is about is available for download on the right side of your screen.
Additional Materials:
Vectra REST API Documentation Website
This is a live site with the ability to download the API specs in .yaml form and also try live queries against your Vectra tenant.
Links to articles for specific versions (downloadable .pdf legacy documentation):
Change Log
Added in February 2026 Update:
Documents existing Proxies endpoint
/api/v3.4/proxies/api/v3.4/proxies/<id>
Added in October 2025 Update:
New Endpoint for Active Directory (AD) Groups
/api/v3.4/settings/active_directory/groups
Adds support for AD Groups in the following endpoints:
/api/v3.4/groups/api/v3.4/groups/<id>
Added in August 2025 Update:
New Endpoint for Health Events
/api/v3.4/events/health
Added in July 2025 Update:
Corrects the documentation of the “vlans” query parameter to the
/api/v3.3/healthendpoint.Add support for GET list of all CDR connectors:
/api/v.3.4/data_source/connectors.
Added in June 2025 Update:
Limits the number of notes per entity returned from list endpoints. The most recent ten notes will be returned with the first truncated to 1000 characters and the following truncated to 100 characters.
New Endpoints for closing/opening Detections
/api/v3.4/detections/close/api/v3.4/detections/<id>/close/api/v3.4/detections/open/api/v3.4/detections/<id>/open
New Endpoint for closing a Host
/api/v3.4/hosts/<id>/close
New Endpoint for closing an Account
/api/v3.4/accounts/<id>/close
Added new response fields and query parameters
/api/v3.4/detectionsreasonparameter/fieldinclude_src_dst_groupsparamsrc_groupsanddst_groupsfields
/api/v3.4/detections/<id>reasonparameter/fieldinclude_src_dst_groupsparamsrc_groupsanddst_groupsfields
Added in April 2025 Update:
Adds the
v3.4/groups/<id>/membersendpoint.Adds a limit of 2000 to the number of members returned with groups for all methods against the
/groupsand/groups/<id>endpoints.To retrieve a full list of members for a group, use
v3.4/groups/<id>/members.
Added in March 2025 Update:
Add support for group type migration for the
/v3.4/groups/<id>endpoint.Adds support for
GETThreat Feeds query parameters.
Added in January 2025 Update:
Deprecates the following monthly Unique Hosts Observed endpoints in favor of the timespan Unique Hosts Observed endpoints:
v3.4/unique_hosts_observed_monthlyv3.4/unique_hosts_observed_monthly/audit
Added in November 2024 Update:
Added support for regex groups in the following endpoints:
/v3.4/groups/v3.4/groups/<id>
Added in October 2024 update :
New Endpoints:
• Introduced new endpoints for querying unique host counts and records based on a specified timespan.
• Added a new endpoint for monitoring the health of detection models.
• Added new endpoints for health monitoring of external connectors and Endpoint Detection and Response (EDR) systems.
• Expanded user and role support with a new endpoint.
Enhanced Vectra Match Functionality:
• Added support for downloading the curated ruleset for Vectra Match.
• New functionality allows uploading large rules files to Vectra Match.
Endpoint and Field Updates:
• Renamed existing unique_host_count endpoints from V3.3 to new names and URLs.
• Removed several legacy endpoints.
• Deprecated and removed some legacy response fields and query parameters.
This release focuses on improved health monitoring, expanded support for roles and user management, and enhanced capabilities for Vectra Match rules management.
Download a copy of the Vectra Platform API Guide v3.4 below, or check out our Quickstart Tutorial to get up and running using our public Postman Collection .
Attachments
Last updated
Was this helpful?