CLI (Vectra appliances)
This article explores the commands available in the Command Line Interface (CLI) of Vectra appliances.
Vectra appliances come with a number of commands that can be run in the Command Line Interface (CLI) after logging in as the "vectra" user. These can be useful for configuration and troubleshooting/debugging issues.
To learn more about how to logon as the "vectra" user, please see: Console access on Vectra appliances for more detail.
Brain and Sensor/Stream appliances will have different commands available to the them. For example, Sensors don't have a GUI so the "certificate" command isn't available on them. If a command that is listed below isn't available on your appliance, its likely that its simply not available there due to the mode of the appliance. Occasionally new commands may be feature flagged and rolled out in different waves. Please contact Vectra Support if your are unable to run a command at the CLI that you need.
This article does not go into deep detail on each individual command. Searching the support portal for different keywords you see in this article may find other articles that give additional detail on the feature/function that is being operated on with the command. This article will be periodically updated as relevant articles are found and linked to this KB.
Most features/functions can be enabled and configured in the Vectra GUI. The GUI is available at the URL of your Vectra tenant (found in your welcome email) in the case of Respond UX (RUX) deployments. The GUI is available at the hostname or IP address of your Brain appliance for Quadrant UX (QUX) deployments. If you are unsure of your UX, please see Vectra Analyst User Experiences (Respond vs Quadrant). The starting point for your RUX deployment should be the: Vectra Respond UX Deployment Guide. The starting point for your QUX deployment should be the: Vectra Quadrant UX Deployment Guide.
Vectra CLI Commands - Overview
The following commands can be used in the CLI:
Commands
Description
backup
Configure, schedule, and run backups
certificate
Certificate command group
debug
Debug commands group
del
Del commands group
dirsync
Used to view or change sync modes for AD integration
factory-restore
Perform factory restore, irreversibly delete everything (type 'all') or data only (type 'keep-ifconfig')
match
View information about Vectra Match state
performance-test
Run a system performance test
privexec
Used to execute privileged commands at the direction of Vectra support
provision
vSensor/Stream provisioning tool
reboot
Reboot the system
restore
Restore from a backup
set
Set commands group
show
Show commands group
shutdown
Shutdown the system
status-report
Generate system status reports
suspect-protocol-activity
Disable, enable, or view status of SPA detection feature
unset
Unset commands group
Undocumented commands
exit
Logout of Vectra CLI
help
Get a list of commands - Also do "show commands" at CLI to get a longer list vs only the top level shown above.
quit
Logout of Vectra CLI
Vectra CLI Commands - Individual.
Each of the commands above will be broken down and detailed below:
backup
Additional Documentation
Usage
backup [OPTIONS] COMMAND [ARGS]
Description
Configure, schedule, and run backups
Options:
-h, --help
Show this message and exit
Commands:
clear
Reset backup / restore configuration
external-targets
from-brain
Manage whether other brains can back up to this one
run
Make a backup of the current machine state
schedule
Manage whether backups are run on a weekly schedule
certificate
Additional Documentation
Usage
certificate [OPTIONS] COMMAND [ARGS]
Description
Certificate command group
Options:
-h, --help
Show this message and exit
Commands:
add
Add Certificates types
request
Certificate Signing Request
info
Display Current Certificate information
debug
Additional Documentation
Checking brain or sensor network connectivity
Time and Time-Zone on Vectra Brain appliance
Configuring DNS servers on Vectra appliances
Usage
debug [OPTIONS] COMMAND [ARGS]
Description
Debug commands group
Options:
-h, --help
Show this message and exit
Commands:
connectivity
Test TCP connectivity to destination host or IP
dns
Querying specific DNS information
ntp
Executes various NTP-related commands and prints their output
ping
Execute ping command to destination host or IP
traceroute
Execute traceroute command to destination host or IP
del
Usage
del [OPTIONS] COMMAND [ARGS]
Description
Del commands group
Options:
-h, --help
Show this message and exit
Commands:
dns
Delete up to 3 nameservers
dirsync
Additional Documentation
Usage
dirsync [OPTIONS] COMMAND [ARGS]
Description
Show dirsync feature flag
Options:
-h, --help
Show this message and exit
Commands:
full_sync
Force full sync
factory-restore
Additional Documentation
How do I clear data from a Vectra Cognito brain or sensor before returning the appliance?
Usage
factory-restore < ( all | keep-ifconfig ) > [ -y ]
Description
Perform factory restore, deleting all data and setting back to factory defaults. Restore types: 'all' or 'keep-ifconfig'
Options:
-y, --yes
Skip command-line confirmation before running factory restore
-h, --help
Show this message and exit
match
Additional Documentation
Usage
match [OPTIONS] COMMAND [ARGS]
Description
View information about Vectra Match state
Options:
-h, --help
Show this message and exit
Commands:
assignment
View information about Vectra Match rule assignment
rules
View information about Vectra Match rules
performance-test
Additional Documentation
Usage
performance-test [OPTIONS]
Description
Run a system performance test
Options:
--force
Run all tests regardless of cached results
-h, --help
Show this message and exit
privexec
Additional Documentation
Usage
privexec < blob > [ -y ]
Description
For entering elevated support commands
Options:
-y, --yes
Don't prompt for verification
-h, --help
Show this message and exit
provision
Additional Documentation
Usage
provision COMMAND [ARGS]
Description
vSensor/Stream provisioning tool
Options:
-h, --help
Show this message and exit
Commands:
vmware
Group for handling vmware provisioning commands
reboot
Usage
reboot [ --yes ]
Description
Reboot the system
Options:
--yes
Confirm the action without prompting
-h, --help
Show this message and exit
restore
Additional Documentation
Usage
restore [OPTIONS] COMMAND [ARGS]
Description
Restore from a backup
Options:
-h, --help
Show this message and exit
Commands:
delete-version
Delete backups that were taken for software version
list
List backups available on the local machine
run
sensor
Usage
sensor [OPTIONS] COMMAND [ARGS]
Description
Sensor commands group
Options:
--force
Force to unpair a sensor
-h, --help
Show this message and exit
Commands:
pair
Pair a sensor
unpair
Unpair a sensor
set
Usage
set [OPTIONS] COMMAND [ARGS]
Description
Set commands group
Options:
-h, --help
Show this message and exit
Commands:
autopair
Set the autopairing modes for devices that try to connect
aws
AWS Set Group
aws_s3
Used only for Vectra MDR customers at the direction of the MDR team
azure
Azure Set Group
capture-network
Adds a CIDR block or list of CIDR blocks
capture-vlan
Adds a VLAN into the capture configuration
dirsync
Toggle dirsync feature flag
dns
Sets dns servers to up to three specified nameservers IP
dns_lookup
Active DNS settings Group
gcp
GCP Set Group
interface
Sets network interfaces to either dhcp or static ip
ipmi_interface
Set the ipmi interface config
ipmi_password
Change the customer ipmi password
ipv6
license
Set license details
manual-update
Change update mode
mode
Sets mode to brain or mixed
password
Change the system password - not available on sensors
proxy
Configure proxy
security-mode
Sets security mode to FIPS or default
vpn
Set VPN command
show
Usage
show [OPTIONS] COMMAND [ARGS]
Description
Show commands group
Options:
-h, --help
Show this message and exit
Commands:
autopair
Get the current device autopairing modes
aws
AWS Group
azure
Azure Show Group
backup
Show backup configuration information
capture-networks
Shows capture-network settings per subnet
capture-vlans
Shows capture-vlans
commands
Show list of all commands available in vsupport
dirsync
show dirsync feature flag
dns
Shows DNS nameservers
events
show events
gcp
GCP Show Group
interface
Shows interface(s) status
ipmi_interface
Get the ipmi interface config
ipv6
Show IPv6 group
license
Show license details
manual-update
Show update mode
mode
Shows system mode
model
Show system model number
pairing-status
Only available on Sensor appliances. Shows status of pairing, useful for troubleshooting.
proxy
Shows proxy setting
proxy --southside
Shows the detected south-side proxies. See Proxy handling in Vectra for more details.
raid
Shows RAID configuration for appliances with RAID
registration-token
Get registration token
security-mode
Shows security mode
sensors
Show associated sensors
serial-number
Shows product serial number
stream
Stream Group
system-health
Verify the health of the device by running system
traffic
Show traffic commands group
traffic-validation
Show Enhanced Network Traffic Validation data
version
Shows product version
vpn
Shows VPN state
shutdown
Usage
shutdown [ --yes ]
Description
Shutdown the system
Options:
--yes
Confirm the action without prompting
-h, --help
Show this message and exit
status-report
Usage
status-report [OPTIONS] COMMAND [ARGS]
Description
Generate system status reports
Options:
-h, --help
Show this message and exit
Commands:
clear
System check status report clear / delete
generate
Generate status-report
list
System check status report list
suspect-protocol-activity
Additional Documentation
Usage
suspect-protocol-activity [OPTIONS] COMMAND [ARGS]
Description
View information about suspect protocol activity (SPA) state
Options:
-h, --help
Show this message and exit
Commands:
disable
Disable SPA
enable
Enable SPA
status
View SPA status from paired devices
unset
Usage
unset [OPTIONS] COMMAND [ARGS]
Description
Unset commands group
Options:
-h, --help
Show this message and exit
Commands:
capture-network
Remove an existing CIDR block or list of CIDR blocks
capture-vlan
Remove an existing VLAN from the capture configuration
static
Remove an existing static ip address setting
Last updated
Was this helpful?