# CLI (Vectra appliances) Vectra appliances come with a number of commands that can be run in the Command Line Interface (CLI) after logging in as the "vectra" user. These can be useful for configuration and troubleshooting/debugging issues. * To learn more about how to logon as the "vectra" user, please see: [Console access on Vectra appliances](https://docs.vectra.ai/deployment/appliance-operations/console-access-on-appliances) for more detail. Brain and Sensor/Stream appliances will have different commands available to the them. For example, Sensors don't have a GUI so the "certificate" command isn't available on them. If a command that is listed below isn't available on your appliance, its likely that its simply not available there due to the mode of the appliance. Occasionally new commands may be feature flagged and rolled out in different waves. Please contact Vectra Support if your are unable to run a command at the CLI that you need. This article does not go into deep detail on each individual command. Searching the support portal for different keywords you see in this article may find other articles that give additional detail on the feature/function that is being operated on with the command. This article will be periodically updated as relevant articles are found and linked to this KB. Most features/functions can be enabled and configured in the Vectra GUI. The GUI is available at the URL of your Vectra tenant (found in your welcome email) in the case of Respond UX (RUX) deployments. The GUI is available at the hostname or IP address of your Brain appliance for Quadrant UX (QUX) deployments. If you are unsure of your UX, please see [Vectra Analyst User Experiences (Respond vs Quadrant)](https://docs.vectra.ai/deployment/getting-started/analyst-ux-options-rux-vs-qux). The starting point for your RUX deployment should be the: [Vectra Respond UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/respond-ux-deployment-guide). The starting point for your QUX deployment should be the: [Vectra Quadrant UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/quadrant-ux-deployment). ## Vectra CLI Commands - Overview The following commands can be used in the CLI: | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | | Commands | Description | | backup | Configure, schedule, and run backups | | certificate | Certificate command group | | debug | Debug commands group | | del | Del commands group | | dirsync | Used to view or change sync modes for AD integration | | factory-restore | Perform factory restore, irreversibly delete everything (type 'all') or data only (type 'keep-ifconfig') | | match | View information about Vectra Match state | | performance-test | Run a system performance test | | privexec | Used to execute privileged commands at the direction of Vectra support | | provision | vSensor/Stream provisioning tool | | reboot | Reboot the system | | restore | Restore from a backup | | set | Set commands group | | show | Show commands group | | shutdown | Shutdown the system | | status-report | Generate system status reports | | suspect-protocol-activity | Disable, enable, or view status of SPA detection feature | | unset | Unset commands group | | | | | --------------------- | --------------------------------------------------------------------------------------------------------------- | | Undocumented commands | | | exit | Logout of Vectra CLI | | help | Get a list of commands - Also do "show commands" at CLI to get a longer list vs only the top level shown above. | | quit | Logout of Vectra CLI | ## Vectra CLI Commands - Individual. Each of the commands above will be broken down and detailed below: ## backup | | | | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Additional Documentation |

Backup and Restore for Vectra Brain Appliances (v8.5+)

Vectra Brain Appliance Disaster Recovery (DR) / Migration Recommendations (v8.5+)

| | Usage | backup \[OPTIONS] COMMAND \[ARGS] | | Description | Configure, schedule, and run backups | | Options: | | | -h, --help | Show this message and exit | | Commands: | | | clear | Reset backup / restore configuration | | external-targets | | | from-brain | Manage whether other brains can back up to this one | | run | Make a backup of the current machine state | | schedule | Manage whether backups are run on a weekly schedule | ## certificate | | | | ------------------------ | -------------------------------------------------------------------------------------------------------------- | | Additional Documentation | [SSL Certificate Installation](https://docs.vectra.ai/configuration/qux-specific/ssl-certificate-installation) | | Usage | certificate \[OPTIONS] COMMAND \[ARGS] | | Description | Certificate command group | | Options: | | | -h, --help | Show this message and exit | | Commands: | | | add | Add Certificates types | | request | Certificate Signing Request | | info | Display Current Certificate information | ## debug | | | | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Additional Documentation |

Checking brain or sensor network connectivity

Time and Time-Zone on Vectra Brain appliance

Configuring DNS servers on Vectra appliances

| | Usage | debug \[OPTIONS] COMMAND \[ARGS] | | Description | Debug commands group | | Options: | | | -h, --help | Show this message and exit | | Commands: | | | connectivity | Test TCP connectivity to destination host or IP | | dns | Querying specific DNS information | | ntp | Executes various NTP-related commands and prints their output | | ping | Execute ping command to destination host or IP | | traceroute | Execute traceroute command to destination host or IP | ## del | | | | ----------- | ------------------------------ | | Usage | del \[OPTIONS] COMMAND \[ARGS] | | Description | Del commands group | | Options: | | | -h, --help | Show this message and exit | | Commands: | | | dns | Delete up to 3 nameservers | ## dirsync | | | | ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------- | | Additional Documentation | [Configuring Active Directory(AD) integration with Vectra NDR](https://docs.vectra.ai/configuration/setup/external-connectors/active-directory) | | Usage | dirsync \[OPTIONS] COMMAND \[ARGS] | | Description | Show dirsync feature flag | | Options: | | | -h, --help | Show this message and exit | | Commands: | | | full\_sync | Force full sync | ## factory-restore | | | | ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------- | | Additional Documentation | [How do I clear data from a Vectra Cognito brain or sensor before returning the appliance?](https://docs.vectra.ai/configuration/access/broken-reference) | | Usage | factory-restore < ( all \| keep-ifconfig ) > \[ -y ] | | Description | Perform factory restore, deleting all data and setting back to factory defaults. Restore types: 'all' or 'keep-ifconfig' | | Options: | | | -y, --yes | Skip command-line confirmation before running factory restore | | -h, --help | Show this message and exit | ## match | | | | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Additional Documentation |

Vectra Match Deployment Guide

Vectra Match FAQ

Vectra Match Curated Ruleset

Vectra Match Performance and Ruleset Optimization Guidance

Vectra Match Suricata Configuration

Vectra Match Troubleshooting

| | Usage | match \[OPTIONS] COMMAND \[ARGS] | | Description | View information about Vectra Match state | | Options: | | | -h, --help | Show this message and exit | | Commands: | | | assignment | View information about Vectra Match rule assignment | | rules | View information about Vectra Match rules | ## performance-test | | | | ------------------------ | ------------------------------------------------------------------------------------------------------------ | | Additional Documentation | [VMware Brain Deployment Guide](https://docs.vectra.ai/deployment/ndr-virtual-cloud-appliances/vmware-brain) | | Usage | performance-test \[OPTIONS] | | Description | Run a system performance test | | Options: | | | --force | Run all tests regardless of cached results | | -h, --help | Show this message and exit | ## privexec | | | | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Additional Documentation | [Applying the privexec patch on the appliance (brain or sensor) provided by Vectra Support](https://github.com/iKettles/vectra-gitbook/blob/main/documentation/vectravforcesite/articles/Knowledge/KB-VS-1063/README.md) | | Usage | privexec < blob > \[ -y ] | | Description | For entering elevated support commands | | Options: | | | -y, --yes | Don't prompt for verification | | -h, --help | Show this message and exit | ## provision | | | | ------------------------ | ---------------------------------------------------------------------------------------------------------------- | | Additional Documentation | [VMware vSensor Deployment Guide](https://docs.vectra.ai/deployment/ndr-virtual-cloud-appliances/vmware-vsensor) | | Usage | provision COMMAND \[ARGS] | | Description | vSensor/Stream provisioning tool | | Options: | | | -h, --help | Show this message and exit | | Commands: | | | vmware | Group for handling vmware provisioning commands | ## reboot | | | | ----------- | ------------------------------------ | | Usage | reboot \[ --yes ] | | Description | Reboot the system | | Options: | | | --yes | Confirm the action without prompting | | -h, --help | Show this message and exit | ## restore | | | | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Additional Documentation |

Backup and Restore for Vectra Brain Appliances (v8.5+)

Vectra Brain Appliance Disaster Recovery (DR) / Migration Recommendations (v8.5+)

| | Usage | restore \[OPTIONS] COMMAND \[ARGS] | | Description | Restore from a backup | | Options: | | | -h, --help | Show this message and exit | | Commands: | | | delete-version | Delete backups that were taken for software version | | list | List backups available on the local machine | | run | | ## sensor | | | | ----------- | --------------------------------- | | Usage | sensor \[OPTIONS] COMMAND \[ARGS] | | Description | Sensor commands group | | Options: | | | --force | Force to unpair a sensor | | -h, --help | Show this message and exit | | Commands: | | | pair | Pair a sensor | | unpair | Unpair a sensor | ## set | | | | --------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | | Usage | set \[OPTIONS] COMMAND \[ARGS] | | Description | Set commands group | | Options: | | | -h, --help | Show this message and exit | | Commands: | | | autopair | Set the autopairing modes for devices that try to connect | | aws | AWS Set Group | | aws\_s3 | Used only for Vectra MDR customers at the direction of the MDR team | | azure | Azure Set Group | | capture-network | Adds a CIDR block or list of CIDR blocks | | capture-vlan | Adds a VLAN into the capture configuration | | dirsync | Toggle dirsync feature flag | | dns | Sets dns servers to up to three specified nameservers IP | | dns\_lookup | Active DNS settings Group | | gcp | GCP Set Group | | interface | Sets network interfaces to either dhcp or static ip | | ipmi\_interface | Set the ipmi interface config | | ipmi\_password | Change the customer ipmi password | | ipv6 | Please see [IPv6 Management Support for Vectra Appliances](https://docs.vectra.ai/deployment/getting-started/ipv6-management-support-for-vectra-appliances) | | license | Set license details | | manual-update | Change update mode | | mode | Sets mode to brain or mixed | | password | Change the system password - not available on sensors | | proxy | Configure proxy | | security-mode | Sets security mode to FIPS or default | | vpn | Set VPN command | ## show | | | | ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------- | | Usage | show \[OPTIONS] COMMAND \[ARGS] | | Description | Show commands group | | Options: | | | -h, --help | Show this message and exit | | Commands: | | | autopair | Get the current device autopairing modes | | aws | AWS Group | | azure | Azure Show Group | | backup | Show backup configuration information | | capture-networks | Shows capture-network settings per subnet | | capture-vlans | Shows capture-vlans | | commands | Show list of all commands available in vsupport | | dirsync | show dirsync feature flag | | dns | Shows DNS nameservers | | events | show events | | gcp | GCP Show Group | | interface | Shows interface(s) status | | ipmi\_interface | Get the ipmi interface config | | ipv6 | Show IPv6 group | | license | Show license details | | manual-update | Show update mode | | mode | Shows system mode | | model | Show system model number | | pairing-status | Only available on Sensor appliances. Shows status of pairing, useful for troubleshooting. | | proxy | Shows proxy setting | | proxy --southside | Shows the detected south-side proxies. See [Proxy handling in Vectra](https://docs.vectra.ai/configuration/setup/proxies) for more details. | | raid | Shows RAID configuration for appliances with RAID | | registration-token | Get registration token | | security-mode | Shows security mode | | sensors | Show associated sensors | | serial-number | Shows product serial number | | stream | Stream Group | | system-health | Verify the health of the device by running system | | traffic | Show traffic commands group | | traffic-validation | Show Enhanced Network Traffic Validation data | | version | Shows product version | | vpn | Shows VPN state | ## shutdown | | | | ----------- | ------------------------------------ | | Usage | shutdown \[ --yes ] | | Description | Shutdown the system | | Options: | | | --yes | Confirm the action without prompting | | -h, --help | Show this message and exit | ## status-report | | | | ----------- | ----------------------------------------- | | Usage | status-report \[OPTIONS] COMMAND \[ARGS] | | Description | Generate system status reports | | Options: | | | -h, --help | Show this message and exit | | Commands: | | | clear | System check status report clear / delete | | generate | Generate status-report | | list | System check status report list | ## suspect-protocol-activity | | | | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Additional Documentation |

Suspect Protocol Activity Detections (Feature Overview)

Suspect Protocol Activity Detections (Explained)

| | Usage | suspect-protocol-activity \[OPTIONS] COMMAND \[ARGS] | | Description | View information about suspect protocol activity (SPA) state | | Options: | | | -h, --help | Show this message and exit | | Commands: | | | disable | Disable SPA | | enable | Enable SPA | | status | View SPA status from paired devices | ## unset | | | | --------------- | ------------------------------------------------------ | | Usage | unset \[OPTIONS] COMMAND \[ARGS] | | Description | Unset commands group | | Options: | | | -h, --help | Show this message and exit | | Commands: | | | capture-network | Remove an existing CIDR block or list of CIDR blocks | | capture-vlan | Remove an existing VLAN from the capture configuration | | static | Remove an existing static ip address setting |