Monitoring appliance health

System Health Section in the Vectra UI

• It is available under: Vectra UI -> Discover -> System Health.

The information displayed in this section includes:

• Data Source Connectors & Sensors

  • Shows all sensors, grouped by status (Not Forwarding, Forwarding, Not Paired)

• External Connectors & EDRs

  • Show the status of External connectors and EDRs enabled on the appliance.

• System Info

  • Displays health information about the hardware and system.

• Deployments

  • Shows health, license, connectivity, etc for the various products in your deployment.

This screen auto-refresh itself every 5 minutes. Most of the alerts reported here can be fixed from your side (for instance, by adjusting the credentials or firewall rules etc.). The only exception to this are hardware issues, which may require a device replacement. Such hardware issues, however, are too important to neglect so please contact our support team.

System Health Report Obtained from Vectra CLI

Additional system health information is available from the Vectra CLI by connecting to the device using SSH as the vectra user. Once connected, you could run the below command to get the health details. For details around connecting to the CLI of your appliance, see: Console access on Vectra appliances.

Example:

Example with Verbose Output:

Please note that depending on the type of system (i.e. Brain vs Sensor) the specific checks output may not match exactly what you see in the example.

This command prints out the health checks that have failed (or information about all of the health checks if the "-v" parameter is added) and exposes some of the internals of the device and checks performed. Many of the alerts surface this way cannot be fixed without intervention from Vectra Support. Vectra Support may ask you to run this report as part of a support interaction to gain additional information. The specific checks may vary depending on the model of appliance (physical, virtual, etc) and can change over time as Vectra continues to develop or expose new checks.

As of v8.9 there are new disk space checks that will warn if disk space is from 80-90% full and fail if disk space is 90% or more full:

As of version 8.8 of Vectra software, system-health can be checked for paired Sensors or Stream appliances from the Brain CLI. Previously, this was only able to be run at the CLI of each individual appliance.

Showing "Sensors" Example (includes any Stream appliance)

Attempting to Show System Health for an Appliance that isn't Paired:

Showing System Health from a Paired Sensor:

Querying health information using REST API

You can also extract system health information programmatically using RUX or QUX APIs. There is an endpoint exposed in both to gather system health information.

Vectra provides separate APIs for use with Respond UX or Quadrant UX deployments. The Respond UX offers a unified view with AI-driven Prioritization and a single urgency score for all entities (hosts, accounts, etc) across all data sources (network, public cloud, SaaS, etc). The Quadrant UX is the classic experience that existing Vectra NDR (formerly Detect for Network) customers are familiar with. It offers separate threat and certainty scores with separate host and account prioritization.

• Respond UX

  • Vectra Platform API Quickstart Tutorial

  • Vectra Platform API Guide v3.3

  • Vectra Platform API Public Postman Collection

• Quadrant UX

  • How to query Vectra REST API using Postman platform

  • REST API Guide v2.5

  • Vectra v2.5 Public Postman Collection

See Vectra Analyst User Experiences (Respond vs Quadrant) if you are unsure of which UX you are using.

System alerts

You may also utilize system alerts to be notified of the system health state change and be informed of issues with the device.

Proactive monitoring

Vectra provides additional monitoring for the appliances as part of Proactive Monitoring. When the firewall requirements rules allow communication with Vectra, additional health information is reported to Vectra as part of the telemetry. The information retrieved is then reviewed to confirm the impact and scope of the issue, as some of the health check failures do not immediately indicate any issue and even those causing an issue can sometimes be fixed by Vectra without your intervention.

In case of any concerns, Vectra Support will get in touch with additional information and recommendations, in effort to resolve the problem.