Recommended next steps
Actions recommend to complete after your initial RUX deployment including backup, configuring other integrations and products, and some best practices.
Backing up your Brain
As briefly mention before, the Brain appliance should be backed up by the customer. Care should be taken to ensure backup to a Windows server, SFTP/SCP, or AWS S3 bucket. Storing backups only locally on your Brain appliance is not recommended.
Please see the following Vectra support portal articles for more details:
Recommended Next Steps
Vectra offers a variety of deployment services, consulting, or full MDR options for customers that need more help or expert analyst assistance. Please work with your Vectra account team for additional details.
This guide covered initial configuration of basic settings. Some recommended next steps are:
Work on traffic engineering and getting traffic flowing to your Sensors or mixed mode Brain.
Integrations that help with HostID or add context such as:
vCenter integration if you have a VMware environment
Integrations to enable taking action.
Entra ID (Azure AD) Account Lockdown works with and Azure AD data source.
Enabling Stream.
Setting up SSO using SAML if you have not already done so.
Building groups and triage rules to suppress unwanted detections for authorized behaviors.
Best Practices
Change default passwords for the 'admin' (GUI) and
vectra(CLI and IPMI/iDRAC) users to strong versions.See ssh login process for CLI for details on accessing the CLI of your Brain appliance.
Passwords must be between 8 and 128 characters and contain at least: 1 number, both lowercase and uppercase letters, and 1 symbol (e.g. ~!@#$%^&*,.?-_+=).
Limit exposure to admin interfaces through firewall rules that permit communication only from appropriate nodes/networks (including Vectra required endpoints as well).
IPMI / iDRAC interfaces should be on their own isolated networks when possible.
See IPMI / iDRAC configuration for more details.
Last updated
Was this helpful?