Introduction and overview
Introduction and overview of the Vectra AI platform for Respond UX (RUX) deployments, appliance modes and basic requirements when adding network Sensors to your overall deployment.
Introduction
This guide is intended to help customers or partners get started with a deployment of Vectra’s Respond User Experience (Respond UX). The User Interface (UI) for the Respond UX is served from Vectra’s cloud as part of the overall Vectra AI Platform.
For users working with Vectra’s Quadrant UX (QUX), the UI is served locally from Vectra Brain appliance wherever it was installed in your environment. Please refer to the Vectra Quadrant UX Deployment Guide if you are planning a QUX deployment. If you are unsure of your deployment type, please see analyst UX options.
If you are migrating to the Respond UX from the Quadrant UX, please also see the migration guide that is attached to the Why upgrade to RUX and how to migrate to it article. In addition to general migration guidance, additional firewall rules will be required to allow upload of configuration data needed during migration. Those rules are detailed in that guide.
This guide will include an overview of the platform including components and Vectra terminology. It will cover requirements, deployment, basic initial configuration, and recommended next steps.
This guide is meant to be used in conjunction with related guides in the deployment area of the overall documentation site. Here you will find guides that are relevant for deploying NDR physical, virtual, and cloud Sensors, other Vectra SaaS products such as CDR for AWS and Azure and Azure AD, IDR for M365, Match, and Stream.
Vectra AI Platform Overview
A Respond UX deployment typically includes several components of the overall Vectra AI Platform:
User interface (delivered as SaaS from Vectra’s cloud).
Data sources such as Network (campus, data center, and IaaS clouds), Public cloud, SaaS, and Identity.
For deployments with network sensors, please see the Vectra NDR (Detect) and Network Identity Architecture Overview for more details.
The above conceptual diagram shows the components of the Vectra AI Platform.
Admins and analysts can access the Respond UX from anywhere.
For customers choosing to deploy without network data sources, there is no requirement to deploy a Brain appliance (physical or virtual) in your premises.
All functionality can be delivered as SaaS using connections setup to collect log data from your various non-network data sources.
When capturing network metadata as part of your Respond UX deployment, a Brain appliance (physical or virtual) will be installed in your premises (campus, datacenter, or IaaS cloud) and linked to Vectra.
The Brain’s graphical user interface (GUI) is served from Vectra’s cloud.
The Respond UX communicates with your Brain over a websocket connection.
Physical or Virtual Sensors will be deployed and paired with your Brain to capture network metadata across hybrid environments.
Vectra supports IaaS public clouds, datacenters, remote workers, and campuses.
AI detection algorithms process data locally in your Brain and post Detections and associated metadata to Vectra’s cloud for further processing and investigation with the Respond UX.
The Brain will also act as a conduit for services needing to be accessed on your local premises.
AD, vCenter, Stream metadata output to your data lake, etc.
Appliance Modes
This section only applies when you are using network data sources (network Sensors) with your RUX deployment. Appliances are not used when the data sources are all cloud based (such as CDR for M365, IDR for Azure AD, CDR for Azure, CDR for AWS, etc).
The 3 modes are Brain, Sensor, and Mixed. S-series appliances and virtual Sensors function only as Sensors. B-series appliances and virtual Brains function only as Brains. X-series appliances can be configured as Brains or Sensors. The X29 appliance can also function in mixed mode.
Brain Mode
The Brain serves as the communications broker between Vectra’s cloud and any local integration points.
The Brain pairs with Sensors (network data sources) and processes / deduplicates and optionally forwards the metadata received from Sensors (when licensed for Stream).
Sensor Mode
Must be paired to a Brain.
Captures / deduplicates raw network traffic.
Forwards metadata to the Brain.
Houses rolling capture buffer to enable PCAP retrieval when requested from the Brain.
Mixed Mode
Performs both Brain and Sensor functions.
Requirements for Network Data Sources
The following are general requirements for a deployment of the Vectra Respond UX that utilizes network data sources:
A Brain appliance and at least one Sensor to provide network metadata to the Brain for analysis.
A mixed mode Brain can serve as both the Brain and Sensor for smaller environments.
A login to the Vectra’s cloud to access the Respond UX.
The Brain appliance will be connected to the Vectra cloud during the overall deployment process and the UI (Respond UX) will also be served from Vectra's cloud. There will be no local UI served from the Brain.
Your initial login will need to be secured by MFA (Multi-Factor Authentication). Please see Initial login - protecting your MFA secret key (RUX) for details on how to back up your secret key while performing your initial login.
Last updated
Was this helpful?