# Operations - [Analyst Guidance](https://docs.vectra.ai/operations/analyst-guidance.md): Analyst workflow guidance and quick links for investigations, testing, and reporting. - [New close workflow](https://docs.vectra.ai/operations/analyst-guidance/new-close-workflow.md) - [Assignnment workflow FAQ (prior to New close workflow)](https://docs.vectra.ai/operations/analyst-guidance/assignnment-workflow-faq-prior-to-new-close-workflow.md) - [Understanding Vectra AI detections](https://docs.vectra.ai/operations/analyst-guidance/understanding-vectra-ai-detections.md): Description of Vectra's detection models. - [Monitoring honeypot (honeytoken) identities](https://docs.vectra.ai/operations/analyst-guidance/monitoring-honeypot-honeytoken-identities.md) - [Triggering detections for testing purposes](https://docs.vectra.ai/operations/analyst-guidance/triggering-detections-for-testing-purposes.md): This article shows some ways to trigger a Cyptocurrency Mining (like Bitcoin mining for example) or Brute-Force Detection to quickly see if your system is working properly. - [TCP reset does not stop modern attacks](https://docs.vectra.ai/operations/analyst-guidance/tcp-reset-does-not-stop-modern-attacks.md) - [CDR (Detect) for AWS detection test guide](https://docs.vectra.ai/operations/analyst-guidance/cdr-detect-for-aws-detection-test-guide.md) - [Recall best practices guide](https://docs.vectra.ai/operations/analyst-guidance/recall-best-practices-guide.md): A guide to understand best practices & recommendations to get the most out of Recall in a fast and efficient way. - [Investigate Quick Start Guide (prior to SQL search)](https://docs.vectra.ai/operations/analyst-guidance/investigate-quick-start-guide-prior-to-sql-search.md) - [Advanced search reference guide (QUX)](https://docs.vectra.ai/operations/analyst-guidance/advanced-search-reference-guide-qux.md): This article provides guidance for using the Advanced Search feature that is part of Quadrant UX deployments. - [Recall custom models - how to create detections (QUX)](https://docs.vectra.ai/operations/analyst-guidance/recall-custom-models-how-to-create-detections-qux.md) - [Crowdstrike EDR process correlation user guide](https://docs.vectra.ai/operations/analyst-guidance/crowdstrike-edr-process-correlation-user-guide.md) - [Vectra self-detection events](https://docs.vectra.ai/operations/analyst-guidance/vectra-self-detection-events.md): Explains expected Vectra cloud/update/metadata-sharing traffic and why it may trigger Hidden HTTPS Tunnel, Multi-home fronted tunnel, or Smash and Grab detections. - [Key asset treatment (QUX)](https://docs.vectra.ai/operations/analyst-guidance/key-asset-treatment-qux.md) - [Exposure Findings - best practices guide](https://docs.vectra.ai/operations/analyst-guidance/exposure-findings-best-practices-guide.md): Best practices guide for Exposure Findings which help you identify, prioritize, and reduce your attack surface by highlighting exposed assets, risky communications and potential attacker entry points. - [Asset Inventory getting started (private preview)](https://docs.vectra.ai/operations/analyst-guidance/asset-inventory-getting-started-private-preview.md): Getting Started with Asset Inventory: Understanding What's On Your Network - Private Preview - [Updates](https://docs.vectra.ai/operations/readme-1.md) - [Offline updates (v8.9+)](https://docs.vectra.ai/operations/readme-1/offline-updates-v89.md) - [Offline updates (prior to v8.9)](https://docs.vectra.ai/operations/readme-1/offline-updates-prior-to-v89.md): Offline Updates - [Troubleshooting updates](https://docs.vectra.ai/operations/readme-1/troubleshooting-updates.md) - [Dashboards and Reports](https://docs.vectra.ai/operations/dashboards-and-reports.md) - [Operational Overview report guidance](https://docs.vectra.ai/operations/dashboards-and-reports/operational-overview-report-guidance.md) - [Executive Overview report guidance](https://docs.vectra.ai/operations/dashboards-and-reports/executive-overview-report-guidance.md) - [Recall](https://docs.vectra.ai/operations/dashboards-and-reports/recall.md) - [Recall certificate expiry dashboard](https://docs.vectra.ai/operations/dashboards-and-reports/recall/recall-certificate-expiry-dashboard.md) - [Recall Netlogon exploit visibility dashboard](https://docs.vectra.ai/operations/dashboards-and-reports/recall/recall-netlogon-exploit-visibility-dashboard.md) - [Recall host dashboard](https://docs.vectra.ai/operations/dashboards-and-reports/recall/recall-host-dashboard.md) - [Detection specific guidance](https://docs.vectra.ai/operations/detection-specific-guidance.md) - [Suspicious Remote Desktop](https://docs.vectra.ai/operations/detection-specific-guidance/suspicious-remote-desktop.md) - [Hidden HTTPS Tunnel - detection showing proxy IP as target](https://docs.vectra.ai/operations/detection-specific-guidance/hidden-https-tunnel-detection-showing-proxy-ip-as-target.md) - [Data Gathering - detected between Brain and Sensor](https://docs.vectra.ai/operations/detection-specific-guidance/data-gathering-detected-between-brain-and-sensor.md): Vectra detected data gathering between the brain and the sensor, triggering an alert. - [Suspect Protocol Activity detection descriptions](https://docs.vectra.ai/operations/detection-specific-guidance/suspect-protocol-activity-detection-descriptions.md): This page will explain the different Suspect Protocol Activity (SPA) detections which can appear in the platform and serves as one pager content for the SPA detections. - [Turla and Snake malware](https://docs.vectra.ai/operations/detection-specific-guidance/turla-and-snake-malware.md): Vectra Notice: Turla and Snake Malware - [Suspicious Remote Execution](https://docs.vectra.ai/operations/detection-specific-guidance/suspicious-remote-execution.md) - [Intel AMT (Active Management Technology) detections](https://docs.vectra.ai/operations/detection-specific-guidance/intel-amt-active-management-technology-detections.md) - [Licensing](https://docs.vectra.ai/operations/licensing.md) - [Vectra licensing metrics (all products)](https://docs.vectra.ai/operations/licensing/vectra-licensing-metrics-all-products.md): This article explains what metric is used when licensing Vectra products. - [Backup / Restore / DR](https://docs.vectra.ai/operations/backup-restore-dr.md) - [Backup and restore (v8.5+)](https://docs.vectra.ai/operations/backup-restore-dr/backup-and-restore-v85.md) - [Introduction and changes](https://docs.vectra.ai/operations/backup-restore-dr/backup-and-restore-v85/introduction-and-changes.md): Backup and Restore introduction and changes from earlier versions. - [Backup and restore FAQ](https://docs.vectra.ai/operations/backup-restore-dr/backup-and-restore-v85/backup-and-restore-faq.md): Frequently asked questions about backup and restore. - [Migration from earlier versions](https://docs.vectra.ai/operations/backup-restore-dr/backup-and-restore-v85/migration-from-earlier-versions.md): Guidance for customers migrating from earlier versions of backup and restore. - [Scheduling backups and running manual backups](https://docs.vectra.ai/operations/backup-restore-dr/backup-and-restore-v85/scheduling-and-manual-backups.md): How to schedule backups and run backups manually. - [Configuring external targets](https://docs.vectra.ai/operations/backup-restore-dr/backup-and-restore-v85/configuring-external-targets.md): How to configure external targets including SCP, SFTP, and S3. Brain to Brain backups. Rotating old backups. Testing, renaming, and removing external backup targets. - [Restoring backups](https://docs.vectra.ai/operations/backup-restore-dr/backup-and-restore-v85/restoring-backups.md): Guidance for restoring backups and deleting older backup versions. - [Troubleshooting and additional commands](https://docs.vectra.ai/operations/backup-restore-dr/backup-and-restore-v85/troubleshooting-and-additional-commands.md): Additional backup and restore related commands and troubleshooting advice. - [All commands (syntax examples)](https://docs.vectra.ai/operations/backup-restore-dr/backup-and-restore-v85/all-commands-syntax-examples.md): Examples of all backup and restore related commands. - [Disaster recovery and migration (v8.5+)](https://docs.vectra.ai/operations/backup-restore-dr/disaster-recovery-and-migration-v85.md) - [DR (Disaster Recover) process](https://docs.vectra.ai/operations/backup-restore-dr/disaster-recovery-and-migration-v85/dr-disaster-recover-process.md) - [Migration process](https://docs.vectra.ai/operations/backup-restore-dr/disaster-recovery-and-migration-v85/migration-process.md) - [Legacy details prior to v8.5](https://docs.vectra.ai/operations/backup-restore-dr/legacy-details-prior-to-v8.5.md) - [Backup / Restore (prior to v8.5)](https://docs.vectra.ai/operations/backup-restore-dr/legacy-details-prior-to-v8.5/backup-restore-prior-to-v85.md): This article provides guidance for restoring backups. - [Disaster recovery process (prior to v8.5)](https://docs.vectra.ai/operations/backup-restore-dr/legacy-details-prior-to-v8.5/disaster-recovery-process-prior-to-v85.md): Cognito Disaster Recovery Process - [Migrating to new Brain (prior to v8.5)](https://docs.vectra.ai/operations/backup-restore-dr/legacy-details-prior-to-v8.5/migrating-to-new-brain-prior-to-v85.md): Migrating to a new brain - [Investigate](https://docs.vectra.ai/operations/investigate.md) - [AI-Assisted Search](https://docs.vectra.ai/operations/investigate/ai-assisted-search.md) - [SQL search](https://docs.vectra.ai/operations/investigate/sql-search.md): This is documentation for the Private Preview of SQL Search. Please contact your Vectra account team if you are interested in joining the private preview. - [Vectra AI Platform Investigate FAQ](https://docs.vectra.ai/operations/investigate/vectra-ai-platform-investigate-faq.md) - [Investigate API user guide](https://docs.vectra.ai/operations/investigate/investigate-api-user-guide.md): Using the RUX Investigate (Metadata) API Manually (e.g., with Postman) - [Investigate API metadata schema reference](https://docs.vectra.ai/operations/investigate/investigate-api-metadata-schema-reference.md): Available Tables and Fields for RUX Investigate (Metadata) API Queries - [General](https://docs.vectra.ai/operations/general.md) - [Attack Graph FAQ](https://docs.vectra.ai/operations/general/attack-graph-faq.md): This article details the Attack Graph feature for entities in the Vectra UI. - [AI-Triage in Detail](https://docs.vectra.ai/operations/general/ai-triage-in-detail.md) - [Suspect Protocol Activity detections (feature overview)](https://docs.vectra.ai/operations/general/suspect-protocol-activity-detections-feature-overview.md) - [Using generic portal links (RUX)](https://docs.vectra.ai/operations/general/using-generic-portal-links-rux.md): Generic Portal Links take you to specific pages in your RUX UI after inputting your RUX URL or tenant ID. You might find these links in Docs, KBs, blogs, or training materials. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vectra.ai/operations.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.