# Operations - [Analyst Guidance](/operations/analyst-guidance.md): Analyst workflow guidance and quick links for investigations, testing, and reporting. - [New close workflow](/operations/analyst-guidance/new-close-workflow.md) - [Assignnment workflow FAQ (prior to New close workflow)](/operations/analyst-guidance/assignnment-workflow-faq-prior-to-new-close-workflow.md) - [Understanding Vectra AI detections](/operations/analyst-guidance/understanding-vectra-ai-detections.md): Description of Vectra's detection models. - [Monitoring honeypot (honeytoken) identities](/operations/analyst-guidance/monitoring-honeypot-honeytoken-identities.md) - [Triggering detections for testing purposes](/operations/analyst-guidance/triggering-detections-for-testing-purposes.md): This article shows some ways to trigger a Cyptocurrency Mining (like Bitcoin mining for example) or Brute-Force Detection to quickly see if your system is working properly. - [TCP reset does not stop modern attacks](/operations/analyst-guidance/tcp-reset-does-not-stop-modern-attacks.md) - [CDR (Detect) for AWS detection test guide](/operations/analyst-guidance/cdr-detect-for-aws-detection-test-guide.md) - [Recall best practices guide](/operations/analyst-guidance/recall-best-practices-guide.md): A guide to understand best practices & recommendations to get the most out of Recall in a fast and efficient way. - [Investigate Quick Start Guide (prior to SQL search)](/operations/analyst-guidance/investigate-quick-start-guide-prior-to-sql-search.md) - [Advanced search reference guide (QUX)](/operations/analyst-guidance/advanced-search-reference-guide-qux.md): This article provides guidance for using the Advanced Search feature that is part of Quadrant UX deployments. - [Recall custom models - how to create detections (QUX)](/operations/analyst-guidance/recall-custom-models-how-to-create-detections-qux.md) - [Crowdstrike EDR process correlation user guide](/operations/analyst-guidance/crowdstrike-edr-process-correlation-user-guide.md) - [Vectra self-detection events](/operations/analyst-guidance/vectra-self-detection-events.md): Explains expected Vectra cloud/update/metadata-sharing traffic and why it may trigger Hidden HTTPS Tunnel, Multi-home fronted tunnel, or Smash and Grab detections. - [Key asset treatment (QUX)](/operations/analyst-guidance/key-asset-treatment-qux.md) - [Updates](/operations/readme-1.md) - [Offline updates (v8.9+)](/operations/readme-1/offline-updates-v89.md) - [Offline updates (prior to v8.9)](/operations/readme-1/offline-updates-prior-to-v89.md): Offline Updates - [Troubleshooting updates](/operations/readme-1/troubleshooting-updates.md) - [Dashboards and Reports](/operations/dashboards-and-reports.md) - [Operational Overview report guidance](/operations/dashboards-and-reports/operational-overview-report-guidance.md) - [Executive Overview report guidance](/operations/dashboards-and-reports/executive-overview-report-guidance.md) - [Recall](/operations/dashboards-and-reports/recall.md) - [Recall certificate expiry dashboard](/operations/dashboards-and-reports/recall/recall-certificate-expiry-dashboard.md) - [Recall Netlogon exploit visibility dashboard](/operations/dashboards-and-reports/recall/recall-netlogon-exploit-visibility-dashboard.md) - [Recall host dashboard](/operations/dashboards-and-reports/recall/recall-host-dashboard.md) - [Detection Specific Guidance](/operations/detection-specific-guidance.md) - [Suspicious Remote Desktop](/operations/detection-specific-guidance/suspicious-remote-desktop.md) - [Hidden HTTPS Tunnel - detection showing proxy IP as target](/operations/detection-specific-guidance/hidden-https-tunnel-detection-showing-proxy-ip-as-target.md) - [Data Gathering - detected between Brain and Sensor](/operations/detection-specific-guidance/data-gathering-detected-between-brain-and-sensor.md): Vectra detected data gathering between the brain and the sensor, triggering an alert. - [Suspect Protocol Activity detection descriptions](/operations/detection-specific-guidance/suspect-protocol-activity-detection-descriptions.md): This page will explain the different Suspect Protocol Activity (SPA) detections which can appear in the platform and serves as one pager content for the SPA detections. - [Turla and Snake malware](/operations/detection-specific-guidance/turla-and-snake-malware.md): Vectra Notice: Turla and Snake Malware - [Suspicious Remote Execution](/operations/detection-specific-guidance/suspicious-remote-execution.md) - [Intel AMT (Active Management Technology) detections](/operations/detection-specific-guidance/intel-amt-active-management-technology-detections.md) - [Licensing](/operations/licensing.md) - [Vectra licensing metrics (all products)](/operations/licensing/vectra-licensing-metrics-all-products.md): This article explains what metric is used when licensing Vectra products. - [Backup / Restore / DR](/operations/backup-restore-dr.md) - [Backup and restore (v8.5+)](/operations/backup-restore-dr/backup-and-restore-v85.md) - [Introduction and changes](/operations/backup-restore-dr/backup-and-restore-v85/introduction-and-changes.md): Backup and Restore introduction and changes from earlier versions. - [Backup and restore FAQ](/operations/backup-restore-dr/backup-and-restore-v85/backup-and-restore-faq.md): Frequently asked questions about backup and restore. - [Migration from earlier versions](/operations/backup-restore-dr/backup-and-restore-v85/migration-from-earlier-versions.md): Guidance for customers migrating from earlier versions of backup and restore. - [Scheduling backups and running manual backups](/operations/backup-restore-dr/backup-and-restore-v85/scheduling-and-manual-backups.md): How to schedule backups and run backups manually. - [Configuring external targets](/operations/backup-restore-dr/backup-and-restore-v85/configuring-external-targets.md): How to configure external targets including SCP, SFTP, and S3. Brain to Brain backups. Rotating old backups. Testing, renaming, and removing external backup targets. - [Restoring backups](/operations/backup-restore-dr/backup-and-restore-v85/restoring-backups.md): Guidance for restoring backups and deleting older backup versions. - [Troubleshooting and additional commands](/operations/backup-restore-dr/backup-and-restore-v85/troubleshooting-and-additional-commands.md): Additional backup and restore related commands and troubleshooting advice. - [All commands (syntax examples)](/operations/backup-restore-dr/backup-and-restore-v85/all-commands-syntax-examples.md): Examples of all backup and restore related commands. - [Disaster recovery and migration (v8.5+)](/operations/backup-restore-dr/disaster-recovery-and-migration-v85.md) - [DR (Disaster Recover) process](/operations/backup-restore-dr/disaster-recovery-and-migration-v85/dr-disaster-recover-process.md) - [Migration process](/operations/backup-restore-dr/disaster-recovery-and-migration-v85/migration-process.md) - [Legacy details prior to v8.5](/operations/backup-restore-dr/legacy-details-prior-to-v8.5.md) - [Backup / Restore (prior to v8.5)](/operations/backup-restore-dr/legacy-details-prior-to-v8.5/backup-restore-prior-to-v85.md): This article provides guidance for restoring backups. - [Disaster recovery process (prior to v8.5)](/operations/backup-restore-dr/legacy-details-prior-to-v8.5/disaster-recovery-process-prior-to-v85.md): Cognito Disaster Recovery Process - [Migrating to new Brain (prior to v8.5)](/operations/backup-restore-dr/legacy-details-prior-to-v8.5/migrating-to-new-brain-prior-to-v85.md): Migrating to a new brain - [Investigate](/operations/investigate.md) - [AI-Assisted Search](/operations/investigate/ai-assisted-search.md) - [SQL search](/operations/investigate/sql-search.md): This is documentation for the Private Preview of SQL Search. Please contact your Vectra account team if you are interested in joining the private preview. - [Vectra AI Platform Investigate FAQ](/operations/investigate/vectra-ai-platform-investigate-faq.md) - [Investigate API user guide](/operations/investigate/investigate-api-user-guide.md): Using the RUX Investigate (Metadata) API Manually (e.g., with Postman) - [Investigate API metadata schema reference](/operations/investigate/investigate-api-metadata-schema-reference.md): Available Tables and Fields for RUX Investigate (Metadata) API Queries - [General](/operations/general.md) - [Attack Graph FAQ](/operations/general/attack-graph-faq.md): This article details the Attack Graph feature for entities in the Vectra UI. - [AI-Triage in Detail](/operations/general/ai-triage-in-detail.md) - [Suspect Protocol Activity detections (feature overview)](/operations/general/suspect-protocol-activity-detections-feature-overview.md) - [Using generic portal links (RUX)](/operations/general/using-generic-portal-links-rux.md)