search

Investigate Quick Start Guide (prior to SQL search)

For additional information about Vectra's Investigation features (Advanced Investigation and Instant Investigation), please see the Vectra AI Platform Investigation FAQ .

Contains

  • What is Vectra Investigate?

  • Before you begin

  • How to create and run a query

  • How to add or remove filters

  • How to modify the query's search period

  • How to add/remove and re-order columns in the results

  • How to run a query from Instant Investigation

  • Query Examples

    • Investigating an Azure AD attack with Powershell

    • Investigating a Microsoft 365 attack with Power Automate

    • All activity around a specific AWS EC2 instance

    • AWS activity performed with an assumed role

    • AWS activity performed with an assumed role on a different region

  • Troubleshooting

  • "Search could not be completed" or "Search timed out"

  • "Search could not be completed" (with error id)

  • "Something went wrong"

  • Related articles

Attachments

file-pdf
2MB
Vectra AI Platform Investigate Quickstart Guide 1.5.pdf
PDF
arrow-up-right-from-squareOpen
PreviousRecall best practices guideNextAdvanced search reference guide (QUX)

Last updated

Was this helpful?