Vectra AI prioritization and scoring factors

What is AI-driven Prioritization?

AI-driven Prioritization is an enhanced scoring algorithm that highlights the most critical threat in a customer's environment in a clear list of actionable entities that have been prioritized with a single Urgency score.

Does this fully replace Vectra's Threat and Certainty based scoring?

For users of Vectra's Respond UX, AI-driven Prioritization replaces previous Threat and Certainly based scoring. API clients can retrieve scoring based on the older Threat and Certainty based model or use the newer AI-driven Prioritization that offers a single Urgency score.

How can I access AI-driven Prioritization?

• AI-driven Prioritization is available for users of Vectra's Respond UX.

• If you are using Vectra's Quadrant UX, AI-driven Prioritization is not available.

• If you are uncertain of which UX you are using, please see Vectra Analyst User Experiences (Respond vs Quadrant).

Why did Vectra change scoring models?

In the previous model, Host and Account entity scoring was tracked in separate dashboards.

Moving to AI-driven Prioritization is the groundwork for a unified view of all entities scored by Vectra.

• Vectra's Respond UX supports both host and account entities today.

• This new scoring model is extensible to incorporate additional attack signal sources in the future.

AI-driven Prioritization provides a simpler mechanism for customers to understand which entities need attention at any given moment.

• It provides laser like focus on what is important.

• It removes ambiguity by providing a binary prioritized or not status that cannot be misinterpreted.

The new scoring model takes into account additional factors based on Vectra's careful combination of Data Science and Security Research.

• Some additional scoring factors are calculated automatically by Vectra based on the environment that it is observing.

• It also allows customers to influence entity context that is weighted in the model.

Customers can now choose to modify the default Urgency score that determines which entities are prioritized.

• Customers may wish to do this based on how sensitive they wish the threshold to be in their environment.

Will AI-driven Prioritization impact API driven integrations that I've already completed using the prior scoring model?

No, the older Threat and Certainty based scoring model will still be available via Vectra's API so any existing integration will still function as designed today. Customer's may wish to update their integrations to benefit from the enhancements introduced with AI-driven Prioritization. At this time, there is no EOL scheduled for the Threat and Certainty based scoring model being available via API.

How does AI Prioritization and Scoring Factors Work

Vectra AI Prioritization scores and ranks hosts and accounts based on attacker behavior, attack progression, severity, velocity, breadth, rarity, and entity importance so analysts can focus on the entities that need attention first.

Rather than treating each detection as an isolated event, Vectra AI correlates related behaviors into an attack story and applies environmental context to help determine urgency. This gives analysts a prioritized view of entities, along with scoring factors that explain why an entity was elevated.

Scoring factors explain the conditions that influenced prioritization. New factors may be added, and the way factors influence scores may be updated, as attack trends shift.

Scoring factor details

Attack Profile: Identifies the likely attack pattern behind related behaviors, such as ransomware, external adversary activity, insider activity, or discovery.

New Entity: Indicates that suspicious behavior involves a newly observed host, account, or entity.

Multi-Entity: Indicates that related activity spans multiple hosts, accounts, or entities.

Importance: Reflects the business or security importance of the entity, including privilege, asset role, or customer-defined importance.

Volume: Reflects the amount of relevant activity associated with the entity.

Detection Rarity: Indicates that one or more detections are uncommon in the customer environment.

Detection Severity: Indicates that one or more detections represent behavior with higher potential security impact.

Velocity: Reflects how quickly related behaviors are occurring over time.

Breadth: Reflects how widely the activity spans techniques, detection categories, or stages of attack.

How to interpret scoring factors

Scoring factors help explain why an entity was prioritized, but they should be reviewed together with the entity timeline, detections, attack profile, observed behaviors, and local business context.

A scoring factor does not mean that a single condition caused the score by itself. Vectra AI Prioritization evaluates multiple signals together, including behavioral evidence, attack progression, velocity, severity, rarity, breadth, and entity importance. The entity score reflects the combined context of the activity.

How do I turn on or off AI-driven Prioritization?

There is no ability to turn on or off AI-driven Prioritization.

Do I need a new license to use AI-driven Prioritization?

No, this is a standard feature of the Vectra's Respond UX that is available with any license to use the platform.