v9.6 Release Notes (QUX)

9.6 will have the following release schedule:

• Customers with Remote Support Enabled: Customers who have remote support enabled will receive the update starting today.

  • You can check if you have remote support enabled under Settings > General with Remote Support set to Enabled.

  • If you plan to enable or disable Remote Support in the near future, please reach out to Support to confirm if you will receive or skip the upgrade.

• Customers Connected to Updater: Assuming a smooth rollout, customers who do not have remote support enabled but are connected to Updater will receive updates on or after November 6th, 2025.

  • You can check if you are connected to Updater under Data Source > Brain-Setup > Proxy & Status and see that Updater Destination shows as connected, while Remote Support shows disabled.

• All Other Customers*: Assuming a smooth rollout, all customers will be able to download the update on or after November 6th, 2025.

  • *Note: This does not impact customers that have requested they be pinned to a specific release from support.

Platform

Netskope SASE Integration in Public Preview

As users and applications move beyond the corporate perimeter, defenders lose visibility into critical traffic flowing directly to the cloud. This creates blind spots where advanced command-and-control (C2) and data exfiltration can hide—leaving organizations exposed.

Vectra AI’s new integration with Netskope CloudTAP closes this gap. By receiving GENEVE traffic from the Netskope Stitcher, Vectra delivers the same deep threat detection and metadata visibility for remote and cloud-based users as it does on-prem—eliminating blind spots across modern SASE environments.

Please contact your Vectra account team if you are interested in enabling Vectra’s Netskope integration. See Netskope SASE Integration and Optimization for implementation details.

Introduction of the Vectra Virtual Brain for Nutanix

Vectra now offers a fully virtualized Brain appliance for Nutanix environments. Available with 10 Gbps throughput, this virtual Brain provides the same advanced capabilities as physical appliances—optimized for scalability, rapid deployment, and operational efficiency. For detailed specifications and supported configurations, refer to the Appliance and Sensor Specifications guide. See the Nutanix Deployment Guide for deployment instructions.

JA4T/JA4TS Fingerprints: Recall and Stream

Vectra AI now includes JA4T (TCP Client) and JA4TS (TCP Server) fingerprints in metadata—bringing next-gen fingerprinting to encrypted traffic analysis. This powerful framework reduces collisions, links related sessions, and makes it easier to spot attacker infrastructure hiding behind common protocols. Analysts get clearer, faster insights with less noise and better context across detections. JA4T/JA4TS fingerprints are now supported in Stream, and Recall, with JA4T/JA4TS being added to Advanced Investigate (RUX) later this year. Read more about the new attributes here.

Attack Graph: Focused View

Introducing Focused View, a new way to cut through the noise in complex attack graphs. Instead of overwhelming analysts with every node and edge, Focused View filters out low-priority detections and surfaces only the most critical links and progression paths. The result: less clutter, less confusion, and a clear perspective on how an attack unfolded. With clarity instead of clutter, security teams can accelerate investigations while still toggling to the full graph when needed. Visit Attack Graph FAQ for more information on Attack Graph.

Enhanced Security: HTTPS-Only Access to Vectra UI

To strengthen platform security, the Vectra UI now blocks external access over port 80 (HTTP) instead of automatically redirecting to port 443 (HTTPS) as it did previously. With this update, the Vectra UI will now be accessible exclusively via HTTPS, further strengthening platform security and ensuring all connections are encrypted by default. This update only applies to the Vectra Brain and requires no action from users and keeps your environment aligned with modern security best practices.

Detections

Rapid Release Improvements

The following improvements have been made to algorithms since the last software release cycle. Customers that are connected to Vectra’s update service with Remote Support enabled have received these improvements. All other customers will be receiving the following improvements as part of this release:

• Vectra AI now detects LDAP queries targeting Active Directory accounts that lack Kerberos pre-authentication — a common step in AS-REP roasting attacks. This enhancement delivers earlier visibility into credential reconnaissance, helping security teams stop attackers before credential abuse begins

• Vectra AI has updated the description of its RDP brute-force and password-spray detection to better align with its detection behavior. While the underlying logic remains unchanged, the revised description clarifies how password-spray activity is represented in the UI, helping analysts interpret alerts with greater precision.

• Vectra AI has improved LDAP analytics to identify reconnaissance of AD users with servicePrincipalNames (SPNs) — a precursor to Kerberoasting. This update provides faster detection of credential-targeted attacks, giving customers deeper visibility into stealthy Active Directory threats

🐞 Bug Fixes

Please log in to https://support.vectra.ai/vectra/ and search "Quadrant UX Bug Fixes" to view the latest bug fixes.

📎 Appendix

Will this upgrade perform a reboot of the Brain or Sensors?

No, a reboot is not required as part of the 9.6 update.