v9.7 Release Notes (QUX)

9.7 will have the following release schedule:

• Customers with Remote Support Enabled: Customers who have remote support enabled will receive the update starting today.

  • You can check if you have remote support enabled under Settings > General with Remote Support set to Enabled.

  • If you plan to enable or disable Remote Support in the near future, please reach out to Support to confirm if you will receive or skip the upgrade.

• Customers Connected to Updater: Assuming a smooth rollout, customers who do not have remote support enabled but are connected to Updater will receive updates on or after December 11th, 2025.

  • You can check if you are connected to Updater under Data Source > Brain-Setup > Proxy & Status and see that Updater Destination shows as connected, while Remote Support shows disabled.

• All Other Customers*: Assuming a smooth rollout, all customers will be able to download the update on or after December 11th, 2025.

  • *Note: This does not impact customers that have requested they be pinned to a specific release from support.

🛡️ Coverage

Rapid Release Improvements

The following improvements have been made to algorithms since the last software release cycle. Customers that are connected to Vectra’s update service with Remote Support enabled have received these improvements. All other customers will be receiving the following improvements as part of this release:

• Vectra AI has begun transitioning many Suricata-based detections—previously available only when Suspect Protocol Activity (SPA) was enabled—into native detections running directly on the Vectra flow engine. This upgrade allows all customers to benefit from broader activity coverage across multiple tools and behaviors without needing to enable the Suricata engine or rely on signature-based logic. This is the start of ongoing work that will deliver highly targeted detections with rapid turnaround and without requiring any additional features to be turned on. The first transitioned detections include coverage for malicious Cobalt Strike activity.

• Vectra AI has refined its Kali Repo Usage detection to improve accuracy and reduce false positives by tightening how Kali-related user agents are identified. This enhancement focuses the match criteria on true Kali Linux activity, ensuring higher-fidelity alerts and more reliable insights when investigating potential attacker tooling.

• Vectra AI has introduced new information-level detections for Remote Management and Monitoring (RMM) tools observed within customer environments. As RMM utilities are increasingly leveraged in cyberattacks, these alerts provide visibility into their usage without generating noise or affecting scoring. The notifications appear on individual Host pages—one per host session—while remaining hidden from the main Detections page unless filters are adjusted. This update gives customers clearer insight into potentially sensitive administrative activity while maintaining a low-impact alerting experience.

🔎 Clarity

Groups Based on Active Directory Membership on Quadrant UX

Seamlessly bring your existing AD groups into Vectra and keep them perfectly in sync—no more manual recreations or tedious upkeep. Bulk import eliminates repetitive admin work, so your teams can focus on threat hunting, not group management. By streamlining triage rules and reducing noise, you’ll act faster on the alerts that truly matter. This is efficiency and signal clarity, built right in. Visit Active Directory (AD) Groups for more information.

AI Scoring Prioritization Agent

The AI Prioritization Agent now detects when attackers deploy new systems - from rogue laptops to Raspberry Pis - and factors that into threat scoring.

It also learns from historical trends to flag key rare detect types across your environment, delivering faster, more accurate prioritization with less noise.

Customer may see a small number of host with updated scores. For more information watch this podcast:

⚙️ Architecture/Administration

HTTPS-Only Access for iDRAC and Embryo Status Page

As part of our ongoing commitment to platform security, version 9.7 disables port 80 (HTTP) access for both the iDRAC out-of-band management interface and the Embryo status page (used during pre-VHE decryption and provisioning).

With this update, these components are now accessible exclusively over HTTPS (port 443), eliminating the risk of unencrypted HTTP traffic. Customers will no longer see port 80 open on Vectra appliances, ensuring all communications are encrypted by default. This change requires no action from users and keeps all systems aligned with modern security best practices.

🐞 Bug Fixes

Please log in to https://support.vectra.ai/vectra/ and search "Quadrant UX Bug Fixes" to view the latest bug fixes.

📎 Appendix

B101 Platform End of Sale Notice

The B101 platform will reach its End of Sale milestone on Nov 25th, 2025. As part of this milestone, Vectra has been transitioning to the new B127 system.

While the B101 will be End of Sale on Nov 25th, 2025, we are going to continue to provide full platform support until Nov 25th, 2030. This includes support for new software releases, Vectra Customer Support, and hardware warranty based upon warranty terms at time of purchase.

For more information about Vectra EOS/EOL, please see the End of Sale/End of Life Policy Page.

Will this upgrade perform a reboot of the Brain or Sensors?

No, a reboot is not required as part of the 9.7 update.