v9.11 Release Notes (QUX)
🛡️ Coverage
Rapid Release Improvements
The following improvements have been made to algorithms since the last software release cycle. Customers that are connected to Vectra’s update service with Remote Support enabled have received these improvements. All other customers will be receiving the following improvements as part of this release:
SASE Smash-and-Grab Exfiltration Detection: New coverage extends Smash-and-Grab exfiltration detection to SASE (Zscaler and Netskope) traffic.
XWorm C2 Detection: New coverage identifies encrypted check-in traffic patterns over TCP, improving detection of modern XWorm variants communicating with attacker infrastructure.
Beaconless C2 (Unknown + TLS): Behavioral models now detect long-lived, non-beaconing C2 sessions across both unknown and TLS protocols, including HTTPS and TLS-wrapped channels. This improves visibility into encrypted and interactive hands-on-keyboard activity while maintaining low detection noise.
Sliver & PoshC2 Enhancements: Updated coverage improves detection of evolving Sliver HTTP encoder variants and introduces new visibility into PoshC2 activity over HTTP and HTTPS, strengthening detection of PowerShell-based C2 frameworks.
⚙️ Architecture/Administration
Traffic Visibility Drop Alerting
Vectra AI is introducing new health notifications to alert significant drops in observed IPs, traffic bandwidth, and packet volume that may impact detection coverage. Using machine learning, these alerts adapt to each customer’s unique network patterns and identify meaningful deviations without relying on static thresholds. Alert notifications can be delivered via email, webhook integrations, API, or Syslog on QUX.
This enhancement provides earlier awareness of visibility gaps, helping security teams quickly identify and address potential blind spots. Availability begins in 9.11, with rollout planned in phases to ensure optimal signal quality and customer experience.
User Interface Update – Account Profile Placement
Vectra AI has updated the user interface to introduce a top bar to the site which stores in-app help and account menu in the top-right corner of the page. This centralized location provides quick access to user settings, theme preferences, and logout options, improving overall navigation and usability.
📎 Appendix
Match Customers: Curated Ruleset Update
Vectra has updated the Curated Ruleset to align with the latest ETPRO ruleset, which introduces new rule categories and enhanced detection capabilities based on Suricata 7.0.3.
What this means for you:
If you manage your ruleset within the Vectra UI: no action is required.
If you manage your ruleset externally and filter by category: please review your configuration to ensure compatibility with the updated categories. Additional details about the updated categories can be found in Suricata’s announcement.
If you do not filter by category, no action is needed.
Vectra launched the updated Curated Ruleset on April 30th, 2026.
S101 Platform End of Sale Notice
The S101 platform has reach its End of Sale milestone on Feb 13th, 2026. As part of this milestone, Vectra has been transitioning to the new S127 system.
While the S101 reached End of Sale on Feb 13th, 2026, we are going to continue to provide full platform support until Feb 13th 2031. This includes support for new software releases, Vectra Customer Support, and hardware warranty based upon warranty terms at time of purchase.
For more information about Vectra EOS/EOL, please see End of Sale/End of Life Policy Page.
Will this upgrade perform a reboot of the Brain or Sensors?
No, a reboot is not required as part of the 9.11 update.
Last updated
Was this helpful?