Jan-Dec 2024 Release Notes (RUX)

The Respond UX December release (2024.12) includes:

Launch of CDR for Azure

Vectra AI adds AI-powered detections that expose attacker behaviors targeting Microsoft Azure cloud services and Microsoft Copilot delivering much needed reinforcements for customers’ native tools:

• Detects attackers abusing Azure Cloud

• Identifies real attacks in real-time connecting the dots across Azure IaaS, Active Directory, Microsoft 365, Copilot and Microsoft Entra ID within a single pane of glass.

• Stops Azure compromise, enabling security teams to 1) identify security gaps for Azure Cloud, 2) easily access to relevant enriched Azure activity and resource logs, and 3) take decisive response actions to swiftly contain Microsoft Entra ID accounts involved in an attack

Dynamic Groups

Groups have been extended to support dynamic membership through the definition of a Regular Expression (RegEx) to describe the names of members to include. This delivers an enormous saving of operational effort in managing groups for triage or scoring. Group membership is evaluated at run-time, to ensure new entities are correctly categorized with no additional effort from you. This applies to groups for hosts or accounts.

The Respond UX November release (2024.11) includes:

Saved queries for Advanced Investigation

Streamlining the query management process within Respond UX’s Advanced Investigation experience through the ability to save and share queries.

Analysts will be able to create, save, update, and delete queries seamlessly reducing repetition and promoting reuse. Analysts will also be able to share saved queries with other analysts will foster collaboration and knowledge sharing within teams.

The Respond UX October release (2024.10) includes:

Switzerland region is enabled

We now support Respond UX deployments within Switzerland. This enables Swiss customers to host within their own borders if required. This new region supports all Vectra products.

Selective PCAPs is enabled for Respond UX network customers

With this release, we now fully support selective PCAPs for our Respond UX network customers. This feature enables you to leverage the Vectra sensor footprint to run a customized packet capture remotely – without having to get access to local infrastructure.

The Respond UX September release (2024.09) includes:

Vectra Match - Curated Ruleset

With this release, Vectra has introduced a downloadable link that allows users to retrieve the curated ruleset for Vectra Match. A new link will appear in the UI on the Vectra Match page for updated daily content, as well as consumable via API. Please see Vectra Match Curated Ruleset for more details.

The Respond UX July release (2024.07) includes:

Copilot for M365 Threat Surface Dashboard

This is a new dashboard in Respond UX for M365 focused on organization-wide Copilot usage. Use this dashboard to understand Copilot usage within your organization, and what files are being accessed by Copilot.

Integration Health endpoints added to V3 API

New API endpoint on the V3 Respond UX API to give visibility into integrations such as EDR, AD, etc enabling you to monitor these critical integrations over time.

The Respond UX June release (2024.06) includes:

Vectra Match now available in Instant and Advanced Investigations

With this release, Vectra Match is supported in Respond UX. Respond UX support brings all the WebUI and API support delivered in Quadrant UX and adds Instant and Advanced Investigation support for Match alerts. Please see the Match Deployment Guide for additional details.

User Management added to V3 API

New API endpoint on the V3 Respond UX API to manage standalone users within your Respond UX tenant. Use this API to provision or deprovision users automatically from your onboarding or offboarding playbooks.

The Respond UX May release (2024.05) includes:

AzureAD Account Automatic Lockdown

AzureAD Account Automatic Lockdown is designed to empower Vectra users with proactive defense mechanisms against threats. By enabling this feature, you can now configure two pivotal settings: Urgency Score and Entity Importance. This dual-configuration approach ensures that when an entity surpasses predefined thresholds of Urgency Score and Importance, it automatically enters a lockdown state for a set duration configured by the user. This period allows for thorough investigation, ensuring that potential threats are investigated and responded to effectively.

The Respond UX April release (2024.04) includes:

Network Threat Surface Dashboard

Initial release of a new Threat Surface dashboard for our Respond UX network customers. This dashboard unveils a wealth of information about your environment and exposes attack surface and compliance issues. Leverage this dashboard to explore legacy and deprecated protocol use within your environment, and ensure compliance with your established policies for areas such as SMBv1.

Detect for AWS – Support for S3 copyObject in CloudTrail logs

By default, CloudTrail populates S3 buckets by putObject events. Upon ingest Vectra was discarding events populated with the copyObject command. With this change, Vectra ingests events created using copyObject or putObject.

AzureAD and AD lockdown consolidation

For customers with options to lockdown both AzureAD and AD accounts (customers with network and Detect for AzureAD), we have harmonized the experience to give a better overall experience – integrating these two different capabilities and enabling greater visibility and selectivity for the action you want to perform. Choose to lock down either Azure AD or AD, or both, all from the same experience.

The Respond UX March release (2024.03) includes:

AD Account Automatic Lockdown AD Account Automatic Lockdown is designed to empower Vectra users with proactive defense mechanisms against threats. By enabling this feature, you can now configure two pivotal settings: Urgency Score and Entity Importance. This dual-configuration approach ensures that when an entity surpasses predefined thresholds of Urgency Score and Importance, it automatically enters a lockdown state for a set duration configured by the user. This period allows for thorough investigation, ensuring that potential threats are investigated and responded to effectively.

User Management improvements This enhancement gives Respond UX administrators the familiar look and feel of the user management interface offered on our Quadrant UX platform. Admins can now easily manage users and their roles, ensuring utmost accuracy when provisioning users and auditing system access.

Azure AD Suspicious Access from Cloud Provider

Vectra has introduced the ability to detect attackers who compromise an identity and accesses it from a public cloud provider, such as Amazon, Azure or GCP to attempt evade detection and hide their true location. The detection uses machine learning to identify whether a user normally accesses their account from the public cloud. Benign alerts may trigger when a user uses an application that routes through a public cloud or cloud hosted virtual machines. This new alert will prioritize an account when it occurs with other alerts in a similar manner to the Azure AD Suspicious Sign-On alert.