Aug 2025 Release Notes (RUX)

Stronger Context with New Attack Graph Upgrades

Vectra AI has enhanced the Attack Graph with two powerful new capabilities. First, analysts can now see detections directly targeting the entity they’re investigating, making it easier to answer the question: “How did this entity get compromised?” This helps quickly pinpoint “patient zero” even in complex lateral movement scenarios. Second, the Attack Graph now visualizes the blast radius of command-and-control (C2) channels, automatically expanding to show all entities tied to the same malicious domain or IP. Together, these upgrades accelerate investigations, reveal hidden links, and give teams complete context to stop attacks faster.

Accelerate Investigations with Five Minute Hunts

We’re excited to share that Five Minute Hunts are now live in Advanced Investigations. These guided hunts surface meaningful insights in metadata without requiring customers to master SQL or specialized terminology. Security teams can quickly uncover attacker patterns, demonstrate proactive “peace-time” value, and boost efficiency with just a few clicks. Behind the scenes, the feature is powered by our flexible content delivery framework—complete with adaptive layouts, smooth animations, and engaging visuals for a seamless analyst experience.

External App Alerts (Webhook Notifications)

With External App Alerts, Vectra AI delivers instant notifications to your team’s collaboration tools when critical security events occur, such as high-priority hosts or accounts and key system alerts. No more screen-watching or delayed responses — you get real-time intel that drives faster action. Available now with direct Microsoft Teams integration and Slack support coming soon. See External App Alerts for implementation details.

JA4+ Fingerprints

Vectra AI now includes JA4, JA4S, JA4L, JA4X, and JA4H fingerprints in metadata—bringing next-gen fingerprinting to encrypted traffic analysis. This powerful framework reduces collisions, links related sessions, and makes it easier to spot attacker infrastructure hiding behind common protocols. Analysts get clearer, faster insights with less noise and better context across detections. JA4+ is supported in Investigate (RUX), Stream, and Recall. Read more about the new attributes here.

Simpler Investigations with Human-Readable Azure CDR Data

Vectra AI has made Azure CDR easier to use by replacing confusing UUIDs with clear, human-readable names. Account names in the REST API now reflect recognizable Entra IDs, while detection activity surfaces intuitive object and application names. Analysts no longer need to decode raw IDs—making triage faster, investigations smoother, and dashboards more actionable.