Jun 2025 Release Notes (RUX)

The Respond UX June release (2025.06) includes:

AI-Triage Now Auto-Resolves More Benign Threats

Vectra AI’s proprietary agentic AI just got smarter. Our upgraded AI-Triage algorithm now automatically investigates and resolves 50% of benign C&C and 25% of benign Recon detections—dramatically reducing benign events. It leverages both local patterns and global insights to deliver the clearest signal yet.  For more details on AI-Triage, see the AI-Triage KB and our recent update video.

New Detection Suite: AWS Bedrock Detections

Vectra AI has introduced four new detections to surface suspicious behaviors surrounding the use of AWS Bedrock, a fully managed service offered by AWS that simplifies building and deploying generative AI applications.

• AWS Bedrock Logging Configuration Disabled: This detection highlights instances where a principal was observed disabling prompt logging for AWS Bedrock at the regional level. Disabling prompt logging stops the capture of all prompt and response activity across AWS Bedrock models and may indicate an attempt to impair defenses or hide malicious usage.

• AWS Bedrock Novel Model Enabled: This detection identifies suspicious activity related to the enablement of an AWS Bedrock Model by an identity that has no prior history of performing such actions. It flags potential unauthorized access to generative AI services that may be security-sensitive and associated with high-cost.

• AWS Suspicious Bedrock Activity: This detection identifies suspicious activity related to the enablement and invocation of an AWS Bedrock Model by an identity that have no prior history of performing such actions. The combination of enablement followed by invocation of a model suggests an attacker is both testing and using the model, generating responses at the victim’s expense.

• AWS Bedrock Novel Enabled: It detects every instance when an AWS Bedrock foundational model is enabled, as this action is uncommon and may have cost or security implications. This is an informational detection and does not contribute to scoring or prioritization of the entity. It is meant to be a security relevant insight and may not be deemed immediately suspicious.

New Detection Suite: AWS S3

Vectra AI has introduced three new detections to surface suspicious behaviors surrounding the use of AWS S3 in the impact and exfil stages of the cloud kill chain:

• AWS Suspicious S3 Batch Deletion: This detection surfaces behaviors associated with large-scale downloads and deletions associated with multiple files. This behavior may indicate the destructive manipulation phase of ransomware activity in the environment.

• AWS Suspicious S3 Object Deletion: Like the new S3 Batch Deletion detection, this detection highlights behaviors where individual objects were downloaded and then deleted from a S3 bucket in a way that may indicate the destructive manipulation phase of ransomware activity in the environment.

• AWS Suspicious S3 Encryption: This detection highlights unusual encryption activities that could indicate a ransomware encryption phase in progress. It is designed to surface encryption of many S3 objects using either an external KMS key (SSE-KMS) or a client-controlled key (SSE-C).

Seamless Azure CDR Enablement

Vectra AI has streamlined Azure CDR enablement with a new Redirector Service fix. Customers can now seamlessly deploy Azure CDR without VPN or IP restrictions blocking the setup. This removes friction in onboarding cloud telemetry, ensuring faster time-to-value and immediate visibility into Azure threats. Security teams get quicker coverage with less hassle.

Vectra Match Integrated Ruleset Management

Vectra Match now makes it easier to detect known Indicators of Compromise (IOCs) with Suricata-compatible signatures—no external tools required. As of 9.3, you can manage, modify, enable, or disable rules directly in the platform, and your changes persist even after Emerging Threats updates. It’s faster to set up, simpler to maintain, and puts full control of detection logic in your hands. For more information visit Managing Vectra Match Rulesets.