Nov 2025 Release Notes (RUX)

🛡️ Coverage

Rapid Release Improvements

The following improvements have been made to algorithms since the last software release cycle. Customers that are connected to Vectra’s update service with Remote Support enabled have received these improvements. All other customers will be receiving the following improvements as part of this release:

• Vectra AI is reimagining several Cobalt Strike Suricata signatures as native Python detections. By moving these detections into Vectra’s Python-based engine, all customers now benefit from this Cobalt Strike activity coverage without reliance on signature-based logic.

• Vectra AI has refined its Kali Repo Usage detection to improve accuracy and reduce false positives by tightening how Kali-related user agents are identified. This enhancement focuses the match criteria on true Kali Linux activity, ensuring higher-fidelity alerts and more reliable insights when investigating potential attacker tooling.

• Vectra AI has introduced new information-level detections for Remote Management and Monitoring (RMM) tools observed within customer environments. As RMM utilities are increasingly leveraged in cyberattacks, these alerts provide visibility into their usage without generating noise or affecting scoring. The notifications appear on individual Host pages—one per host session—while remaining hidden from the main Detections page unless filters are adjusted. This update gives customers clearer insight into potentially sensitive administrative activity while maintaining a low-impact alerting experience.

🔎 Clarity

Traffic Lockdown: Automated Network Defense via Firewall Integration (Public Preview)

Vectra AI now empowers customers to take instant action on detected threats with Traffic Lockdown, a new capability that automatically blocks malicious hosts at the firewall level. By integrating directly with supported firewalls, Vectra AI dynamically publishes threat feed IPs for immediate enforcement with no manual rules or complex setup required. Security teams gain faster containment, cleaner workflows, and stronger protection where it matters most: at the network edge. Visit Traffic Lockdown for configuration instructions.

To hear more about Vectra's Response capabilites, watch this podcast:

Operational Overview Report

Introducing the Operational Overview Report — your SOC’s new command view for performance and impact. This report brings together key metrics like Mean Time to Assignment, Mean Time to Investigate, and Mean Time to Resolve, alongside top detections, MITRE ATT&CK mappings, and prioritized entities in one clear, visual dashboard. It quantifies how Vectra AI drives faster investigations, sharper triage, and measurable efficiency gains. With powerful insights for business reviews, executive reporting, and daily operations, it turns performance data into proof of value.

For more information about reporting, watch this podcast:

⚙️ Architecture/Administration

Navigational Change: Configuration

We’ve streamlined how you manage your environment in the Vectra AI Platform. The new Configuration tab unifies the Manage & Settings options to bring all configuration and control settings into one clear, intuitive view, so you can find what you need faster and act with confidence. This update eliminates friction and simplifies navigation. Less searching. More doing.

REST API (Respond UX)

The Vectra AI team continues to update the RUX API with new functionality every month. To stay up to date with the latest functionality, visit our API documentation site.

Multi-SAML Support

The Respond UX platform currently supports single sign-on (SSO) through integration with a customer’s identity provider (IDP) using a configured SAML profile. Until now, only a single SAML profile can be defined, which restricts integration to one IDP at a time.

To tackle this, we are introducing support for multiple SAML profiles. This enhancement will enable customers and MSSPs to configure and manage integrations with multiple IDPs simultaneously, providing greater flexibility and alignment with complex identity environments.

Support Access to RUX tenants 

We’ve introduced the ability for Vectra AI’s authorized employees to securely access RUX tenant UIs when needed. Customers can now configure an expiration date for this access, ensuring it remains time-bound and fully under your control.  To enable support, visit Vectra Remote Support.