Oct 2025 Release Notes (RUX)

October 2025 highlights: Introducing AI-Assisted Search, AI Scoring Prioritization Agent, Groups Based on Active Directory Membership, New REST API Documentation Is Live API.

🛡️ Coverage

Rapid Release Improvements

The following improvements have been made to algorithms since the last software release cycle. Customers that are connected to Vectra’s update service with Remote Support enabled have received these improvements. All other customers will be receiving the following improvements as part of this release: 

  • Vectra AI now detects LDAP queries targeting Active Directory accounts that lack Kerberos pre-authentication — a common step in AS-REP roasting attacks. This enhancement delivers earlier visibility into credential reconnaissance, helping security teams stop attackers before credential abuse begins 

  • Vectra AI has updated the description of its RDP brute-force and password-spray detection to better align with its detection behavior. While the underlying logic remains unchanged, the revised description clarifies how password-spray activity is represented in the UI, helping analysts interpret alerts with greater precision. 

  • Vectra AI has improved LDAP analytics to identify reconnaissance of AD users with servicePrincipalNames (SPNs) — a precursor to Kerberoasting. This update provides faster detection of credential-targeted attacks, giving customers deeper visibility into stealthy Active Directory threats 

🔎 Clarity

We’re making threat hunting and investigation faster and smarter. With AI-Assisted Search, you can ask questions in plain language — in any major language — and instantly get context-rich answers, visual insights, and recommended next steps. No query syntax, no guesswork — just actionable intelligence at your fingertips. Early users have cut investigation time by up to three hours per case, uncovering exposures they might have missed. Available now for RUX customers with at least 14 days of metadata.

AI Scoring Prioritization Agent

The AI Prioritization Agent now detects when attackers deploy new systems - from rogue laptops to Raspberry Pis - and factors that into threat scoring.

It also learns from historical trends to flag key rare detect types across your environment, delivering faster, more accurate prioritization with less noise.

Customer may see a small number of host with updated scores. For more information watch this podcast:

⚙️ Architecture & Administration

Groups Based on Active Directory Membership

Seamlessly bring your existing AD groups into Vectra and keep them perfectly in sync—no more manual recreations or tedious upkeep. Bulk import eliminates repetitive admin work, so your teams can focus on threat hunting, not group management. By streamlining triage rules and reducing noise, you’ll act faster on the alerts that truly matter. This is efficiency and signal clarity, built right in. Visit Active Directory (AD) Groupsarrow-up-right for more information.

New REST API Documentation Is Live API

We’re excited to introduce the new Vectra REST API Documentation portal — your one-stop destination for building, testing, and integrating with Vectra APIs faster than ever. Developers can now explore, validate, and generate integrations seamlessly — ensuring faster automation, fewer errors, and greater confidence in securing your environment. Starting with API v3.5, all documentation will be delivered exclusively through the REST API Documentation portal: https://apidocs.vectra.aiarrow-up-right

Last updated

Was this helpful?