{"version":1,"pages":[{"id":"DDvgH0oYS04ZhT1VtiQD","title":"Welcome","pathname":"/","siteSpaceId":"sitesp_UtbXl","emoji":"1f3e0","description":"This is the home page for docs.vectra.ai.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"}]},{"id":"t53pEx2tSr39EReBRl52","title":"Getting started","pathname":"/deployment/getting-started","siteSpaceId":"sitesp_UtbXl","description":"Quick links to core deployment guides, requirements, and architecture references.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"}]},{"id":"8ef36yTH12WLNTiaG12Z","title":"Analyst UX options (RUX vs QUX)","pathname":"/deployment/getting-started/analyst-ux-options-rux-vs-qux","siteSpaceId":"sitesp_UtbXl","description":"How to tell Respond UX from Quadrant UX and what differs across features and docs.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"}]},{"id":"LXf12XMOe2JNsNfyW47J","title":"NDR / Network identity architecture","pathname":"/deployment/getting-started/ndr-network-identity-architecture","siteSpaceId":"sitesp_UtbXl","description":"High-level architecture overview for Vectra NDR and network identity.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"}]},{"id":"69eb9dde445e5f9e57e57466881b2657fb8b11e6","title":"Respond UX deployment guide","pathname":"/deployment/getting-started/respond-ux-deployment-guide","siteSpaceId":"sitesp_UtbXl","description":"End-to-end guide for deploying Vectra Respond UX, including requirements, firewall rules, deployment steps, data source setup, initial configuration, and post-deploy next steps.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"}]},{"id":"uKpVp7lmeWMBPcTkEuQp","title":"Introduction and overview","pathname":"/deployment/getting-started/respond-ux-deployment-guide/introduction-and-overview","siteSpaceId":"sitesp_UtbXl","description":"Overview of RUX deployments, appliance modes, and requirements for adding network Sensors to the Vectra AI Platform.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"},{"label":"Respond UX deployment guide"}]},{"id":"171zXJcIli12QmTWMgVO","title":"Firewall requirements","pathname":"/deployment/getting-started/respond-ux-deployment-guide/firewall-requirements","siteSpaceId":"sitesp_UtbXl","description":"Firewall requirements for your Respond UX (RUX) deployment.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"},{"label":"Respond UX deployment guide"}]},{"id":"3pSw5rIucX0IVNBukVEQ","title":"Deployment","pathname":"/deployment/getting-started/respond-ux-deployment-guide/deployment","siteSpaceId":"sitesp_UtbXl","description":"Overview of the RUX deployment process, how to do your initial login, deployment steps along with requirements and documentation links.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"},{"label":"Respond UX deployment guide"}]},{"id":"R0Zf7b9968Zl7vxkuYJP","title":"Initial configuration","pathname":"/deployment/getting-started/respond-ux-deployment-guide/initial-configuration","siteSpaceId":"sitesp_UtbXl","description":"Guidance for configuring settings in the \"Configuration\" menu in the Vectra UI after the initial deployment is complete for Respond UX and your data sources are connected.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"},{"label":"Respond UX deployment guide"}]},{"id":"Voc0QFa6vJ5Uuubrn2KY","title":"Configuring data sources","pathname":"/deployment/getting-started/respond-ux-deployment-guide/configuring-data-sources","siteSpaceId":"sitesp_UtbXl","description":"Links to deployment guides for network Sensors, traffic validation, and other cloud data sources deployment guidance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"},{"label":"Respond UX deployment guide"}]},{"id":"uaWIiP6E6IRwQOjen83C","title":"Recommended next steps","pathname":"/deployment/getting-started/respond-ux-deployment-guide/recommended-next-steps","siteSpaceId":"sitesp_UtbXl","description":"Recommended actions after an initial RUX deployment, including backups, integrations, and deployment best practices.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"},{"label":"Respond UX deployment guide"}]},{"id":"PvlGfhasS30mwsBObUHK","title":"Respond UX specific","pathname":"/deployment/getting-started/respond-ux-deployment","siteSpaceId":"sitesp_UtbXl","description":"Respond UX-only deployment and configuration guidance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"}]},{"id":"8p6aYZA3gq7nm3Ti2ruM","title":"Initial login - protecting your MFA secret key (RUX)","pathname":"/deployment/getting-started/respond-ux-deployment/initial-login-protecting-your-mfa-secret-key-rux","siteSpaceId":"sitesp_UtbXl","description":"Secure your MFA secret during first login and avoid account lockouts.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"},{"label":"Respond UX specific"}]},{"id":"u0xXzJJl62qOmKd27lo5","title":"Global View","pathname":"/deployment/getting-started/respond-ux-deployment/global-view","siteSpaceId":"sitesp_UtbXl","description":"Demo video, applicability, capabilities, onboarding/deployment, architecture, and answers to your frequently asked questions (FAQs) about Global View for RUX deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"},{"label":"Respond UX specific"}]},{"id":"WBvk2JXZg4tGDD7OZ2bb","title":"SIEM connector (syslog intermediary)","pathname":"/deployment/getting-started/respond-ux-deployment/siem-connector-syslog-intermediary","siteSpaceId":"sitesp_UtbXl","description":"How to configure a syslog intermediary server to poll the RUX API and then send data via syslog to a downstream collector.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"},{"label":"Respond UX specific"}]},{"id":"04yTaarHnEHzS0w9GWYZ","title":"Why migrate to RUX from QUX Migration to RUX from QUX","pathname":"/deployment/getting-started/respond-ux-deployment/why-migrate-to-rux-from-qux-migration-to-rux-from-qux","siteSpaceId":"sitesp_UtbXl","description":"Reasons to move from QUX to RUX, plus key workflow and feature changes.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"},{"label":"Respond UX specific"}]},{"id":"2rzCaPjb2RzvDdANBGVB","title":"Quadrant UX deployment guide","pathname":"/deployment/getting-started/quadrant-ux-deployment","siteSpaceId":"sitesp_UtbXl","description":"End-to-end guide for deploying Vectra Quadrant UX, including requirements, firewall rules, deployment steps, data source setup, initial configuration, and post-deploy next steps.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"}]},{"id":"qfvEkTp6VpebqXicreP6","title":"Introduction and overview","pathname":"/deployment/getting-started/quadrant-ux-deployment/introduction-and-overview","siteSpaceId":"sitesp_UtbXl","description":"Introduction and overview of the Vectra AI platform for Quadrant UX (QUX) deployments and appliance modes","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"},{"label":"Quadrant UX deployment guide"}]},{"id":"EmNjaQCGaaz4DSlQYSAP","title":"Firewall requirements","pathname":"/deployment/getting-started/quadrant-ux-deployment/firewall-requirements","siteSpaceId":"sitesp_UtbXl","description":"Firewall requirements for your Quadrant UX (QUX) deployment.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"},{"label":"Quadrant UX deployment guide"}]},{"id":"imU0gWrogBWBjyy6Fdt0","title":"Brain deployment","pathname":"/deployment/getting-started/quadrant-ux-deployment/brain-deployment","siteSpaceId":"sitesp_UtbXl","description":"Overview of the QUX deployment process, deployment steps along with requirements and documentation links, and how to do your initial login.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"},{"label":"Quadrant UX deployment guide"}]},{"id":"aCJDsxI3pNKBBuBBapEp","title":"Initial configuration","pathname":"/deployment/getting-started/quadrant-ux-deployment/initial-configuration","siteSpaceId":"sitesp_UtbXl","description":"Configure QUX settings after initial deployment, with guidance for data sources and deeper configuration tasks.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"},{"label":"Quadrant UX deployment guide"}]},{"id":"RBv5kWxIj9rm42Ylu5Dg","title":"Configuring data sources","pathname":"/deployment/getting-started/quadrant-ux-deployment/configuring-data-sources","siteSpaceId":"sitesp_UtbXl","description":"Links to deployment guides for network Sensors, traffic validation, and guidance for other cloud data sources supported in QUX deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"},{"label":"Quadrant UX deployment guide"}]},{"id":"CtSDrAPgYYoqzFGDI15I","title":"Recommended next steps","pathname":"/deployment/getting-started/quadrant-ux-deployment/recommended-next-steps","siteSpaceId":"sitesp_UtbXl","description":"Recommended actions after an initial QUX deployment, including backups, integrations, and deployment best practices.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"},{"label":"Quadrant UX deployment guide"}]},{"id":"QqjhezgB1jfjSjQl0IVU","title":"Firewall requirements","pathname":"/deployment/getting-started/firewall-requirements","siteSpaceId":"sitesp_UtbXl","description":"Firewall connectivity requirements for Vectra RUX and QUX deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"}]},{"id":"pezQXiSb2um2Q3VTsCuA","title":"Appliance specifications","pathname":"/deployment/getting-started/appliance-specifications","siteSpaceId":"sitesp_UtbXl","description":"Overview, performance, and specifications for Vectra AI's physical, virtual, and cloud appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"}]},{"id":"YMWiVGY1J5chc5NNhkKd","title":"Default usernames and passwords","pathname":"/deployment/getting-started/default-usernames-and-passwords","siteSpaceId":"sitesp_UtbXl","description":"Default credentials for CLI, Web UI, and IPMI/iDRAC access.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"}]},{"id":"AXkqnqPN9ACLyhWzSnOM","title":"IPv6 management support for Vectra appliances","pathname":"/deployment/getting-started/ipv6-management-support-for-vectra-appliances","siteSpaceId":"sitesp_UtbXl","description":"Review IPv6 management support for Vectra appliances running version 8.5 or later.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Getting started"}]},{"id":"fw6NNqgDOwJwTLf1o8qG","title":"IDR for Azure AD & CDR for M365","pathname":"/deployment/idr-for-azure-ad-and-cdr-for-m365","siteSpaceId":"sitesp_UtbXl","description":"Deployment quick start guide for both IDR for Azure AD & CDR for M365 covering both RUX and QUX deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"}]},{"id":"7eOGKXqyoIGTcRa3GBMo","title":"CDR for AWS","pathname":"/deployment/cdr-for-aws","siteSpaceId":"sitesp_UtbXl","description":"Landing page for CDR for AWS deployment, sizing, and integration guidance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"}]},{"id":"omBYtqOhy11BXlxrUBxY","title":"Deployment (CDR for AWS)","pathname":"/deployment/cdr-for-aws/deployment","siteSpaceId":"sitesp_UtbXl","description":"Deploy CDR for AWS with CloudFormation or manual setup, including requirements, permissions, troubleshooting, and cost guidance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for AWS"}]},{"id":"0fzFBk0RrCbOWsYQTCtk","title":"Architecture and requirements","pathname":"/deployment/cdr-for-aws/deployment/architecture-and-requirements","siteSpaceId":"sitesp_UtbXl","description":"Intro and overview for CDR for AWS, general requirements, network setup requirements for QUX deployments, and deployment overview.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for AWS"},{"label":"Deployment (CDR for AWS)"}]},{"id":"k9sDrziYYl1fMaN76sQW","title":"Deploy via CloudFormation","pathname":"/deployment/cdr-for-aws/deployment/deploy-via-cloudformation","siteSpaceId":"sitesp_UtbXl","description":"End-to-end steps using the Vectra-provided CloudFormation template.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for AWS"},{"label":"Deployment (CDR for AWS)"}]},{"id":"U03jNC6uSMNJD62H3r4v","title":"Appendix 1 - AWS Configuration Notes","pathname":"/deployment/cdr-for-aws/deployment/appendix-1-aws-configuration-notes","siteSpaceId":"sitesp_UtbXl","description":"Required permissions, data events guidance, bucket location, and KMS notes.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for AWS"},{"label":"Deployment (CDR for AWS)"}]},{"id":"762xJl7VgZKgoq7XyoQL","title":"Appendix 2 - Manual AWS Deployment","pathname":"/deployment/cdr-for-aws/deployment/appendix-2-manual-aws-deployment","siteSpaceId":"sitesp_UtbXl","description":"Create the SNS topic and IAM role yourself, then authorize in Vectra.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for AWS"},{"label":"Deployment (CDR for AWS)"}]},{"id":"zFB47SS5j5WbdjUMkt99","title":"Appendix 3 – Troubleshooting Issues While Onboarding","pathname":"/deployment/cdr-for-aws/deployment/appendix-3-troubleshooting-issues-while-onboarding","siteSpaceId":"sitesp_UtbXl","description":"Common errors during CloudFormation/manual setup and how to resolve them.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for AWS"},{"label":"Deployment (CDR for AWS)"}]},{"id":"ayQeuKaFUMLghmKve6Ft","title":"Appendix 4 – AWS Log Ingestion Cost Estimates","pathname":"/deployment/cdr-for-aws/deployment/appendix-4-aws-log-ingestion-cost-estimates","siteSpaceId":"sitesp_UtbXl","description":"CloudTrail, S3, SNS, data events, retention, and transfer costs.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for AWS"},{"label":"Deployment (CDR for AWS)"}]},{"id":"dApCyRPxfPC0vg8PCwlR","title":"Estimating Log Volume","pathname":"/deployment/cdr-for-aws/estimating-log-volume","siteSpaceId":"sitesp_UtbXl","description":"Guidance to estimate AWS log volume and expected ingestion impact for CDR for AWS.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for AWS"}]},{"id":"xZ3sh1NFZGSabcGa3SPK","title":"Amazon Security Lake Integration","pathname":"/deployment/cdr-for-aws/amazon-security-lake-integration","siteSpaceId":"sitesp_UtbXl","description":"Integrate Vectra Detect for AWS with Amazon Security Lake.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for AWS"}]},{"id":"MiPTtXioajVu2VDS4Us1","title":"CDR for Azure","pathname":"/deployment/cdr-for-azure","siteSpaceId":"sitesp_UtbXl","description":"Landing page for CDR for Azure deployment and sizing guidance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"}]},{"id":"7678bfce34dfc8d5d424d19b0c53beaf6620496c","title":"Estimating usage","pathname":"/deployment/cdr-for-azure/estimating-usage","siteSpaceId":"sitesp_UtbXl","description":"Gather Azure CDR sizing data to help estimate service costs for Vectra deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for Azure"}]},{"id":"eHvxrLJqabpPPFKn1Kfc","title":"Deployment","pathname":"/deployment/cdr-for-azure/deployment","siteSpaceId":"sitesp_UtbXl","description":"CDR for Azure Deployment anchor page with demo video and product related announcements.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for Azure"}]},{"id":"VsMWUIofloM05G0yluJw","title":"Introduction, architecture, and requirements","pathname":"/deployment/cdr-for-azure/deployment/introduction-architecture-and-requirements","siteSpaceId":"sitesp_UtbXl","description":"What CDR for Azure provides, how it works, and what you need before deploying.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for Azure"},{"label":"Deployment"}]},{"id":"skUrE7j6vzCo416qJqr9","title":"Automated deployment","pathname":"/deployment/cdr-for-azure/deployment/automated-deployment","siteSpaceId":"sitesp_UtbXl","description":"Deploy CDR for Azure using the Vectra-provided ARM templates. This is the \"Automated\" deployment method and is recommended for most Vectra customers.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for Azure"},{"label":"Deployment"}]},{"id":"2nukC9GVIa4bnj5Fyigj","title":"Manual deployment","pathname":"/deployment/cdr-for-azure/deployment/manual-deployment","siteSpaceId":"sitesp_UtbXl","description":"Deploy CDR for Azure manually without the aid of Vectra provided ARM templates.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for Azure"},{"label":"Deployment"}]},{"id":"540UUuAjsHJpvJTZSAKq","title":"Appendix 1 - Azure configuration notes","pathname":"/deployment/cdr-for-azure/deployment/appendix-1-azure-configuration-notes","siteSpaceId":"sitesp_UtbXl","description":"Azure permissions, objects created by Vectra, and related operational notes to help with permissions issues.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for Azure"},{"label":"Deployment"}]},{"id":"lAyWmLitRtfoaFvrVSxS","title":"Appendix 2 - Adding additional locations or resources","pathname":"/deployment/cdr-for-azure/deployment/appendix-2-adding-additional-locations-or-resources","siteSpaceId":"sitesp_UtbXl","description":"Guidance for re-running deployment when you add regions, locations, or Vectra adds new supported resource types.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for Azure"},{"label":"Deployment"}]},{"id":"oHmW6XcWezaR68ckItwS","title":"Appendix 3 - Troubleshooting issues while onboarding","pathname":"/deployment/cdr-for-azure/deployment/appendix-3-troubleshooting-issues-while-onboarding","siteSpaceId":"sitesp_UtbXl","description":"Common onboarding issues, policy conflicts, and ARM template deployment errors.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"CDR for Azure"},{"label":"Deployment"}]},{"id":"xpqHNjAshsHuA6vm4u9G","title":"NDR physical appliances","pathname":"/deployment/ndr-physical-appliances","siteSpaceId":"sitesp_UtbXl","description":"Quick start and hardware guidance for physical Brain and Sensor appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"}]},{"id":"XyGxRDuiuFsHqkpIBLqV","title":"Supported SFPs and QSFPs","pathname":"/deployment/ndr-physical-appliances/supported-sfps-and-qsfps","siteSpaceId":"sitesp_UtbXl","description":"Supported SFP/QSFP transceivers for Vectra physical appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"}]},{"id":"jaXws7PQs4aA0QiQT5MO","title":"Physical appliance modes and switching between them","pathname":"/deployment/ndr-physical-appliances/physical-appliance-modes-and-switching-between-them","siteSpaceId":"sitesp_UtbXl","description":"The article describes the Brain, Sensor, and Mixed modes and how to switch between them for physical Vectra appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"}]},{"id":"jJ4gIn5XsN5bpEMyO40U","title":"X-Series","pathname":"/deployment/ndr-physical-appliances/x-series","siteSpaceId":"sitesp_UtbXl","description":"Quick start guides and lifecycle notes for X-Series appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"}]},{"id":"y2UOXUpYWbXiAUChvVjx","title":"X3","pathname":"/deployment/ndr-physical-appliances/x-series/x3","siteSpaceId":"sitesp_UtbXl","description":"The X3 quick start guide provides guidance for initial deployment, verifying connectivity, and next steps to take after the appliance is connected to your network.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"},{"label":"X-Series"}]},{"id":"HhOXVHFwONvBNGv065Iw","title":"X47","pathname":"/deployment/ndr-physical-appliances/x-series/x47","siteSpaceId":"sitesp_UtbXl","description":"The X47 quick start guide provides guidance for initial deployment, verifying connectivity, and next steps to take after the appliance is connected to your network.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"},{"label":"X-Series"}]},{"id":"fepau5vpVAsWhYYWK47c","title":"X29 (EOS)","pathname":"/deployment/ndr-physical-appliances/x-series/x29","siteSpaceId":"sitesp_UtbXl","description":"The X29 quick start guide provides guidance for initial deployment, verifying connectivity, and next steps to take after the appliance is connected to your network.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"},{"label":"X-Series"}]},{"id":"C1ogJnC4LmaGRm68qkIj","title":"X80 (EOL)","pathname":"/deployment/ndr-physical-appliances/x-series/x80","siteSpaceId":"sitesp_UtbXl","description":"The X80 quick start guide provides guidance for initial connection to your network.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"},{"label":"X-Series"}]},{"id":"xQ2RZLMghXmJE77wtPNn","title":"B-Series","pathname":"/deployment/ndr-physical-appliances/b-series","siteSpaceId":"sitesp_UtbXl","description":"Quick start guides and lifecycle notes for B-Series appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"}]},{"id":"DCiMG34hNeng2MVqHOnJ","title":"B127","pathname":"/deployment/ndr-physical-appliances/b-series/b127","siteSpaceId":"sitesp_UtbXl","description":"The B127 quick start guide provides guidance for initial deployment, verifying connectivity, and next steps to take after the appliance is connected to your network.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"},{"label":"B-Series"}]},{"id":"b2oHfYCnJc6f7gNRLILf","title":"B101 (EOS)","pathname":"/deployment/ndr-physical-appliances/b-series/b101","siteSpaceId":"sitesp_UtbXl","description":"The B101 quick start guide provides guidance for initial deployment, verifying connectivity, and next steps to take after the appliance is connected to your network.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"},{"label":"B-Series"}]},{"id":"oxHdk3i0XcRjRu5CGn7t","title":"S-Series","pathname":"/deployment/ndr-physical-appliances/s-series","siteSpaceId":"sitesp_UtbXl","description":"Quick start guides and lifecycle notes for S-Series appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"}]},{"id":"DoCle0yyHlJ4lo661ltX","title":"S1","pathname":"/deployment/ndr-physical-appliances/s-series/s1","siteSpaceId":"sitesp_UtbXl","description":"The S1 quick start guide provides guidance for initial deployment, verifying connectivity, and next steps to take after the appliance is connected to your network.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"},{"label":"S-Series"}]},{"id":"wSKJGBOA0jvlqGyCQeEi","title":"S1v2","pathname":"/deployment/ndr-physical-appliances/s-series/s1v2","siteSpaceId":"sitesp_UtbXl","description":"The S1v2 quick start guide provides guidance for initial deployment, verifying connectivity, and next steps to take after the appliance is connected to your network.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"},{"label":"S-Series"}]},{"id":"jZIZqRdQxLLQQtmftgkJ","title":"S11","pathname":"/deployment/ndr-physical-appliances/s-series/s11","siteSpaceId":"sitesp_UtbXl","description":"The S11 quick start guide provides guidance for initial deployment, verifying connectivity, and next steps to take after the appliance is connected to your network.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"},{"label":"S-Series"}]},{"id":"B3pd8z3XtlynA0Vps46n","title":"S17","pathname":"/deployment/ndr-physical-appliances/s-series/s17","siteSpaceId":"sitesp_UtbXl","description":"The S17 quick start guide provides guidance for initial deployment, verifying connectivity, and next steps to take after the appliance is connected to your network.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"},{"label":"S-Series"}]},{"id":"IC7LwRHcT6PjmTMTRRiG","title":"S101","pathname":"/deployment/ndr-physical-appliances/s-series/s101","siteSpaceId":"sitesp_UtbXl","description":"Deploy an S101 appliance, verify connectivity, and review next steps for v1 and v2 hardware variants.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"},{"label":"S-Series"}]},{"id":"e8dGlJ6litMgFBckawaA","title":"S127","pathname":"/deployment/ndr-physical-appliances/s-series/s127","siteSpaceId":"sitesp_UtbXl","description":"The S127 quick start guide provides guidance for initial deployment, verifying connectivity, and next steps to take after the appliance is connected to your network.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"},{"label":"S-Series"}]},{"id":"h6CBGvjWGuOsig3JEI02","title":"S2 (EOL)","pathname":"/deployment/ndr-physical-appliances/s-series/s2","siteSpaceId":"sitesp_UtbXl","description":"The S2 quick start guide provides guidance for connecting your appliance to your network.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"},{"label":"S-Series"}]},{"id":"2WTllSyWglIUyN8rDH43","title":"M-Series","pathname":"/deployment/ndr-physical-appliances/m-series","siteSpaceId":"sitesp_UtbXl","description":"Quick start guides and lifecycle notes for M-Series appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"}]},{"id":"chW5R3gPQq7Z4FTeBulO","title":"M47","pathname":"/deployment/ndr-physical-appliances/m-series/m47","siteSpaceId":"sitesp_UtbXl","description":"The M47 quick start guide provides guidance for initial deployment, verifying connectivity, and next steps to take after the appliance is connected to your network.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"},{"label":"M-Series"}]},{"id":"iS9OEiAX6C9z47dsw7Cj","title":"M29 (EOS)","pathname":"/deployment/ndr-physical-appliances/m-series/m29","siteSpaceId":"sitesp_UtbXl","description":"The M29 quick start guide provides guidance for initial deployment, verifying connectivity, and next steps to take after the appliance is connected to your network.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR physical appliances"},{"label":"M-Series"}]},{"id":"3t32tljfncpX747jllN5","title":"NDR virtual / cloud appliances","pathname":"/deployment/ndr-virtual-cloud-appliances","siteSpaceId":"sitesp_UtbXl","description":"Deploy Brains and vSensors in virtualized and public cloud environments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"}]},{"id":"RhFE16TlQl6rjhIM805C","title":"AWS Brain","pathname":"/deployment/ndr-virtual-cloud-appliances/aws-brain","siteSpaceId":"sitesp_UtbXl","description":"Deploy a Vectra Brain in an AWS account for RUX or QUX deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"}]},{"id":"SLgZHD0e2JgsSQw92JR1","title":"Introduction and requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/aws-brain/introduction-and-requirements","siteSpaceId":"sitesp_UtbXl","description":"Prerequisites and deployment workflow for an AWS Brain.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"AWS Brain"}]},{"id":"l1y3If4D2eYINig1lSlz","title":"Firewall requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/aws-brain/firewall-requirements","siteSpaceId":"sitesp_UtbXl","description":"Connectivity and security group rules for AWS Brain deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"AWS Brain"}]},{"id":"MXwaP0k8qDRVrDNWnjtt","title":"Deploying the AMI","pathname":"/deployment/ndr-virtual-cloud-appliances/aws-brain/deploying-the-ami","siteSpaceId":"sitesp_UtbXl","description":"Deploy the AWS Brain AMI using CloudFormation or AWS Marketplace.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"AWS Brain"}]},{"id":"ejHLalry9V42rTTNUmkK","title":"Enabling AWS integrations","pathname":"/deployment/ndr-virtual-cloud-appliances/aws-brain/enabling-aws-integrations","siteSpaceId":"sitesp_UtbXl","description":"Enable AWS HostID and optional Security Hub and CloudWatch integrations.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"AWS Brain"}]},{"id":"2BP3DpAe4dkNDbZXw7ZC","title":"Pairing Sensors or Stream","pathname":"/deployment/ndr-virtual-cloud-appliances/aws-brain/pairing-sensors-or-stream","siteSpaceId":"sitesp_UtbXl","description":"Pair Sensors or Stream to an AWS Brain after provisioning.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"AWS Brain"}]},{"id":"cT0alKh6TM3oufmbXlvA","title":"AWS vSensor","pathname":"/deployment/ndr-virtual-cloud-appliances/aws-vsensor","siteSpaceId":"sitesp_UtbXl","description":"Parent page for AWS vSensor deployment and includes attachments used by the deployment.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"}]},{"id":"w7oV0E45NOECOzwXvafA","title":"Introduction and requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/aws-vsensor/introduction-and-requirements","siteSpaceId":"sitesp_UtbXl","description":"Prerequisites and sizing guidance for deploying Vectra AWS vSensors, including sizing, SRT setup, VPC/subnet planning, and security group requirements.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"AWS vSensor"}]},{"id":"l2CwpM0IcqYu4kGfoM2t","title":"Deployment from AWS Marketplace","pathname":"/deployment/ndr-virtual-cloud-appliances/aws-vsensor/deployment-from-aws-marketplace","siteSpaceId":"sitesp_UtbXl","description":"Step-by-step AWS Marketplace and CloudFormation deployment for AWS vSensors, including key template parameters and post-deploy checks.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"AWS vSensor"}]},{"id":"shmagTVLVhGNBeCeeUjI","title":"AWS integrations","pathname":"/deployment/ndr-virtual-cloud-appliances/aws-vsensor/aws-integrations","siteSpaceId":"sitesp_UtbXl","description":"Configure AWS integrations for Vectra (HostID, optional Security Hub, optional CloudWatch), including required IAM users/roles/policies.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"AWS vSensor"}]},{"id":"cqGfiTdKkTz21puZUd22","title":"Pairing AWS vSensors","pathname":"/deployment/ndr-virtual-cloud-appliances/aws-vsensor/pairing-aws-vsensors","siteSpaceId":"sitesp_UtbXl","description":"Pair AWS vSensors to a Brain using the Sensor Registration Token workflow (AWS vSensors do not support online pairing).","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"AWS vSensor"}]},{"id":"EvjNjgMBONCcYrvBTuzn","title":"Directing traffic to AWS vSensor","pathname":"/deployment/ndr-virtual-cloud-appliances/aws-vsensor/traffic-direction-to-aws-vsensor","siteSpaceId":"sitesp_UtbXl","description":"Configure AWS VPC Traffic Mirroring to send EC2 traffic to a vSensor (mirror filters, mirror targets, and mirror sessions).","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"AWS vSensor"}]},{"id":"vXGLkYImiVmcKT8uGKIv","title":"AWS vSensor FAQs","pathname":"/deployment/ndr-virtual-cloud-appliances/aws-vsensor/aws-vsensor-faqs","siteSpaceId":"sitesp_UtbXl","description":"Common questions and troubleshooting for AWS vSensor deployments, including regional limits, validation, updates, and service quotas.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"AWS vSensor"}]},{"id":"bFq2ugY1qtGqEp8WII3W","title":"AWS Security Hub integration (QUX only)","pathname":"/deployment/ndr-virtual-cloud-appliances/aws-security-hub-integration-qux-only","siteSpaceId":"sitesp_UtbXl","description":"Set up AWS Security Hub integration for Vectra QUX deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"}]},{"id":"M58bRZbxdjNUauuSKslN","title":"AWS best practices","pathname":"/deployment/ndr-virtual-cloud-appliances/aws-best-practices","siteSpaceId":"sitesp_UtbXl","description":"AWS configuration and operational best practices for Vectra appliances and integrations.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"}]},{"id":"MAquyxNiHLgVCQ5QUHvF","title":"Azure Brain","pathname":"/deployment/ndr-virtual-cloud-appliances/azure-brain","siteSpaceId":"sitesp_UtbXl","description":"Deploy a Vectra Brain in an Azure subscription for RUX or QUX deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"}]},{"id":"NqE48FVH9kUgy0vvPF4i","title":"Introduction and requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/azure-brain/introduction-and-requirements","siteSpaceId":"sitesp_UtbXl","description":"Prerequisites and high-level workflow for deploying an Azure Brain, including required permissions and Azure resources.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Azure Brain"}]},{"id":"xxL4HmWB08GuINydX98u","title":"Firewall requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/azure-brain/firewall-requirements","siteSpaceId":"sitesp_UtbXl","description":"Azure-specific connectivity guidance for Azure Brain deployments, including NSG rules, DNS, and NTP notes.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Azure Brain"}]},{"id":"heo6mOudfZzaZmd4vJYI","title":"Deploying the Brain image","pathname":"/deployment/ndr-virtual-cloud-appliances/azure-brain/deploying-the-brain-image","siteSpaceId":"sitesp_UtbXl","description":"Deploy the Vectra Brain VM in Azure using the Azure CLI, including required inputs, sizing, and post-deploy access steps.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Azure Brain"}]},{"id":"Mhuysu7agsnUDiuUwZLR","title":"Azure Host ID integration","pathname":"/deployment/ndr-virtual-cloud-appliances/azure-brain/azure-hostid-integration","siteSpaceId":"sitesp_UtbXl","description":"Enable the Azure HostID integration to enrich hosts using Azure Resource Manager metadata.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Azure Brain"}]},{"id":"wRTkWLuHIW9eRV5JkY2t","title":"Pairing Sensors or Stream","pathname":"/deployment/ndr-virtual-cloud-appliances/azure-brain/pairing-sensors-or-stream","siteSpaceId":"sitesp_UtbXl","description":"Pair Sensors or Stream to an Azure Brain, with notes on Azure vSensor/Stream pairing limitations.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Azure Brain"}]},{"id":"gAD9HWCAnxtpKZCoXdHx","title":"Azure vSensor","pathname":"/deployment/ndr-virtual-cloud-appliances/azure-vsensor","siteSpaceId":"sitesp_UtbXl","description":"Deploy and pair Vectra vSensors in Microsoft Azure environments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"}]},{"id":"kcqlzXTqXYK1BSwphWhS","title":"Introduction and requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/azure-vsensor/introduction-and-requirements","siteSpaceId":"sitesp_UtbXl","description":"Azure vSensor deployment introduction and requirements including Sensor Registration Token, Brain and Sensor communications requirements, and Azure requirements.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Azure vSensor"}]},{"id":"pPT0h9l2XCRINlEmjUDh","title":"Deployment from Azure marketplace","pathname":"/deployment/ndr-virtual-cloud-appliances/azure-vsensor/deployment-from-azure-marketplace","siteSpaceId":"sitesp_UtbXl","description":"Deploying the Azure vSensor image from the Azure marketplace.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Azure vSensor"}]},{"id":"fvmNpDUj76uSLvBLjrk9","title":"Azure Host ID integration","pathname":"/deployment/ndr-virtual-cloud-appliances/azure-vsensor/azure-host-id-integration","siteSpaceId":"sitesp_UtbXl","description":"Configuring HostID integration between your Vectra Brain and the Azure Resource Manager.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Azure vSensor"}]},{"id":"oB5uVfjxLkvcOfrCsYNz","title":"Pairing Azure vSensors","pathname":"/deployment/ndr-virtual-cloud-appliances/azure-vsensor/pairing-azure-vsensors","siteSpaceId":"sitesp_UtbXl","description":"Pair Azure vSensors to a Brain using the Sensor Registration Token workflow (Azure vSensors do not support online pairing).","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Azure vSensor"}]},{"id":"ohEHaFUXM2sJa6gEmYjg","title":"Directing traffic to Azure vSensor","pathname":"/deployment/ndr-virtual-cloud-appliances/azure-vsensor/directing-traffic-to-azure-vsensor","siteSpaceId":"sitesp_UtbXl","description":"How to direct traffic to Azure vSensors.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Azure vSensor"}]},{"id":"eicNvoxUtXQXLeaeY3RG","title":"Azure cPacket cVu-V","pathname":"/deployment/ndr-virtual-cloud-appliances/azure-vsensor/azure-cpacket-cvu-v","siteSpaceId":"sitesp_UtbXl","description":"Optionally deploy cPacket cVu-V in Azure to feed traffic for a Vectra vSensor for packet capture and NDR visibility.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Azure vSensor"}]},{"id":"uDX9DPIYGgjsAFS4Ea06","title":"GCP Brain","pathname":"/deployment/ndr-virtual-cloud-appliances/gcp-brain","siteSpaceId":"sitesp_UtbXl","description":"Deploy a Vectra NDR virtual Brain in a Google Cloud project.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"}]},{"id":"Pc1cSYNMs8r9X0AFTYWp","title":"Introduction and requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/gcp-brain/introduction-and-requirements","siteSpaceId":"sitesp_UtbXl","description":"Overview of the GCP Brain deployment and prerequisites, including required access, tooling, and Vectra-provided resources.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"GCP Brain"}]},{"id":"uV6XiZixASWRkJKHGl8w","title":"Preparation","pathname":"/deployment/ndr-virtual-cloud-appliances/gcp-brain/preparation","siteSpaceId":"sitesp_UtbXl","description":"Pre-deployment checklist for GCP Brain install, including connectivity, SSH keys, sizing, and required service accounts and roles.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"GCP Brain"}]},{"id":"ZnRCwykb2E68Ev32Wmks","title":"Firewall requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/gcp-brain/firewall-requirements","siteSpaceId":"sitesp_UtbXl","description":"Network connectivity requirements (ports, protocols, and FQDNs) for Vectra appliances and Vectra cloud services.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"GCP Brain"}]},{"id":"pQi7wR6C5iSF22EfO82L","title":"Deployment","pathname":"/deployment/ndr-virtual-cloud-appliances/gcp-brain/deployment","siteSpaceId":"sitesp_UtbXl","description":"Deploy the GCP Brain VM using the Vectra template and `gcloud infra-manager`, then connect and complete provisioning.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"GCP Brain"}]},{"id":"UckWbxJeHYmCYNDsbywU","title":"Post deployment configuration","pathname":"/deployment/ndr-virtual-cloud-appliances/gcp-brain/post-deployment-configuration","siteSpaceId":"sitesp_UtbXl","description":"Post-deploy steps for the GCP Brain, including HostID integration setup and GCP Sensor pairing guidance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"GCP Brain"}]},{"id":"ADYEE6uH6XQnOr3klu5h","title":"GCP vSensor","pathname":"/deployment/ndr-virtual-cloud-appliances/gcp-vsensor","siteSpaceId":"sitesp_UtbXl","description":"Deploy a Vectra NDR virtual Sensor in a Google Cloud project.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"}]},{"id":"lQA1qMrBe3VjOvpj7uYm","title":"Introduction and requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/gcp-vsensor/introduction-and-requirements","siteSpaceId":"sitesp_UtbXl","description":"Overview of the GCP vSensor deployment and requirements, including required access, tooling, and Vectra-provided resources.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"GCP vSensor"}]},{"id":"m8gZgvDzkUZYetWvPA8b","title":"Preparation","pathname":"/deployment/ndr-virtual-cloud-appliances/gcp-vsensor/preparation","siteSpaceId":"sitesp_UtbXl","description":"Pre-deployment checklist for GCP vSensor install, including connectivity, SSH keys, sizing, and required service accounts and roles.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"GCP vSensor"}]},{"id":"xBAJyaLxEXRUg8oFQQgM","title":"Deploying the image","pathname":"/deployment/ndr-virtual-cloud-appliances/gcp-vsensor/deploying-the-image","siteSpaceId":"sitesp_UtbXl","description":"Deploy the GCP vSensor VM using the Vectra template and `gcloud infra-manager`.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"GCP vSensor"}]},{"id":"2ix1ZAQcA1QkD39U6x3V","title":"Pairing GCP vSensors","pathname":"/deployment/ndr-virtual-cloud-appliances/gcp-vsensor/pairing-gcp-vsensors","siteSpaceId":"sitesp_UtbXl","description":"Overview of GCP vSensor pairing, pairing and registration settings, configuring the Brain location and Sensor Registration Token (SRT), and pairing guidance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"GCP vSensor"}]},{"id":"HVYD0ggDMUkXRjxXZaoW","title":"Directing traffic to GCP vSensors","pathname":"/deployment/ndr-virtual-cloud-appliances/gcp-vsensor/directing-traffic-to-gcp-vsensors","siteSpaceId":"sitesp_UtbXl","description":"How to direct traffic to the GCP vSensor capture port using Google Network Security Integration (NSI), VPC Packet Mirroring, or 3rd party VXLAN-based packet brokers.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"GCP vSensor"}]},{"id":"LA2hsGN3jAB3Er2SDsH0","title":"GCP Host ID integration","pathname":"/deployment/ndr-virtual-cloud-appliances/gcp-vsensor/gcp-hostid-integration","siteSpaceId":"sitesp_UtbXl","description":"This article goes over the GCP HostID integration available for Vectra NDR deployments that capture traffic from GCP VPCs.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"GCP vSensor"}]},{"id":"uewjXTPB3gyUqVrWqkqm","title":"Hyper-V vSensor","pathname":"/deployment/ndr-virtual-cloud-appliances/hyper-v-vsensor","siteSpaceId":"sitesp_UtbXl","description":"Deploy and pair Hyper-V vSensors with a Vectra Brain in RUX or QUX deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"}]},{"id":"WEgRYIS2c3J7rRC9QgP0","title":"Introduction and general requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/hyper-v-vsensor/introduction-and-general-requirements","siteSpaceId":"sitesp_UtbXl","description":"Hyper-V vSensor deployment introduction, resource requirements, performance, and connectivity requirements.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Hyper-V vSensor"}]},{"id":"RbAKBikqdtDdmM5vvnHm","title":"vSensor deployment in Hyper-V","pathname":"/deployment/ndr-virtual-cloud-appliances/hyper-v-vsensor/vsensor-deployment-in-hyper-v","siteSpaceId":"sitesp_UtbXl","description":"Deploy a Hyper-V vSensor, verify prerequisites, and manage its initial embryo state before pairing and updating.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Hyper-V vSensor"}]},{"id":"IpiPZgFk0AbgpJaUyfhG","title":"Capture configuration and vSwitch guidance","pathname":"/deployment/ndr-virtual-cloud-appliances/hyper-v-vsensor/capture-configuration-and-vswitch-guidance","siteSpaceId":"sitesp_UtbXl","description":"Configure Hyper-V vSensor traffic capture for physical traffic, guest traffic, VLANs, and virtual switch options.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Hyper-V vSensor"}]},{"id":"6TTSQDbh6yZ98K22P0EG","title":"Initial vSensor configuration at CLI","pathname":"/deployment/ndr-virtual-cloud-appliances/hyper-v-vsensor/initial-vsensor-configuration-at-cli","siteSpaceId":"sitesp_UtbXl","description":"Changing from DHCP (default) to static addressing, configuring DNS servers, changing password, and verifying Hyper-V vSensor connectivity.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Hyper-V vSensor"}]},{"id":"gCcncfF6YTd2g7Q2eCQI","title":"Pairing Hyper-V vSensors","pathname":"/deployment/ndr-virtual-cloud-appliances/hyper-v-vsensor/pairing-hyper-v-vsensors","siteSpaceId":"sitesp_UtbXl","description":"Pairing Hyper-V vSensors with a Vectra Brain appliance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Hyper-V vSensor"}]},{"id":"QuhI5tQoSAl35UB5tBoB","title":"Traffic capture guidance and validation","pathname":"/deployment/ndr-virtual-cloud-appliances/hyper-v-vsensor/traffic-capture-guidance-and-validation","siteSpaceId":"sitesp_UtbXl","description":"Guidance for Hyper-V vSensor traffic capture, PCAP generation, and traffic validation.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Hyper-V vSensor"}]},{"id":"nmT2Xzsp9RCcD5OdXqls","title":"KVM vSensor","pathname":"/deployment/ndr-virtual-cloud-appliances/kvm-vsensor","siteSpaceId":"sitesp_UtbXl","description":"Deploy and pair KVM vSensors with a Vectra Brain in RUX or QUX deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"}]},{"id":"h2loCFuHDc7abn9Tv8po","title":"Introduction and general requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/kvm-vsensor/introduction-and-general-requirements","siteSpaceId":"sitesp_UtbXl","description":"KVM vSensor deployment introduction, resource requirements, performance, connectivity requirements, and preparation list.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"KVM vSensor"}]},{"id":"EDWZzipjh3yVaXMH2twf","title":"KVM specific details and deployment","pathname":"/deployment/ndr-virtual-cloud-appliances/kvm-vsensor/kvm-specific-details-and-deployment","siteSpaceId":"sitesp_UtbXl","description":"Review KVM requirements, networking guidance, VM operations, and vSensor deployment before pairing and updating.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"KVM vSensor"}]},{"id":"5fCTeybTZBpklWVuNNdt","title":"Initial vSensor configuration at CLI","pathname":"/deployment/ndr-virtual-cloud-appliances/kvm-vsensor/initial-vsensor-configuration-at-cli","siteSpaceId":"sitesp_UtbXl","description":"Changing from DHCP (default) to static addressing, configuring DNS servers, changing password, and verifying KVM vSensor connectivity.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"KVM vSensor"}]},{"id":"Ux7yML6ZDMse6fy2yYlR","title":"Pairing KVM vSensors","pathname":"/deployment/ndr-virtual-cloud-appliances/kvm-vsensor/pairing-kvm-vsensors","siteSpaceId":"sitesp_UtbXl","description":"Pairing KVM vSensors with a Vectra Brain appliance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"KVM vSensor"}]},{"id":"YP57UvcVcAwodCMP39dk","title":"Traffic capture guidance and validation","pathname":"/deployment/ndr-virtual-cloud-appliances/kvm-vsensor/traffic-capture-guidance-and-validation","siteSpaceId":"sitesp_UtbXl","description":"Guidance for KVM vSensor traffic capture, PCAP generation, and traffic validation.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"KVM vSensor"}]},{"id":"7CrePHm9vty56Y8JUykt","title":"Nutanix Brain","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-brain","siteSpaceId":"sitesp_UtbXl","description":"Deploy a Vectra Brain in Nutanix environments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"}]},{"id":"6c80Bbz59smfpI3jk6gr","title":"Introduction and requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-brain/introduction-and-requirements","siteSpaceId":"sitesp_UtbXl","description":"Introductions and requirements for deploying a Vectra Brain appliance in Nutanix environments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Nutanix Brain"}]},{"id":"jx1SA27HVpVNaZWc18LI","title":"Firewall requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-brain/firewall-requirements","siteSpaceId":"sitesp_UtbXl","description":"Firewall requirements for a Nutanix Brain for both RUX or QUX deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Nutanix Brain"}]},{"id":"aa4TZGXmxM0wCj7D3cCw","title":"Licensing and Brain deployment overview","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-brain/licensing-and-brain-deployment-overview","siteSpaceId":"sitesp_UtbXl","description":"How licensing works for Nutanix Brains and an overview of the Nutanix Brain deployment process.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Nutanix Brain"}]},{"id":"x7Pheg9HLJyKRMqFRBZR","title":"Brain deployment in Nutanix","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-brain/brain-deployment-in-nutanix","siteSpaceId":"sitesp_UtbXl","description":"How to download the Nutanix Brain image and deploy it within Nutanix.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Nutanix Brain"}]},{"id":"lRpTkFS7sKL2a8gJGcua","title":"Initial startup and licensing","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-brain/initial-startup-and-licensing","siteSpaceId":"sitesp_UtbXl","description":"Initial startup, provisioning proxy configuration, and licensing for Nutanx Brain. Licensing must be completed prior to the main UI or CLI being available.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Nutanix Brain"}]},{"id":"D102X7H4pLeDIiarkyTJ","title":"Post deployment guidance","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-brain/post-deployment-guidance","siteSpaceId":"sitesp_UtbXl","description":"Guidance for static addressing, updates, performance testing, integrity checks, configuration validation, licensing checks, and resizing your Nutanix Brain.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Nutanix Brain"}]},{"id":"eObT4rqLdlLblFvU3go2","title":"Nutanix vSensor","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-vsensor","siteSpaceId":"sitesp_UtbXl","description":"Deploy and pair a Vectra vSensor on Nutanix AHV.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"}]},{"id":"nB8U7qyVJbhDUXdQOLNq","title":"Introduction and requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-vsensor/introduction-and-requirements","siteSpaceId":"sitesp_UtbXl","description":"Nutanix vSensor deployment introduction, resource requirements including performance and supported Nutanix versions, and connectivity requirements.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Nutanix vSensor"}]},{"id":"GhtUNeCFRA18F0UCgZDY","title":"Nutanix traffic capture options","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-vsensor/nutanix-traffic-capture-options","siteSpaceId":"sitesp_UtbXl","description":"Nutanix terminology and methods to direct traffic to a vSensor capture port.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Nutanix vSensor"}]},{"id":"dN527I4W6judUrYNc9ey","title":"Preparing for deployment","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-vsensor/preparing-for-deployment","siteSpaceId":"sitesp_UtbXl","description":"Information to gather before deployment, choosing a deployment method, and pre-deployment steps shared by all deployment methods.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Nutanix vSensor"}]},{"id":"KHhOiBZnaHA2qlXjT8Yq","title":"Service Chaining 1.0 deployment","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-vsensor/service-chaining-1.0-deployment","siteSpaceId":"sitesp_UtbXl","description":"Deploying Nutanix vSensor VM using Service Chaining 1.0 to direct traffic at the vSensor capture port.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Nutanix vSensor"}]},{"id":"iP7Ra5daiAIybkHWZ0CQ","title":"Traffic Mirroring deployment","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-vsensor/traffic-mirroring-deployment","siteSpaceId":"sitesp_UtbXl","description":"Deploying Nutanix vSensor VM using Traffic Mirroring to direct traffic at the vSensor capture port.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Nutanix vSensor"}]},{"id":"4Zv4x9QB3UBAoCKjL96B","title":"Post deployment configuration (shared for all deployment types)","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-vsensor/post-deployment-configuration-shared-for-all-deployment-types","siteSpaceId":"sitesp_UtbXl","description":"Shared steps for Nutanix vSensors after the initial deployment in Nutanix is completed.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Nutanix vSensor"}]},{"id":"1X5w59XxvEPFGrMqcUOV","title":"Initial vSensor configuration at CLI","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-vsensor/initial-vsensor-configuration-at-cli","siteSpaceId":"sitesp_UtbXl","description":"Changing from DHCP (default) to static addressing, configuring DNS servers, changing password, and verifying Nutanix vSensor connectivity.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Nutanix vSensor"}]},{"id":"rBnAh6IIYgOhMjjNdQPP","title":"Pairing Nutanix vSensors","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-vsensor/pairing-nutanix-vsensors","siteSpaceId":"sitesp_UtbXl","description":"Pairing Nutanix vSensors with a Vectra Brain appliance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Nutanix vSensor"}]},{"id":"adfSngoNGa7rj0kFHKfu","title":"Traffic capture and validation","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-vsensor/traffic-capture-and-validation","siteSpaceId":"sitesp_UtbXl","description":"Guidance for Nutanix vSensor traffic capture, PCAP generation, and traffic validation.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Nutanix vSensor"}]},{"id":"PaURlMrrSe6jT0xNScP3","title":"Appendix - Service Chaining 1.0 alternate API instructions","pathname":"/deployment/ndr-virtual-cloud-appliances/nutanix-vsensor/appendix-service-chaining-1.0-alternate-api-instructions","siteSpaceId":"sitesp_UtbXl","description":"Use alternate API-based steps to deploy Nutanix Service Chaining 1.0 when UI-based steps cannot complete every task.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"Nutanix vSensor"}]},{"id":"yR8lIHlcTmm1l7uwGcNH","title":"VMware Brain","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-brain","siteSpaceId":"sitesp_UtbXl","description":"Deploy a Vectra Brain on VMware vSphere.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"}]},{"id":"Qmx5X3ZI7fBpakUvqVU5","title":"Introduction and requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-brain/introduction-and-requirements","siteSpaceId":"sitesp_UtbXl","description":"Introductions and requirements for deploying a Vectra Brain appliance in VMware vSphere environments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"VMware Brain"}]},{"id":"P00JJHcQTBlWi630Kutt","title":"VMware deployment details and considerations","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-brain/vmware-deployment-details-and-considerations","siteSpaceId":"sitesp_UtbXl","description":"Guidance for VMware vSensors and Brains including CPU/RAM/Storage, capture ports, modifications required after deployment, use of SANs, vMotion, and unsupported hypervisors.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"VMware Brain"}]},{"id":"GlY7jcl3S0CvqIgwb1ZM","title":"Firewall requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-brain/firewall-requirements","siteSpaceId":"sitesp_UtbXl","description":"Firewall requirements for a VMware Brain deployed in a vSphere environment.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"VMware Brain"}]},{"id":"bAgogUPDTPTTNymwgIJu","title":"Licensing and Brain deployment overview","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-brain/licensing-and-brain-deployment-overview","siteSpaceId":"sitesp_UtbXl","description":"How licensing works for VMware Brains and an overview of the VMware Brain deployment process.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"VMware Brain"}]},{"id":"TRtqNLJu6gWV3jhdAKqq","title":"Brain deployment in VMware","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-brain/brain-deployment-in-vmware","siteSpaceId":"sitesp_UtbXl","description":"How to download the VMware Brain .OVA and deploy it from in VMware.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"VMware Brain"}]},{"id":"yTe1gzaF8nOvkvugRVCm","title":"Initial startup and licensing","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-brain/initial-startup-and-licensing","siteSpaceId":"sitesp_UtbXl","description":"Initial startup, provisioning proxy configuration, and licensing for VMware Brain. Licensing must be completed prior to the main UI or CLI being available.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"VMware Brain"}]},{"id":"tY7ejClU4hgPbvwSX8Wv","title":"vCenter integration","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-brain/vcenter-integration","siteSpaceId":"sitesp_UtbXl","description":"How to configure vCenter integration with your Vectra Brain appliance to help with HostID and enable a virtual infrastructure view.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"VMware Brain"}]},{"id":"L1v8hCA05U6EH1ZZ1qs8","title":"Post deployment guidance","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-brain/post-deployment-guidance","siteSpaceId":"sitesp_UtbXl","description":"Guidance for static addressing, updates, performance testing, integrity checks, configuration validation, licensing checks, and resizing your VMware Brain.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"VMware Brain"}]},{"id":"OxnEVHP2QPNoHQ1tCEcl","title":"VMware vSensor","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-vsensor","siteSpaceId":"sitesp_UtbXl","description":"Deploy and pair VMware vSensors with a Vectra Brain in RUX or QUX deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"}]},{"id":"ZK4nUBasU3z1hohsFy29","title":"Introduction and general requirements","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-vsensor/introduction-and-general-requirements","siteSpaceId":"sitesp_UtbXl","description":"VMware vSensor deployment introduction, resource requirements, performance, supported VMware versions, and connectivity requirements.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"VMware vSensor"}]},{"id":"fkrtlEiJJ5q5NihAVp6Y","title":"VMware deployment details and considerations","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-vsensor/vmware-deployment-details-and-considerations","siteSpaceId":"sitesp_UtbXl","description":"Guidance for VMware vSensors and Brains including CPU/RAM/Storage, capture ports, modifications required after deployment, use of SANs, vMotion, and unsupported hypervisors.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"VMware vSensor"}]},{"id":"sfqNOmemoihEOaSKVs9T","title":"vCenter integration","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-vsensor/vcenter-integration","siteSpaceId":"sitesp_UtbXl","description":"How to configure vCenter integration with your Vectra Brain appliance to help with HostID and enable a virtual infrastructure view.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"VMware vSensor"}]},{"id":"PoTsOdMeLLpZIteeDmLE","title":"vSensor deployment in VMware","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-vsensor/vsensor-deployment-in-vmware","siteSpaceId":"sitesp_UtbXl","description":"Deploy a VMware vSensor, verify prerequisites, configure port groups, and modify 16-core or 32-core vSensors after deployment.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"VMware vSensor"}]},{"id":"98lcyUGycgPlApRbLfln","title":"Initial vSensor configuration at CLI","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-vsensor/initial-vsensor-configuration-at-cli","siteSpaceId":"sitesp_UtbXl","description":"Changing from DHCP (default) to static addressing, configuring DNS servers, changing password, and verifying VMware vSensor connectivity.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"VMware vSensor"}]},{"id":"VWnrXRzMBwiGu2lLK7d9","title":"Pairing VMware vSensors","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-vsensor/pairing-vmware-vsensors","siteSpaceId":"sitesp_UtbXl","description":"Pairing VMware vSensors with a Vectra Brain appliance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"VMware vSensor"}]},{"id":"Yih9UBG8sOsZK1ErqeQa","title":"Capturing physical network traffic with VMware vSensor","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-vsensor/capturing-physical-network-traffic-with-vmware-vsensor","siteSpaceId":"sitesp_UtbXl","description":"How to capture physical network traffic using a VMware vSensor.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"VMware vSensor"}]},{"id":"7HQZMSOIIwNuD6rgaEVc","title":"Traffic capture guidance and validation","pathname":"/deployment/ndr-virtual-cloud-appliances/vmware-vsensor/traffic-capture-guidance-and-validation","siteSpaceId":"sitesp_UtbXl","description":"Guidance for VMware vSensor traffic capture, PCAP generation, and traffic validation.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR virtual / cloud appliances"},{"label":"VMware vSensor"}]},{"id":"hLlsx0CC8A1ZS2QDXXKm","title":"NDR Traffic engineering and validation","pathname":"/deployment/traffic-engineering-and-validation","siteSpaceId":"sitesp_UtbXl","description":"Validate Sensor traffic feeds and troubleshoot capture and quality issues.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"}]},{"id":"nu4XoxNrRcMgnP747F06","title":"Using Vectra packet capture (PCAP)","pathname":"/deployment/traffic-engineering-and-validation/using-vectra-packet-capture-pcap","siteSpaceId":"sitesp_UtbXl","description":"How to capture PCAPs on Vectra Sensors and download them from your Vectra UI.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR Traffic engineering and validation"}]},{"id":"Oko7Bx9q8pLf69uhOfMj","title":"Traffic validation (ENTV)","pathname":"/deployment/traffic-engineering-and-validation/traffic-validation-entv","siteSpaceId":"sitesp_UtbXl","description":"Use ENTV to validate Sensor traffic quality and troubleshoot capture issues.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR Traffic engineering and validation"}]},{"id":"2U59tcWprFOid4E2dn2Z","title":"Traffic validation (ENTV) alerting","pathname":"/deployment/traffic-engineering-and-validation/entv-syscheck-descriptions","siteSpaceId":"sitesp_UtbXl","description":"Descriptions and advice for system health checks related to traffic validation (ENTV) and how to be alerted on them when they are in a critical state.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR Traffic engineering and validation"}]},{"id":"PpXfvp7Ip0ujkcxcuiqK","title":"Traffic visibility drop alerting","pathname":"/deployment/traffic-engineering-and-validation/traffic-visibility-drop-alerting","siteSpaceId":"sitesp_UtbXl","description":"Configure health checks and alerts for drops in traffic visibility, including IP counts, bandwidth, and packet counts.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR Traffic engineering and validation"}]},{"id":"eRYuh62FuM8VBrTgf8Mf","title":"Network traffic recommendations","pathname":"/deployment/traffic-engineering-and-validation/network-traffic-recommendations","siteSpaceId":"sitesp_UtbXl","description":"Recommended traffic mix, Sensor placement, and encapsulation guidance for NDR.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR Traffic engineering and validation"}]},{"id":"Tjx85qKszuB5cDvscFDl","title":"Link aggregation (LACP)","pathname":"/deployment/traffic-engineering-and-validation/link-aggregation-lacp","siteSpaceId":"sitesp_UtbXl","description":"Configure and troubleshoot link aggregation (LACP) on Vectra appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR Traffic engineering and validation"}]},{"id":"xtZ8kNq4NX4SdhPQvKRW","title":"Asymmetry concerns","pathname":"/deployment/traffic-engineering-and-validation/asymmetry-concerns","siteSpaceId":"sitesp_UtbXl","description":"This Knowledge Base article explores the concern of asymmetry in sensor feeds.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR Traffic engineering and validation"}]},{"id":"rvyC7nxMeL3XAORXBQ5s","title":"Encapsulation Endpoints (GRE, ERSPAN, GENEVE, VXLAN)","pathname":"/deployment/traffic-engineering-and-validation/encapsulation-endpoints-gre-erspan-geneve-vxlan","siteSpaceId":"sitesp_UtbXl","description":"Configure Sensor capture interfaces with an IP address to be used as a destination for tunneled encapsulations such as GRE, ERSPAN, GENEVE, and VXLAN traffic.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR Traffic engineering and validation"}]},{"id":"uKUFlBIAB23ujSlvRFgR","title":"Asset Visibility Forwarding","pathname":"/deployment/traffic-engineering-and-validation/asset-visibility-forwarding","siteSpaceId":"sitesp_UtbXl","description":"Forward DHCP, mDNS, and NetBIOS traffic over ERSPAN or GRE to improve asset identity coverage for Sensors and Asset Inventory.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"NDR Traffic engineering and validation"}]},{"id":"R9sN97wo8IdrrK6Mc7JP","title":"Match","pathname":"/deployment/match","siteSpaceId":"sitesp_UtbXl","description":"Start here for Vectra Match deployment, tuning, and troubleshooting.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"}]},{"id":"0YQW4rvoCMT7wq23yZUq","title":"Deployment","pathname":"/deployment/match/deployment","siteSpaceId":"sitesp_UtbXl","description":"Deploying Vectra Match including requirements, throughput, licensing, ruleset management, UI and API deployment, and outputting Matches to downstream receivers.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Match"}]},{"id":"eEuwBLO5v9sX2LZ42nsJ","title":"Introduction and requirements","pathname":"/deployment/match/deployment/introduction-and-requirements","siteSpaceId":"sitesp_UtbXl","description":"Overview of Vectra Match, supported deployments, requirements, permissions, performance notes, and unsupported Suricata features.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Match"},{"label":"Deployment"}]},{"id":"cYV7WjuIRbojKrqK9dYy","title":"Licensing","pathname":"/deployment/match/deployment/licensing","siteSpaceId":"sitesp_UtbXl","description":"How Match licensing works, including online renewals and offline activation for QUX.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Match"},{"label":"Deployment"}]},{"id":"YgODH2pcpKRYXrJyYfx3","title":"Ruleset Management Guidance","pathname":"/deployment/match/deployment/ruleset-management-guidance","siteSpaceId":"sitesp_UtbXl","description":"Ruleset limits, sourcing, tuning workflow, curated ruleset downloads, lifecycle management, and Suricata variable support.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Match"},{"label":"Deployment"}]},{"id":"WnEvUluRSeGOHqsbufYA","title":"Deployment (UI and general guidance)","pathname":"/deployment/match/deployment/deployment-ui-and-general-guidance","siteSpaceId":"sitesp_UtbXl","description":"End-to-end Match deployment using the UI, including enabling Sensors and assigning rulesets.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Match"},{"label":"Deployment"}]},{"id":"OncAgxffQZCcSZjrWbeV","title":"API Deployment","pathname":"/deployment/match/deployment/api-deployment","siteSpaceId":"sitesp_UtbXl","description":"Match API overview and deployment examples for RUX (OAuth) and QUX (token), including ruleset upload and assignment.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Match"},{"label":"Deployment"}]},{"id":"CJE2oINAaYEQIo3kr42X","title":"Outputting Matches to downstream receivers","pathname":"/deployment/match/deployment/outputting-matches-to-downstream-receivers","siteSpaceId":"sitesp_UtbXl","description":"Configure Match output via Stream, syslog, Kafka, and Recall.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Match"},{"label":"Deployment"}]},{"id":"bSB7Qr7cjTudAotV1b3E","title":"FAQ","pathname":"/deployment/match/faq","siteSpaceId":"sitesp_UtbXl","description":"This is a general Frequently Asked Questions (FAQ) article for Vectra Match.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Match"}]},{"id":"at1MCuQ73s9lPc4Yo4HA","title":"Troubleshooting","pathname":"/deployment/match/troubleshooting","siteSpaceId":"sitesp_UtbXl","description":"This guide is designed to provide Vectra Match customers with basic troubleshooting capabilities when operating the Vectra Match platform based upon use cases.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Match"}]},{"id":"D2kFdqyTrYCn83bVSfF1","title":"Vectra curated ruleset","pathname":"/deployment/match/vectra-curated-ruleset","siteSpaceId":"sitesp_UtbXl","description":"Use Vectra's curated ET Pro ruleset for Match and understand what it contains.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Match"}]},{"id":"jGpcZKXzCv3HBMRsGmIJ","title":"Managing rulesets","pathname":"/deployment/match/managing-rulesets","siteSpaceId":"sitesp_UtbXl","description":"Manage Vectra Match rulesets in the UI, including upload, assignment, and rule lifecycle tasks.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Match"}]},{"id":"VjY1AP9zSU3xtsQyGBB2","title":"Performance and rulset optimization","pathname":"/deployment/match/performance-and-rulset-optimization","siteSpaceId":"sitesp_UtbXl","description":"How Suricata/Match performance is measured, what drives throughput, and practical ruleset tuning tips (noise reduction, profiling, bypass rules, and resizing guidance).","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Match"}]},{"id":"sHEZ1VksNpnQFXPS2vge","title":"Suricata configuration","pathname":"/deployment/match/suricata-configuration","siteSpaceId":"sitesp_UtbXl","description":"Review the sample suricata.yaml configuration used by Vectra Sensors that run Match.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Match"}]},{"id":"anlHxv724VdksVpgUwNz","title":"Stream","pathname":"/deployment/stream","siteSpaceId":"sitesp_UtbXl","description":"Deploy and configure Vectra Stream to forward security-enriched network metadata to your data lake or SIEM.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"}]},{"id":"YMveCuWsYVCKdinyGPlr","title":"Introduction and requirements","pathname":"/deployment/stream/introduction-and-requirements","siteSpaceId":"sitesp_UtbXl","description":"Introduction to Stream deployment, licensing steps, and connectivity requirements.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"}]},{"id":"TUUUEOvuq2t8pqtjt7uG","title":"Stream sizing","pathname":"/deployment/stream/stream-sizing","siteSpaceId":"sitesp_UtbXl","description":"Sizing guidelines for Stream VMs and M-Series appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"}]},{"id":"LPBQrWzvUPqmzM1oea1y","title":"Preparing to deploy Stream","pathname":"/deployment/stream/preparing-to-deploy-stream","siteSpaceId":"sitesp_UtbXl","description":"Download Stream images and collect deployment inputs, including Brain details and Sensor Registration Tokens (SRTs).","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"}]},{"id":"53VzjVc3VjsrqaIx69nw","title":"Deployment","pathname":"/deployment/stream/deployment","siteSpaceId":"sitesp_UtbXl","description":"Platform-specific Stream deployment guides as part of overall Stream deployment and configuration process.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"}]},{"id":"zER5qPmIX72yTJLh19Wa","title":"VMware Stream deployment","pathname":"/deployment/stream/deployment/vmware-stream-deployment","siteSpaceId":"sitesp_UtbXl","description":"Deploy Stream on VMware using an OVA via vCenter/vSphere or via the Brain CLI provisioning command.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"},{"label":"Deployment"}]},{"id":"Fo6xtz7GhzQ3AcL1BUQ3","title":"Hyper-V Stream deployment","pathname":"/deployment/stream/deployment/hyper-v-stream-deployment","siteSpaceId":"sitesp_UtbXl","description":"Deploy Stream on Hyper-V using the provided VHD and PowerShell deployment script.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"},{"label":"Deployment"}]},{"id":"WNxmnzIV3e5PTlpxWpOw","title":"KVM Stream deployment","pathname":"/deployment/stream/deployment/kvm-stream-deployment","siteSpaceId":"sitesp_UtbXl","description":"Deploy Stream on KVM using the image tarball and `vectra-stream.sh`, with basic `virsh` troubleshooting tips.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"},{"label":"Deployment"}]},{"id":"yeaFCg7Fa0HOoyfaEB1x","title":"AWS Stream deployment","pathname":"/deployment/stream/deployment/aws-stream-deployment","siteSpaceId":"sitesp_UtbXl","description":"Deploying Stream in AWS environments using and image from the AWS Marketplace.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"},{"label":"Deployment"}]},{"id":"QT3w615nyV5MxKOGsb2Y","title":"Azure Stream deployment","pathname":"/deployment/stream/deployment/azure-stream-deployment","siteSpaceId":"sitesp_UtbXl","description":"Deploying Stream in Azure using a image from the Azure Marketplace.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"},{"label":"Deployment"}]},{"id":"1paMbavjVHzprdg7CQ6D","title":"GCP Stream deployment","pathname":"/deployment/stream/deployment/gcp-stream-deployment","siteSpaceId":"sitesp_UtbXl","description":"Deploy Stream in GCP using `gcloud infra-manager` with aVectra-provided template and image shared to you from Vectra.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"},{"label":"Deployment"}]},{"id":"lbOlDP2KCOvcdG7uXuvu","title":"M-Series Stream deployment","pathname":"/deployment/stream/deployment/m-series-stream-deployment","siteSpaceId":"sitesp_UtbXl","description":"Quick-start steps to deploy Stream on a physical M-Series appliance, then pair and enable publishing.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"},{"label":"Deployment"}]},{"id":"wu9Zlc0KJ0WJCxV3t7DK","title":"Initial CLI configuration","pathname":"/deployment/stream/initial-cli-configuration","siteSpaceId":"sitesp_UtbXl","description":"Connect to the Stream CLI and configure static IP, gateway, DNS, and password changes if not using DHCP or changes are needed after initial deployment.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"}]},{"id":"W95abYOqGB8HzWouFJJM","title":"Pairing Stream appliances","pathname":"/deployment/stream/pairing-stream-appliances","siteSpaceId":"sitesp_UtbXl","description":"How to pair Stream appliances with your Vectra Brain appliance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"}]},{"id":"nJwnOplOXqLcK9r4Lnku","title":"Metadata filtering and publishing","pathname":"/deployment/stream/metadata-filtering-and-publishing","siteSpaceId":"sitesp_UtbXl","description":"How to configure options for metadata filtering and the destination publisher of your choice.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"}]},{"id":"6jDH7bv4imFpP3Taj3Mx","title":"Publisher specific guidance","pathname":"/deployment/stream/publisher-specific-guidance","siteSpaceId":"sitesp_UtbXl","description":"Instructions for specific publishers that you are using to receive Stream data.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"}]},{"id":"HmPzZaTCo7hbGqNGX4dq","title":"Elastic, Syslog, and Kafka","pathname":"/deployment/stream/publisher-specific-guidance/elastic-syslog-and-kafka","siteSpaceId":"sitesp_UtbXl","description":"Details for Elastic, Syslog, and Kafka Stream publishers.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"},{"label":"Publisher specific guidance"}]},{"id":"YR9X73nY48vSrNdR5urA","title":"ELK integration","pathname":"/deployment/stream/publisher-specific-guidance/elk-integration","siteSpaceId":"sitesp_UtbXl","description":"Integrate Vectra Stream custom content with Elastic, Logstash, and Kibana deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"},{"label":"Publisher specific guidance"}]},{"id":"X76R6Onr8CgisBWuPaON","title":"Splunk integration","pathname":"/deployment/stream/publisher-specific-guidance/splunk-integration","siteSpaceId":"sitesp_UtbXl","description":"This article is meant to be used by customers who will be integrating Vectra Steam metadata into their Splunk installation.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Stream"},{"label":"Publisher specific guidance"}]},{"id":"ySoIu2U3RRPIdqaOYoEr","title":"Recall (QUX only)","pathname":"/deployment/recall-qux-only","siteSpaceId":"sitesp_UtbXl","description":"Start here for Recall setup and access in Quadrant UX deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"}]},{"id":"ByApgdj2Ia3NatzBIrLS","title":"Getting started with Recall","pathname":"/deployment/recall-qux-only/getting-started-with-recall","siteSpaceId":"sitesp_UtbXl","description":"Prerequisites and first steps to start using Recall in Quadrant UX.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Recall (QUX only)"}]},{"id":"pRuPGyJhadRAi7bL8FTo","title":"Enabling forwarding to Recall","pathname":"/deployment/recall-qux-only/enabling-forwarding-to-recall","siteSpaceId":"sitesp_UtbXl","description":"Configure Stream to forward supported metadata to Recall.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Recall (QUX only)"}]},{"id":"MiASBHJAOUcTQ4YTULUU","title":"Recall indices & content for Stream in Elk v7","pathname":"/deployment/recall-qux-only/recall-indices-and-content-for-stream-in-elk-v7","siteSpaceId":"sitesp_UtbXl","description":"Index patterns and packaged content for using Recall with ELK v7.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Recall (QUX only)"}]},{"id":"ruIzksoyLOolfIxMWSXx","title":"SSO access to Recall","pathname":"/deployment/recall-qux-only/sso-access-to-recall","siteSpaceId":"sitesp_UtbXl","description":"Set up SSO for Recall access and troubleshoot common login issues.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Recall (QUX only)"}]},{"id":"I1IY2nRNtjCilGI6zau6","title":"Appliance operations","pathname":"/deployment/appliance-operations","siteSpaceId":"sitesp_UtbXl","description":"Common operational tasks for Vectra appliances, from access to health checks.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"}]},{"id":"E6AMOUTbuaTjNhR9VWFc","title":"Configuring IP settings for appliances","pathname":"/deployment/appliance-operations/configuring-ip-settings-for-appliances","siteSpaceId":"sitesp_UtbXl","description":"Configure IP address settings on Vectra appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Appliance operations"}]},{"id":"tAipobsSHrkQPmOJkaNi","title":"Pairing appliances","pathname":"/deployment/appliance-operations/pairing-appliances","siteSpaceId":"sitesp_UtbXl","description":"Overview of Sensor/Stream pairing, pairing and registration settings, configuring the Brain location and Sensor Registration Token (SRT), and pairing guidance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Appliance operations"}]},{"id":"MeaXhDsyYLbXE6L1gCqd","title":"Unpairing Sensor from Brain","pathname":"/deployment/appliance-operations/unpairing-sensor-from-brain","siteSpaceId":"sitesp_UtbXl","description":"Safely unpair a Sensor from a Brain and clean up pairing state.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Appliance operations"}]},{"id":"IHuNnhbvr1hag2Vo5jG8","title":"SSH login process for CLI","pathname":"/deployment/appliance-operations/ssh-login-process-for-cli","siteSpaceId":"sitesp_UtbXl","description":"This article discusses how users can access the Vectra Support Command Line Interface (vscli) on Vectra appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Appliance operations"}]},{"id":"4PVJDzXvktql6E0Xvmc9","title":"Console access on appliances","pathname":"/deployment/appliance-operations/console-access-on-appliances","siteSpaceId":"sitesp_UtbXl","description":"Access the console on Vectra appliances and log in as the vectra CLI user.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Appliance operations"}]},{"id":"wYnMx0DPY1xMY9QDA3tS","title":"Changing Sensor CLI password","pathname":"/deployment/appliance-operations/changing-sensor-cli-password","siteSpaceId":"sitesp_UtbXl","description":"Change the CLI password for a Vectra Sensor.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Appliance operations"}]},{"id":"R2YlarF29wYy9QvZKt9v","title":"IPMI / iDRAC configuration","pathname":"/deployment/appliance-operations/ipmi-idrac-configuration","siteSpaceId":"sitesp_UtbXl","description":"Configure out-of-band management (IPMI/iDRAC) for Vectra appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Appliance operations"}]},{"id":"tj2meHLl64QtNVYsgXOv","title":"Monitoring appliance health","pathname":"/deployment/appliance-operations/monitoring-appliance-health","siteSpaceId":"sitesp_UtbXl","description":"Monitor the health of physical and virtual Vectra Brain and Sensor appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Appliance operations"}]},{"id":"xF4n4b0gQLps4VnrqrpD","title":"Monitoring Vectra with Zabbix","pathname":"/deployment/appliance-operations/monitoring-vectra-with-zabbix","siteSpaceId":"sitesp_UtbXl","description":"Monitor Brain and Sensor health with Zabbix checks and dashboards.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Appliance operations"}]},{"id":"pj3ZtjoaBtIbaAX4vw1y","title":"Resizing virtual appliances","pathname":"/deployment/appliance-operations/resizing-virtual-appliances","siteSpaceId":"sitesp_UtbXl","description":"Change CPU/RAM/disk resources for virtual Brains, Sensors, and Stream appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Appliance operations"}]},{"id":"6QmzXYG29EtabhtxC7qZ","title":"Shutting down appliances gracefully","pathname":"/deployment/appliance-operations/shutting-down-appliances-gracefully","siteSpaceId":"sitesp_UtbXl","description":"Shutdown and reboot procedures that protect data and prevent corruption.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Appliance operations"}]},{"id":"YikppDbJ8uQq6Exg8vC0","title":"Understanding the v2.5 health API","pathname":"/deployment/appliance-operations/understanding-the-v25-health-api","siteSpaceId":"sitesp_UtbXl","description":"Health API endpoints and fields for monitoring Quadrant UX appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Appliance operations"}]},{"id":"KfD4VbnZ63FyKrRwkmXL","title":"FIPS mode enabling and disabling","pathname":"/deployment/appliance-operations/fips-mode-enabling-and-disabling","siteSpaceId":"sitesp_UtbXl","description":"What FIPS mode for Vectra appliances does and how to enable and disable it.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Appliance operations"}]},{"id":"nmSHRwDfe6TowKimCRvK","title":"Deprecated / Retired","pathname":"/deployment/deprecated-retired","siteSpaceId":"sitesp_UtbXl","description":"Retired products and legacy deployment guidance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"}]},{"id":"j7QrPeXUVd04b9puUsl6","title":"NDR for Cloud (Gigamon)","pathname":"/deployment/deprecated-retired/ndr-for-cloud-gigamon","siteSpaceId":"sitesp_UtbXl","description":"Legacy NDR for Cloud (Gigamon) deployment docs and reference material.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Deprecated / Retired"}]},{"id":"Es5f7bGjUSnIpyJSIMoZ","title":"AWS","pathname":"/deployment/deprecated-retired/ndr-for-cloud-gigamon/aws","siteSpaceId":"sitesp_UtbXl","description":"Legacy NDR for Cloud (Gigamon) guidance for AWS.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Deprecated / Retired"},{"label":"NDR for Cloud (Gigamon)"}]},{"id":"5OqSkvx543nH9NCQhwWh","title":"Azure","pathname":"/deployment/deprecated-retired/ndr-for-cloud-gigamon/azure","siteSpaceId":"sitesp_UtbXl","description":"Legacy NDR for Cloud (Gigamon) guidance for Azure.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Deprecated / Retired"},{"label":"NDR for Cloud (Gigamon)"}]},{"id":"AvwMeF2prQPDVJmIUUeK","title":"Reference architectures","pathname":"/deployment/deprecated-retired/ndr-for-cloud-gigamon/reference-architectures","siteSpaceId":"sitesp_UtbXl","description":"Legacy reference architectures for NDR for Cloud (Gigamon).","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Deprecated / Retired"},{"label":"NDR for Cloud (Gigamon)"}]},{"id":"63fd92cddcc95649f7d08004578452a19576fd7e","title":"NDR for Cloud end of sales and support","pathname":"/deployment/deprecated-retired/ndr-for-cloud-gigamon/ndr-for-cloud-end-of-sales-and-support","siteSpaceId":"sitesp_UtbXl","description":"End-of-sales and end-of-support timeline for NDR for Cloud (Gigamon), including renewal limits and recommended migration options.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Deployment"},{"label":"Deprecated / Retired"},{"label":"NDR for Cloud (Gigamon)"}]},{"id":"OUBJJ2HmQLwVMdemSjoH","title":"Navigation updates in the Vectra UI","pathname":"/configuration/navigation-updates-rux","siteSpaceId":"sitesp_UtbXl","description":"Changes to Vectra UI menu navigation, including updated locations for common settings and workflows.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"}]},{"id":"Wv59pMK25JxwcyONF9ST","title":"ACCESS","pathname":"/configuration/access","siteSpaceId":"sitesp_UtbXl","description":"Access configuration articles for APIs, authentication, SAML SSO, remote support, and other ways to connect to the Vectra platform.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"}]},{"id":"kmVFecwVF4pWmDIOxKYz","title":"API (RUX)","pathname":"/configuration/access/api-rux","siteSpaceId":"sitesp_UtbXl","description":"RUX API guides, Postman quick starts, and versioned references for working with the Vectra platform API.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"}]},{"id":"QToQNHuDdarAeb951cqO","title":"RUX API Postman quick start guide","pathname":"/configuration/access/api-rux/rux-api-postman-quick-start-guide","siteSpaceId":"sitesp_UtbXl","description":"Use the Vectra Platform public Postman collection to get up and running quickly with the new Vectra AI Platform API.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"API (RUX)"}]},{"id":"POnlGW1p9R4kFSRlZtSv","title":"v3.4 API guide (RUX)","pathname":"/configuration/access/api-rux/v34-api-guide-rux","siteSpaceId":"sitesp_UtbXl","description":"Vectra Platform API Guide v3.4 (August 2025) for RUX deployments","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"API (RUX)"}]},{"id":"ryHvWFQ1zyZLzw5vMjDM","title":"v3.3 API guide (RUX)","pathname":"/configuration/access/api-rux/v33-api-guide-rux","siteSpaceId":"sitesp_UtbXl","description":"Vectra Platform API Guide v3.3 (Sep 2024) for Respond UX deployments","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"API (RUX)"}]},{"id":"nv0RjIJr8NnVjoi0hQgf","title":"v3.2 API guide (RUX)","pathname":"/configuration/access/api-rux/v32-api-guide-rux","siteSpaceId":"sitesp_UtbXl","description":"Vectra SaaS API Guide v3.2 (Jan 2024)","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"API (RUX)"}]},{"id":"4Yt6vpZopKuxQ4QqcdCx","title":"v3.1 API guide (RUX)","pathname":"/configuration/access/api-rux/v31-api-guide-rux","siteSpaceId":"sitesp_UtbXl","description":"Vectra SaaS API Guide v3.1 (Jan 2024)","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"API (RUX)"}]},{"id":"llYgQHDtcsyqahaxqfk2","title":"v3.0 API guide (RUX)","pathname":"/configuration/access/api-rux/v30-api-guide-rux","siteSpaceId":"sitesp_UtbXl","description":"Vectra SaaS API Guide v3.0 (Jan 2024)","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"API (RUX)"}]},{"id":"eaFjeh1ff9zLetjAVtQE","title":"API (QUX)","pathname":"/configuration/access/api-qux","siteSpaceId":"sitesp_UtbXl","description":"QUX API guides, Postman quick starts, OAuth2 setup, token authentication, and versioned Vectra API references.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"}]},{"id":"VED4VATBMzbb9FZNSvYi","title":"v2.5 Postman quick start guide using OAuth2","pathname":"/configuration/access/api-qux/v25-postman-quick-start-guide-using-oauth2","siteSpaceId":"sitesp_UtbXl","description":"This article shows how to quickly get started using the QUX v2.5 API using OAuth2 for authentication and the Postman API testing tool.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"API (QUX)"}]},{"id":"IfkwNx8nYgKAIUHMNB32","title":"v2.5 Postman quick start guide using token auth","pathname":"/configuration/access/api-qux/v25-postman-quick-start-guide-using-token-auth","siteSpaceId":"sitesp_UtbXl","description":"This article shows how to quickly get started using the QUX v2.5 API using token authentication and the Postman API testing tool.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"API (QUX)"}]},{"id":"QbcHEatoHdfTVFG0dqOH","title":"v2.5 API guide (QUX)","pathname":"/configuration/access/api-qux/v25-api-guide-qux","siteSpaceId":"sitesp_UtbXl","description":"This guide is for v2.5 of the Vectra REST API for QUX deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"API (QUX)"}]},{"id":"jUDKYgebdsIE6fOARGWx","title":"v2.4 API guide (QUX)","pathname":"/configuration/access/api-qux/v24-api-guide-qux","siteSpaceId":"sitesp_UtbXl","description":"This guide is for v2.4 of the Vectra REST API. For Vectra AI Platform (RUX) users, please see the v3.x REST API Guide.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"API (QUX)"}]},{"id":"Y6zuv1DB2V9uvk1NB77z","title":"v2.2 API guide (QUX)","pathname":"/configuration/access/api-qux/v22-api-guide-qux","siteSpaceId":"sitesp_UtbXl","description":"This guide is for the v2.2 of the Vectra REST API. For Vectra AI Platform (RUX) users, please see the v3.x REST API Guide.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"API (QUX)"}]},{"id":"iuvcMG8hVvgYy7XnyYOR","title":"CLI (Vectra appliances)","pathname":"/configuration/access/cli-vectra-appliances","siteSpaceId":"sitesp_UtbXl","description":"This article explores the commands available in the Command Line Interface (CLI) of Vectra appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"}]},{"id":"aLP6BcF1qf99ZvmAlail","title":"External Authentication (QUX)","pathname":"/configuration/access/external-authentication-qux","siteSpaceId":"sitesp_UtbXl","description":"External authentication setup for QUX, including RADIUS, LDAP, and TACACS+ profile configuration.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"}]},{"id":"4lLZTd6BGn9sledb0Zst","title":"RADIUS (QUX)","pathname":"/configuration/access/external-authentication-qux/radius-qux","siteSpaceId":"sitesp_UtbXl","description":"Configure RADIUS authentication profiles in QUX and assign users to the appropriate external authentication profile.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"External Authentication (QUX)"}]},{"id":"QgglQnyPErJ6KG92gx5L","title":"LDAP (QUX)","pathname":"/configuration/access/external-authentication-qux/ldap-qux","siteSpaceId":"sitesp_UtbXl","description":"Set up LDAP or Active Directory authentication for Vectra, including supported modes, setup steps, and user creation.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"External Authentication (QUX)"}]},{"id":"RyqHYxHKzfGzPQjTpKvG","title":"TACACS+ (QUX)","pathname":"/configuration/access/external-authentication-qux/tacacs-qux","siteSpaceId":"sitesp_UtbXl","description":"Configure TACACS+ authentication profiles in QUX and migrate existing users to TACACS+ profiles with the API.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"External Authentication (QUX)"}]},{"id":"vOnPuNCooChjvSlNXupZ","title":"SAML SSO (RUX)","pathname":"/configuration/access/saml-sso-rux","siteSpaceId":"sitesp_UtbXl","description":"SAML SSO configuration guides for RUX, including supported identity providers and setup workflows.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"}]},{"id":"aLQSKkFflOffFbPxpt58","title":"Any IdP SAML (RUX)","pathname":"/configuration/access/saml-sso-rux/any-idp-saml-rux","siteSpaceId":"sitesp_UtbXl","description":"Enabling RUX (Respond UX) SAML SSO with any SAML 2.0 compliant Identity Provider (IdP).","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"SAML SSO (RUX)"}]},{"id":"RvYIzMeamy4BsXPRQqzO","title":"ADFS SAML (RUX)","pathname":"/configuration/access/saml-sso-rux/adfs-saml-rux","siteSpaceId":"sitesp_UtbXl","description":"Enabling RUX (Respond UX) SAML SSO with ADFS as the Identity Provider (IdP).","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"SAML SSO (RUX)"}]},{"id":"sbZShaw5YgaXXsIo1xHR","title":"Entra ID (Azure AD) SAML (RUX)","pathname":"/configuration/access/saml-sso-rux/entra-id-azure-ad-saml-rux","siteSpaceId":"sitesp_UtbXl","description":"Enabling RUX (Respond UX) SAML SSO with Entra ID (Azure AD) as the Identity Provider (IdP).","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"SAML SSO (RUX)"}]},{"id":"Dmol1BrjyroLSWCzDgzv","title":"Keycloak SAML (RUX)","pathname":"/configuration/access/saml-sso-rux/keycloak-saml-rux","siteSpaceId":"sitesp_UtbXl","description":"Enabling RUX (Respond UX) SAML SSO with Keycloak as the Identity Provider (IdP).","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"SAML SSO (RUX)"}]},{"id":"OfbAVv17vKs5Ik64ufc6","title":"Okta SAML (RUX)","pathname":"/configuration/access/saml-sso-rux/okta-saml-rux","siteSpaceId":"sitesp_UtbXl","description":"Enabling RUX (Respond UX) SAML SSO with Okta as the Identity Provider (IdP).","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"SAML SSO (RUX)"}]},{"id":"B1PYYLwlezFdHgoacHiZ","title":"SAML SSO (QUX)","pathname":"/configuration/access/saml-sso-qux","siteSpaceId":"sitesp_UtbXl","description":"SAML SSO configuration guides for QUX, including supported identity providers and profile setup workflows.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"}]},{"id":"2Zwwym1VrXFSjrlW0D37","title":"Any IdP SAML (QUX)","pathname":"/configuration/access/saml-sso-qux/any-idp-saml-qux","siteSpaceId":"sitesp_UtbXl","description":"Enabling QUX (Quadrant UX) SAML SSO with any SAML 2.0 compliant Identity Provider (IdP).","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"SAML SSO (QUX)"}]},{"id":"YGKZyoS8hRhsVa1IyvwL","title":"ADFS SAML (QUX)","pathname":"/configuration/access/saml-sso-qux/adfs-saml-qux","siteSpaceId":"sitesp_UtbXl","description":"Enabling QUX (Quadrant UX) SAML SSO with ADFS as the Identity Provider (IdP).","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"SAML SSO (QUX)"}]},{"id":"MLTr9PuIt6PKVFEEUpxf","title":"Entra ID (Azure AD) SAML (QUX)","pathname":"/configuration/access/saml-sso-qux/entra-id-azure-ad-saml-qux","siteSpaceId":"sitesp_UtbXl","description":"Enabling QUX (Quadrant UX) SAML SSO with Entra ID (Azure AD) as the Identity Provider (IdP).","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"SAML SSO (QUX)"}]},{"id":"B0I6iJWSmWcnL36Ysmmf","title":"Okta SAML (QUX)","pathname":"/configuration/access/saml-sso-qux/okta-saml-qux","siteSpaceId":"sitesp_UtbXl","description":"Enabling QUX (Quadrant UX) SAML SSO with Okta as the Identity Provider (IdP).","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"SAML SSO (QUX)"}]},{"id":"wBLtNOLTjIldqZx7e5u4","title":"Ping Identity SAML (QUX)","pathname":"/configuration/access/saml-sso-qux/ping-identity-saml-qux","siteSpaceId":"sitesp_UtbXl","description":"Enabling QUX (Quadrant UX) SAML SSO with Ping Identity as the Identity Provider (IdP).","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"SAML SSO (QUX)"}]},{"id":"g3nKv5VEJBk4eFX2TXpa","title":"Vectra remote support","pathname":"/configuration/access/vectra-remote-support","siteSpaceId":"sitesp_UtbXl","description":"Configure and verify Vectra Remote Support for RUX and QUX, including VPN, UI, CLI, proxy, and connectivity requirements.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"}]},{"id":"4CgqSIJVmBc0VoU9JKhE","title":"QUX deployments prior to v9.9","pathname":"/configuration/access/vectra-remote-support/qux-deployments-prior-to-v98","siteSpaceId":"sitesp_UtbXl","description":"Remote support allows authorized Vectra personnel to connect to your Vectra (Brain). This article details how you can enable, disable, and verify the status of remote support.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"},{"label":"Vectra remote support"}]},{"id":"rH7UzNLCrbe9p95mzSNi","title":"RUX allow-list for UI and API","pathname":"/configuration/access/rux-allow-list-for-ui-and-api","siteSpaceId":"sitesp_UtbXl","description":"Details about new allow list feature for RUX that limits access to customer configured IP ranges for both UI and API access and how to submit a ticket requesting it.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"ACCESS"}]},{"id":"XF2ucj710DrW9rh1OlZt","title":"COVERAGE","pathname":"/configuration/coverage","siteSpaceId":"sitesp_UtbXl","description":"Coverage configuration articles for brain setup, network identities, remote users, threat feeds, and related data sources.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"}]},{"id":"nJX4mrET1aYrxpB7dpQI","title":"Brain Setup","pathname":"/configuration/coverage/brain-setup","siteSpaceId":"sitesp_UtbXl","description":"Brain setup guidance for configuring network coverage, identity context, and data sources in the Vectra platform.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"}]},{"id":"3V04yE6gIUEzZuOpfMpJ","title":"IP address classfication","pathname":"/configuration/coverage/brain-setup/ip-address-classfication","siteSpaceId":"sitesp_UtbXl","description":"Configure IP address classifications in RUX and QUX to improve network context and detection accuracy.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"},{"label":"Brain Setup"}]},{"id":"MNI0nHyaM9Ea1OM4v61I","title":"Network Identities (WELI)","pathname":"/configuration/coverage/network-identities-weli","siteSpaceId":"sitesp_UtbXl","description":"Windows Event Log Ingestion guidance for adding network identity context through WELI and supported forwarding options.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"}]},{"id":"jL6rrwhtzL5tS4CIBvD6","title":"Windows Event Log Ingestion (WELI)","pathname":"/configuration/coverage/network-identities-weli/windows-event-log-ingestion-weli","siteSpaceId":"sitesp_UtbXl","description":"Configure WELI to send Kerberos security events to Vectra for PAA detections, Host ID enrichment, and investigation metadata.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"},{"label":"Network Identities (WELI)"}]},{"id":"HqKCSYHQnuLIsLehK9r6","title":"WELI via NXLog","pathname":"/configuration/coverage/network-identities-weli/weli-via-nxlog","siteSpaceId":"sitesp_UtbXl","description":"Configure NXLog forwarding for Windows Event Log Ingestion to provide identity context and Host ID data to Vectra.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"},{"label":"Network Identities (WELI)"}]},{"id":"PcMiF8mk12foFI0bP2Ph","title":"WELI Splunk (Raw TCP / XML) configuration","pathname":"/configuration/coverage/network-identities-weli/weli-splunk-raw-tcp-xml-configuration","siteSpaceId":"sitesp_UtbXl","description":"Windows Event Log Ingestion - Collecting Security Events with Splunk Universal Forwarders and sending data to Vectra in Raw TCP / XML format.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"},{"label":"Network Identities (WELI)"}]},{"id":"vxcBF4hs9Elt69odh0O8","title":"WELI Splunk (syslog / legacy) configuration","pathname":"/configuration/coverage/network-identities-weli/weli-splunk-syslog-legacy-configuration","siteSpaceId":"sitesp_UtbXl","description":"Configure legacy Splunk syslog forwarding for WELI when XML-based ingestion is not available.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"},{"label":"Network Identities (WELI)"}]},{"id":"HosoP5EkRAZEPIaNt0xx","title":"Remote Users","pathname":"/configuration/coverage/remote-users","siteSpaceId":"sitesp_UtbXl","description":"Remote user coverage guides for SASE, SSE, VPN, Zscaler, Netskope, and log ingestion options.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"}]},{"id":"WIr0eRrka31HgFQ2NsRn","title":"Remote users (SASE / SSE)","pathname":"/configuration/coverage/remote-users/remote-users-sase-sse","siteSpaceId":"sitesp_UtbXl","description":"Understand SASE and SSE remote user coverage options, including supported Zscaler and Netskope deployment patterns.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"},{"label":"Remote Users"}]},{"id":"zPwM36hJDZC8nh1baaJ7","title":"Netskope Cloud TAP","pathname":"/configuration/coverage/remote-users/netskope-cloud-tap","siteSpaceId":"sitesp_UtbXl","description":"Configure Netskope Cloud TAP with Vectra NDR, including vSensor setup, SASE IP remapping, and Stitcher deployment guidance for AWS/Azure.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"},{"label":"Remote Users"}]},{"id":"zDfyCFNpz4jghXdjW618","title":"Zscaler ZIA","pathname":"/configuration/coverage/remote-users/zscaler-zia","siteSpaceId":"sitesp_UtbXl","description":"This article discusses Vectra's support of Zscaler Internet Access (ZIA) and provides details for use with both PCAP ingestion and on-prem capture.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"},{"label":"Remote Users"}]},{"id":"DxtDWI6Kkuv44UtOWM08","title":"Zscaler ZPA","pathname":"/configuration/coverage/remote-users/zscaler-zpa","siteSpaceId":"sitesp_UtbXl","description":"Configure Zscaler ZPA log ingestion so Vectra can attribute private application traffic to remote users.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"},{"label":"Remote Users"}]},{"id":"mSjqNPXzcTatJJTkkHOQ","title":"Zscaler ZPA log ingestion via QRadar","pathname":"/configuration/coverage/remote-users/zscaler-zpa-log-ingestion-via-qradar","siteSpaceId":"sitesp_UtbXl","description":"Forward Zscaler ZPA LSS logs from QRadar to Vectra for remote user attribution and traffic visibility.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"},{"label":"Remote Users"}]},{"id":"8oNAMe6stu0z1iP0x641","title":"Optimizing Vectra for use with VPN clients","pathname":"/configuration/coverage/remote-users/optimizing-vectra-for-use-with-vpn-clients","siteSpaceId":"sitesp_UtbXl","description":"How to optimize Vectra observability for VPN clients by using Sensor placement, SASE/SSE integration, EDR integration, Windows Event Log Ingestion, and rDNS.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"},{"label":"Remote Users"}]},{"id":"WmOO6KhwZomPHZ6pvm0L","title":"Threat Feeds","pathname":"/configuration/coverage/threat-feeds","siteSpaceId":"sitesp_UtbXl","description":"Threat feed configuration articles for external STIX feeds and Vectra-managed threat intelligence.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"}]},{"id":"SY6pSn9PkVVuwt3zpOwQ","title":"External threat intel integration","pathname":"/configuration/coverage/threat-feeds/external-threat-intel-integration","siteSpaceId":"sitesp_UtbXl","description":"Configure external STIX 1.2 threat feeds so Vectra can detect malicious IPs, domains, URLs, and user agents.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"},{"label":"Threat Feeds"}]},{"id":"IPMjhcohfYa1WcSbQLsI","title":"Vectra threat intelligence","pathname":"/configuration/coverage/threat-feeds/vectra-threat-intelligence","siteSpaceId":"sitesp_UtbXl","description":"Learn how Vectra Threat Intel works, who can use it, and how to investigate threat intelligence matches.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"},{"label":"Threat Feeds"}]},{"id":"iBligsH0fDGnzX0CTXdX","title":"Asset Inventory coverage best practices","pathname":"/configuration/coverage/asset-inventory-coverage-best-practices","siteSpaceId":"sitesp_UtbXl","description":"Techniques and advice to help ensure good coverage for Asset Inventory, HostID, detections, and metadata used in investigations.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"COVERAGE"}]},{"id":"7HUdHW2JtB0rezb0PkBo","title":"RESPONSE","pathname":"/configuration/response","siteSpaceId":"sitesp_UtbXl","description":"Response configuration articles for lockdown actions, notifications, SIEM, SOAR, and ticketing integrations.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"}]},{"id":"OPfyUpyiWhlP6CmWNqe6","title":"Lockdown","pathname":"/configuration/response/lockdown","siteSpaceId":"sitesp_UtbXl","description":"Lockdown response options for accounts, hosts, and network traffic in supported Vectra deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"}]},{"id":"xE6XRXW7ae9yFBCZJazo","title":"Active Directory Account Lockdown","pathname":"/configuration/response/lockdown/active-directory-account-lockdown","siteSpaceId":"sitesp_UtbXl","description":"Configure and use Active Directory Account Lockdown, including permissions, automatic thresholds, notifications, API usage, and protected account caveats.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"Lockdown"}]},{"id":"x3HkVFcMWg7QHSJBTcwU","title":"Active Directory Account Lockdown custom configuration","pathname":"/configuration/response/lockdown/active-directory-account-lockdown-custom-configuration","siteSpaceId":"sitesp_UtbXl","description":"This article details new Account Lockdown custom configuration options that are available in v8.2+ of Vectra software.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"Lockdown"}]},{"id":"Pzf15jZc9FuHpc3pb6QK","title":"Entra ID (Azure AD) Account Lockdown (RUX)","pathname":"/configuration/response/lockdown/entra-id-azure-ad-account-lockdown-rux","siteSpaceId":"sitesp_UtbXl","description":"FAQ for Entra ID account lockdown in RUX, including availability, behavior, and response workflows.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"Lockdown"}]},{"id":"nNaKXHZO9xYLOCfMMKCj","title":"Host Lockdown (EDR)","pathname":"/configuration/response/lockdown/host-lockdown-edr","siteSpaceId":"sitesp_UtbXl","description":"Frequently asked questions about Host Lockdown which uses an integrated EDR to isolate a host as a response action.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"Lockdown"}]},{"id":"m9EtKThi5he7IX7XzZH8","title":"Traffic Lockdown","pathname":"/configuration/response/lockdown/traffic-lockdown","siteSpaceId":"sitesp_UtbXl","description":"Enable Traffic Lockdown to publish compromised host IPs to a firewall-consumable blocklist for network containment.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"Lockdown"}]},{"id":"1NJBLh5eTwJ2T8lXHDNq","title":"Notifications","pathname":"/configuration/response/notifications","siteSpaceId":"sitesp_UtbXl","description":"Notification configuration for syslog, Kafka, external app alerts, and system health alerts.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"}]},{"id":"1EvcrnBtxVlCPQHtYmQZ","title":"External app alerts (webhook)","pathname":"/configuration/response/notifications/external-app-alerts-webhook","siteSpaceId":"sitesp_UtbXl","description":"Configure webhook-based alert destinations for Vectra prioritization and system alerts in tools like Microsoft Teams.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"Notifications"}]},{"id":"jg86HUw8h3sWiEupF6kB","title":"Syslog guide (QUX)","pathname":"/configuration/response/notifications/syslog-guide-qux","siteSpaceId":"sitesp_UtbXl","description":"Configure QUX syslog forwarding for scoring, detections, campaigns, audit logs, and system health alerts.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"Notifications"}]},{"id":"LFhudaGSFgC6lwLfSl79","title":"Syslog sending to Kafka","pathname":"/configuration/response/notifications/syslog-sending-to-kafka","siteSpaceId":"sitesp_UtbXl","description":"Configure Kafka as a syslog destination for Vectra notifications, including bootstrap server and topic settings.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"Notifications"}]},{"id":"1CkvNv72WXirhrVvkE1Y","title":"Syslog and Kafka message size limits (QUX)","pathname":"/configuration/response/notifications/syslog-and-kafka-message-size-limits-qux","siteSpaceId":"sitesp_UtbXl","description":"Understand syslog and Kafka message truncation limits and how 16 KB log size caps can affect forwarded event fields.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"Notifications"}]},{"id":"YQvWBBlGeExSQGdrrAAx","title":"System alerts","pathname":"/configuration/response/notifications/system-alerts","siteSpaceId":"sitesp_UtbXl","description":"Review Vectra system health alerts for sensor connectivity, capture interfaces, disk health, bandwidth drops, and packet processing.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"Notifications"}]},{"id":"IN2JfHMPk00k57FDAyVC","title":"SIEM","pathname":"/configuration/response/siem","siteSpaceId":"sitesp_UtbXl","description":"SIEM integration guides for forwarding Vectra detections, entity data, and telemetry to supported security platforms.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"}]},{"id":"F6WlbKAZt2urWYv7OBGM","title":"Microsoft Sentinel SIEM integration (RUX)","pathname":"/configuration/response/siem/azure-sentinel-siem-integration-rux","siteSpaceId":"sitesp_UtbXl","description":"Deploy the Microsoft Sentinel (formerly Azure Sentinel) integration for Vectra Respond UX (package v3.3.0), including ingestion, workbooks, analytics rules, and playbooks.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"8Y4vuihTIaAcZLF50pX3","title":"Microsoft Sentinel SIEM Codeless Connector Framework (RUX)","pathname":"/configuration/response/siem/microsoft-sentinel-siem-codeless-connector-framework-rux","siteSpaceId":"sitesp_UtbXl","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"S31V0inEff2STOINh0bd","title":"Vectra RUX Playbooks for Microsoft Sentinel CCF","pathname":"/configuration/response/siem/vectra-rux-playbooks-for-microsoft-sentinel-ccf","siteSpaceId":"sitesp_UtbXl","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"qxP4F7q1x1BlOOhwNm3s","title":"Vectra RUX Best Practices for Microsoft Sentinel CCF","pathname":"/configuration/response/siem/vectra-rux-best-practices-for-microsoft-sentinel-ccf","siteSpaceId":"sitesp_UtbXl","description":"Operate the Vectra AI integration with Microsoft Sentinel after deploying the connector, analytics rules, workbook, and playbooks.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"HTxHTb90I8CEjjNoStYD","title":"Microsoft Sentinel NDR (Detect) integration using AMA","pathname":"/configuration/response/siem/microsoft-sentinel-ndr-detect-integration-using-ama","siteSpaceId":"sitesp_UtbXl","description":"Deploy or migrate Vectra Detect syslog CEF ingestion to Microsoft Sentinel using Azure Monitor Agent (AMA), including Logstash transformation and troubleshooting.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"UWOM3LZNBUjOAEnEo338","title":"Azure Sentinel Stream integration using AMA","pathname":"/configuration/response/siem/azure-sentinel-stream-integration-using-ama","siteSpaceId":"sitesp_UtbXl","description":"Deploy and configure the Vectra Stream app for Microsoft Sentinel using Azure Monitor Agent.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"4NaBq0YrF5zLi72nf2Ts","title":"Azure Sentinel Stream integration using OMS (Deprecated)","pathname":"/configuration/response/siem/azure-sentinel-stream-integration-using-oms","siteSpaceId":"sitesp_UtbXl","description":"Deprecated guide for sending Vectra Stream Raw JSON to Microsoft Sentinel via the OMS (Log Analytics) agent and a Linux collector.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"02aowqy5r1Hm8Q5WBmbY","title":"Crowdstrike Next-Gen SIEM integration (RUX)","pathname":"/configuration/response/siem/crowdstrike-next-gen-siem-integration-rux","siteSpaceId":"sitesp_UtbXl","description":"Ingest Vectra entity scoring events, detection events, and audit events from Vectra Respond UX.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"HuD9vkON3E1o9BqytMJL","title":"Crowdstrike Next-Gen SIEM integration (QUX)","pathname":"/configuration/response/siem/crowdstrike-nextgen-siem-integration-qux","siteSpaceId":"sitesp_UtbXl","description":"Send Vectra Detect (QUX) logs to CrowdStrike NextGen-SIEM via a log collector and HEC, using the provided parser and setup guide.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"GAOnmQSA6i8AZlIadTUF","title":"Google SecOps SIEM integration (QUX)","pathname":"/configuration/response/siem/google-secops-siem-integration-qux","siteSpaceId":"sitesp_UtbXl","description":"Ingest and parse Vectra Detect (QUX) syslog into Google SecOps SIEM for detections, entities, and audit/health/lockdown data.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"HAbLmilMpo1JVf3JFjSl","title":"Google SecOps SIEM integration (RUX)","pathname":"/configuration/response/siem/google-secops-siem-integration-rux","siteSpaceId":"sitesp_UtbXl","description":"Integrate Vectra Respond UX (RUX) with Google SecOps SIEM using the Vectra API, with a deployment guide and configuration template.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"wVb8r7eIPhtvSq87dEND","title":"Google SecOps SIEM Stream integration","pathname":"/configuration/response/siem/google-secops-siem-stream-integration","siteSpaceId":"sitesp_UtbXl","description":"Forward Vectra Stream security-enriched metadata to Google SecOps SIEM via syslog, using the provided implementation guide.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"seT4N7L9kYFgNp3DtTLx","title":"QRadar SIEM integration (RUX)","pathname":"/configuration/response/siem/qradar-siem-integration-rux","siteSpaceId":"sitesp_UtbXl","description":"Install and configure the QRadar integration for RUX, including API clients, workflows, and log source requirements.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"OGFyF3cGFA04BLx9yIE4","title":"QRadar SIEM Integration (QUX)","pathname":"/configuration/response/siem/qradar-siem-integration-qux","siteSpaceId":"sitesp_UtbXl","description":"Install and configure the QRadar integration for QUX, including the Vectra Detect app, syslog log source setup, dashboards, saved searches, and troubleshooting.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"wz1jfDZ83uYpHt5XjjMK","title":"Splunk On-Prem SIEM / Vectra integration guide (start here for RUX)","pathname":"/configuration/response/siem/splunk-siem-vectra-integration-guide-start-here-for-rux","siteSpaceId":"sitesp_UtbXl","description":"Start here for Splunk integration with Vectra Respond UX, including supported add-ons/apps, install matrix, API client setup, and data inputs.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"dCbDW2BBe88O9BL3UVSZ","title":"Splunk Cloud SIEM / Vectra integration guide (start here for RUX)","pathname":"/configuration/response/siem/splunk-siem-vectra-integration-guide-start-here-for-rux-1","siteSpaceId":"sitesp_UtbXl","description":"Start here for Splunk Cloud integration with Vectra Respond UX, including supported add-ons/apps, install matrix, API client setup, and data inputs.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"XdubMvRBK5zW4Wejochm","title":"Splunk SIEM / Vectra integration guide (start here for QUX)","pathname":"/configuration/response/siem/splunk-siem-vectra-integration-guide-start-here-for-qux","siteSpaceId":"sitesp_UtbXl","description":"This article serves as the starting point for Vectra's various integrations with Splunk. Read this prior to any other articles regarding Splunk integration.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"U5TOyUm5fYT6ok2bxLDf","title":"Splunk - Vectra Detect Add-On and Syslog Configuration (QUX)","pathname":"/configuration/response/siem/splunk-vectra-detect-add-on-and-syslog-configuration-qux","siteSpaceId":"sitesp_UtbXl","description":"Install the Technology Add-on for Vectra Detect (JSON) and configure Detect syslog so Splunk parses events into the correct sourcetypes.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"T8CUsZBIYGverb4hrm9G","title":"Splunk - Vectra Detect Integration Steps (QUX)","pathname":"/configuration/response/siem/splunk-vectra-detect-integration-steps-qux","siteSpaceId":"sitesp_UtbXl","description":"End-to-end steps for integrating Vectra Detect (QUX) with Splunk, including which add-ons to install and how to configure the Detect app macro.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"QzRKPsESuVBRiSzIi2OW","title":"Splunk TA - Changing from CEF to JSON for Vectra Detect (QUX)","pathname":"/configuration/response/siem/splunk-ta-changing-from-cef-to-json-for-vectra-detect-qux","siteSpaceId":"sitesp_UtbXl","description":"Migrate Splunk ingestion for Vectra Detect from legacy CEF syslog to full JSON using the new TA, with install, configuration, and validation steps.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"bLCPl8ACQ5cpD5OfPEDv","title":"Splunk - Vectra SaaS Add-on Configuration (QUX)","pathname":"/configuration/response/siem/splunk-vectra-saas-add-on-configuration-qux","siteSpaceId":"sitesp_UtbXl","description":"Install and configure the Vectra SaaS add-on for Splunk, including API client details, proxy options, and data inputs for scoring and detections.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SIEM"}]},{"id":"GbSO6QJGJAzjzvJ55hTn","title":"SOAR","pathname":"/configuration/response/soar","siteSpaceId":"sitesp_UtbXl","description":"SOAR integration guides for connecting Vectra with Google SecOps, XSOAR, Splunk SOAR, and ServiceNow SIR.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"}]},{"id":"iCSHMgdXVHh5aEwPWxn2","title":"Google SecOps SOAR integration (RUX)","pathname":"/configuration/response/soar/google-secops-soar-integration-rux","siteSpaceId":"sitesp_UtbXl","description":"Install the Google SecOps SOAR integration for RUX, including actions, connector, job, and supported use cases.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SOAR"}]},{"id":"apyzqX7jIJJEmNIeRbcE","title":"Google SecOps SOAR integration (QUX)","pathname":"/configuration/response/soar/google-secops-soar-integration-qux","siteSpaceId":"sitesp_UtbXl","description":"Install the Google SecOps SOAR integration for QUX, including actions, connector, job, and supported use cases.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SOAR"}]},{"id":"3tL1AhE5e5eCguDO9RVV","title":"Palo Alto XSOAR integration (QUX)","pathname":"/configuration/response/soar/palo-alto-xsoar-integration-qux","siteSpaceId":"sitesp_UtbXl","description":"Configure Palo Alto XSOAR for QUX deployments, including content pack guidance and supported integration differences.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SOAR"}]},{"id":"SMxhcGt6O32PLErb9RbS","title":"Palo Alto XSOAR integration (RUX)","pathname":"/configuration/response/soar/palo-alto-xsoar-integration-rux","siteSpaceId":"sitesp_UtbXl","description":"Configure Palo Alto XSOAR for RUX deployments, including content pack details and UX-specific implementation notes.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SOAR"}]},{"id":"n675iLgndGylJTJbEHVp","title":"Splunk SOAR integration (RUX)","pathname":"/configuration/response/soar/splunk-soar-integration-rux","siteSpaceId":"sitesp_UtbXl","description":"Install and configure the Splunk SOAR app for RUX, including assets, actions, playbooks, and troubleshooting.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SOAR"}]},{"id":"Y55fM2SejlehYyQKUWbl","title":"Splunk SOAR integration (QUX)","pathname":"/configuration/response/soar/splunk-soar-integration-qux","siteSpaceId":"sitesp_UtbXl","description":"Install and configure the Splunk SOAR app for QUX, including assets, actions, playbooks, and troubleshooting.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SOAR"}]},{"id":"trU9oamuOzXQ5WJSHQUz","title":"ServiceNow SIR SOAR integration (RUX)","pathname":"/configuration/response/soar/servicenow-sir-soar-integration-rux","siteSpaceId":"sitesp_UtbXl","description":"Configure the ServiceNow SIR SOAR integration for RUX and review supported ServiceNow platform versions.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SOAR"}]},{"id":"MrpVtuZZeuX1awSrJgi9","title":"ServiceNow SIR SOAR integration (QUX)","pathname":"/configuration/response/soar/servicenow-sir-soar-integration-qux","siteSpaceId":"sitesp_UtbXl","description":"Configure the ServiceNow SIR SOAR integration for QUX, including compatibility, setup, actions, and limitations.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SOAR"}]},{"id":"8azlSJ7AHkyVzVUJ8oex","title":"Palo Alto XSOAR-XSIAM Integration (RUX)","pathname":"/configuration/response/soar/palo-alto-xsoar-xsiam-integration-rux","siteSpaceId":"sitesp_UtbXl","description":"Deploy the Palo Alto Cortex XSOAR/XSIAM integration for RUX, including incident mirroring, lifecycle sync, commands, and operational guidance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"SOAR"}]},{"id":"ch0cPi6sfTQKY4TiekfF","title":"Ticketing / CMDB","pathname":"/configuration/response/ticketing","siteSpaceId":"sitesp_UtbXl","description":"Ticketing integration guides for ServiceNow ITSM and CMDB workflows with the Vectra platform.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"}]},{"id":"SBiV68gdNN01j2MgBF2u","title":"ServiceNow ITSM ticketing integration (RUX)","pathname":"/configuration/response/ticketing/servicenow-itsm-ticketing-integration-rux","siteSpaceId":"sitesp_UtbXl","description":"Configure ServiceNow ITSM ticketing for RUX and review supported ServiceNow platform versions.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"Ticketing / CMDB"}]},{"id":"PCjvJbPmuPdtLEF0mwAC","title":"ServiceNow ITSM ticketing integration (QUX)","pathname":"/configuration/response/ticketing/servicenow-itsm-ticketing-integration-qux","siteSpaceId":"sitesp_UtbXl","description":"Configure ServiceNow ITSM ticketing for QUX, including MID Server setup, users, profiles, entities, and actions.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"Ticketing / CMDB"}]},{"id":"2iL6H6CRgoZ6hMAOIjXs","title":"ServiceNow CMDB integration (RUX)","pathname":"/configuration/response/ticketing/servicenow-cmdb-integration-rux","siteSpaceId":"sitesp_UtbXl","description":"Integrate Vectra asset discovery with ServiceNow CMDB to enrich asset records and security context.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"RESPONSE"},{"label":"Ticketing / CMDB"}]},{"id":"XSznT3Ya8f0olst345ce","title":"SETUP","pathname":"/configuration/setup","siteSpaceId":"sitesp_UtbXl","description":"Setup articles for account association, backup and restore, EDR integrations, external connectors, and proxies.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"}]},{"id":"rlvGwE4a8lMKl47j0ZQN","title":"Account Association","pathname":"/configuration/setup/account-association","siteSpaceId":"sitesp_UtbXl","description":"Link accounts across network, M365, Entra ID, Azure, and AWS activity to track attacks across identities and hosts.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"}]},{"id":"jtsIPBAqndprmpjo4Y5F","title":"EDR Integrations","pathname":"/configuration/setup/edr-integrations","siteSpaceId":"sitesp_UtbXl","description":"EDR integration guides for adding endpoint context from supported providers to Vectra investigations.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"}]},{"id":"13tFQLmE8h7zXIeMm6NO","title":"Microsoft Defender for Endpoint","pathname":"/configuration/setup/edr-integrations/microsoft-defender-for-endpoint","siteSpaceId":"sitesp_UtbXl","description":"Microsoft Defender for Endpoint FAQ, formerly Microsoft Defender ATP","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"},{"label":"EDR Integrations"}]},{"id":"UGJuP8rXlw68b139YdaQ","title":"Carbon Black Response","pathname":"/configuration/setup/edr-integrations/carbon-black-response","siteSpaceId":"sitesp_UtbXl","description":"How to configure Carbon Black Response (On-Prem) integration","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"},{"label":"EDR Integrations"}]},{"id":"wN7iP2unpbnm467GZInX","title":"Carbon Black Cloud","pathname":"/configuration/setup/edr-integrations/carbon-black-cloud","siteSpaceId":"sitesp_UtbXl","description":"Integrate Carbon Black Cloud EDR with Vectra to enrich hosts with endpoint context for investigations.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"},{"label":"EDR Integrations"}]},{"id":"0pG09P4ITFqj5xPVoF8J","title":"Trellix (FireEye) Endpoint Security (HX)","pathname":"/configuration/setup/edr-integrations/trellix-fireeye-endpoint-security-hx","siteSpaceId":"sitesp_UtbXl","description":"Integrate Trellix FireEye Endpoint Security HX with Vectra to add host context and support response workflows.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"},{"label":"EDR Integrations"}]},{"id":"tRELd4woCwxfQEbIug9l","title":"SentinelOne","pathname":"/configuration/setup/edr-integrations/sentinelone","siteSpaceId":"sitesp_UtbXl","description":"Integrate SentinelOne EDR with Vectra for Host Lockdown, host details, and Host ID enrichment.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"},{"label":"EDR Integrations"}]},{"id":"0wwMSuB9mPbG7Og93AEy","title":"Cybereason","pathname":"/configuration/setup/edr-integrations/cybereason","siteSpaceId":"sitesp_UtbXl","description":"Integrate Cybereason EDR with Vectra to add endpoint host context for investigations and response.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"},{"label":"EDR Integrations"}]},{"id":"mjdslwCrvVh8qMcJc1nZ","title":"Crowdstrike","pathname":"/configuration/setup/edr-integrations/crowdstrike","siteSpaceId":"sitesp_UtbXl","description":"Integrate CrowdStrike EDR with Vectra for EDR process stitching, Host Lockdown, host details, and Host ID enrichment.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"},{"label":"EDR Integrations"}]},{"id":"zRsxjDRwt5EGTJFUbmJS","title":"External Connectors","pathname":"/configuration/setup/external-connectors","siteSpaceId":"sitesp_UtbXl","description":"External connector setup for host identity, cloud, Active Directory, vCenter, SIEM log ingestion, and related integrations.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"}]},{"id":"cfuto8cRXORrWvkGS8Xl","title":"Active Directory","pathname":"/configuration/setup/external-connectors/active-directory","siteSpaceId":"sitesp_UtbXl","description":"Integrate Active Directory with Vectra NDR for host identity context in RUX and QUX deployments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"},{"label":"External Connectors"}]},{"id":"ElmzyEKr7m5pTXgm5149","title":"AWS Host ID integration","pathname":"/configuration/setup/external-connectors/aws-hostid-integration","siteSpaceId":"sitesp_UtbXl","description":"This article goes over the AWS Host ID integration available for Vectra AI NDR deployments that see traffic from AWS VPCs.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"},{"label":"External Connectors"}]},{"id":"1W8iPWYxAKZ7UHi9mJnl","title":"Azure Host ID integration","pathname":"/configuration/setup/external-connectors/azure-hostid-integration","siteSpaceId":"sitesp_UtbXl","description":"This article goes over the Azure Host ID integration available for Vectra AI NDR deployments that see traffic from Azure virtual networks.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"},{"label":"External Connectors"}]},{"id":"KYLMAgjPfBBba8zj5f6C","title":"GCP Host ID integration","pathname":"/configuration/setup/external-connectors/gcp-hostid-integration","siteSpaceId":"sitesp_UtbXl","description":"This article goes over the GCP Host ID integration available for Vectra AI NDR deployments that capture traffic from GCP VPCs.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"},{"label":"External Connectors"}]},{"id":"xCG7XkbL5068HjVFnWU1","title":"SIEM (Vectra Brain ingesting logs)","pathname":"/configuration/setup/external-connectors/siem-vectra-brain-ingesting-logs","siteSpaceId":"sitesp_UtbXl","description":"Configure SIEM event forwarding to Vectra Brain for DHCP and selected Windows event log ingestion use cases.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"},{"label":"External Connectors"}]},{"id":"Sz3VZbYgR6beLYaD0iWu","title":"vCenter integration (VMware)","pathname":"/configuration/setup/external-connectors/vcenter-integration-vmware","siteSpaceId":"sitesp_UtbXl","description":"Configure the Vectra Brain to query the VMware vCenter API (read-only) for infrastructure visibility and vSensor planning.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"},{"label":"External Connectors"}]},{"id":"aLwfeOG6nPfcFsNWSLKN","title":"Proxies","pathname":"/configuration/setup/proxies","siteSpaceId":"sitesp_UtbXl","description":"This article is designed to assist in understanding how Vectra appliances interact with proxy systems.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"SETUP"}]},{"id":"NtwuMhomI2u86nQMYcpX","title":"TUNING","pathname":"/configuration/tuning","siteSpaceId":"sitesp_UtbXl","description":"Tuning guidance for triage filters, AD groups, dynamic groups, and reducing noise from known benign scanning.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"}]},{"id":"Ghc5eZA8vzOVxAZ3gDlU","title":"Triage best practices","pathname":"/configuration/tuning/triage-best-practices","siteSpaceId":"sitesp_UtbXl","description":"Use triage filters to manage known detection behavior, improve scoring precision, and reduce repetitive alert review.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"TUNING"}]},{"id":"KIgDpvz2kB1ZNpVCrzhA","title":"Active Directory (AD) groups","pathname":"/configuration/tuning/active-directory-ad-groups","siteSpaceId":"sitesp_UtbXl","description":"Create and manage Active Directory groups in Vectra to simplify triage filters and influence entity urgency scoring.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"TUNING"}]},{"id":"xIeHO9KLNQtEW0U80zfI","title":"Dynamic groups","pathname":"/configuration/tuning/dynamic-groups","siteSpaceId":"sitesp_UtbXl","description":"How to create and manage dynamic groups that are based on regular expressions (regex) along with FAQs.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"TUNING"}]},{"id":"bpe1t5iys7XwO11rXEBG","title":"Creating triage filters via API","pathname":"/configuration/tuning/creating-triage-filters-via-api","siteSpaceId":"sitesp_UtbXl","description":"Create and manage triage filters through the Vectra API, with examples for QUX API v2.5.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"TUNING"}]},{"id":"gfFoCblJCzD0OzwEqr4C","title":"Noise elimination for Tanium and other mesh scanners","pathname":"/configuration/tuning/noise-elimination-for-tanium-and-other-mesh-scanners","siteSpaceId":"sitesp_UtbXl","description":"Reduce benign detection noise from Tanium and other full-mesh scanners with targeted tuning recommendations.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"TUNING"}]},{"id":"RPLBoVJOmfw3y7btIFMf","title":"QUX specific","pathname":"/configuration/qux-specific","siteSpaceId":"sitesp_UtbXl","description":"QUX-specific configuration articles for SSL certificates, digest emails, login captions, and SMTP settings.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"}]},{"id":"0Hc0VWuZUlpJoQonGUsa","title":"SSL certificate installation","pathname":"/configuration/qux-specific/ssl-certificate-installation","siteSpaceId":"sitesp_UtbXl","description":"This article discusses SSL certificate options for Quadrant UX deployments. For RUX deployments, the cert used to support the GUI is fully managed by Vectra only.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"QUX specific"}]},{"id":"dxEZlRCHGRubIq7antpq","title":"Digest emails","pathname":"/configuration/qux-specific/digest-emails","siteSpaceId":"sitesp_UtbXl","description":"Digest Emails provide a feature to send a summary of detections count per category in for last 24 hours","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"QUX specific"}]},{"id":"BUDeU3i2Flam67xvCZKq","title":"Login caption","pathname":"/configuration/qux-specific/login-caption","siteSpaceId":"sitesp_UtbXl","description":"Create and manage a login caption in Vectra Quadrant UX.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"QUX specific"}]},{"id":"br9l9N5bbrnvikz7egdZ","title":"SMTP configuration (QUX)","pathname":"/configuration/qux-specific/smtp-configuration-qux","siteSpaceId":"sitesp_UtbXl","description":"Configure SMTP on QUX Brain appliances to send email alert notifications.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Configuration"},{"label":"QUX specific"}]},{"id":"eBqtz4TifLzUf1sIkrrR","title":"Analyst Guidance","pathname":"/operations/analyst-guidance","siteSpaceId":"sitesp_UtbXl","description":"Analyst workflow guidance and quick links for investigations, testing, and reporting.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"}]},{"id":"sITyqQV98q2As9ygj278","title":"New close workflow","pathname":"/operations/analyst-guidance/new-close-workflow","siteSpaceId":"sitesp_UtbXl","description":"The New Close Workflow is used to close, resolve, assign, and provide report data for detections and entities.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"rWZfKnCNQuU1v3a0ghp2","title":"Assignnment workflow FAQ","pathname":"/operations/analyst-guidance/assignnment-workflow-faq-prior-to-new-close-workflow","siteSpaceId":"sitesp_UtbXl","description":"FAQ for legacy and new assignment/close workflows, including creating, changing, deleting, and closing assignments.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"QouznRrJ8PxdufKoibWX","title":"Understanding Vectra AI detections","pathname":"/operations/analyst-guidance/understanding-vectra-ai-detections","siteSpaceId":"sitesp_UtbXl","description":"Understand Vectra AI detection models and the behaviors they identify.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"cpRnIpDdL8diCIIsAMPK","title":"Monitoring honeypot (honeytoken) identities","pathname":"/operations/analyst-guidance/monitoring-honeypot-honeytoken-identities","siteSpaceId":"sitesp_UtbXl","description":"Monitor honeypot identities with Vectra Threat Intel to detect activity over RDP, SMB, RPC, NTLM, and Kerberos.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"vbJftmat95XjhEFY0Z0p","title":"Triggering detections for testing purposes","pathname":"/operations/analyst-guidance/triggering-detections-for-testing-purposes","siteSpaceId":"sitesp_UtbXl","description":"This article shows some ways to trigger a Cyptocurrency Mining (like Bitcoin mining for example) or Brute-Force Detection to quickly see if your system is working properly.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"IJcKk8cBCGpnhPVbJIrJ","title":"TCP reset does not stop modern attacks","pathname":"/operations/analyst-guidance/tcp-reset-does-not-stop-modern-attacks","siteSpaceId":"sitesp_UtbXl","description":"Understand why TCP reset is unreliable for modern attacks and review Vectra response and containment options.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"KEHfCguEidvp363333AB","title":"CDR (Detect) for AWS detection test guide","pathname":"/operations/analyst-guidance/cdr-detect-for-aws-detection-test-guide","siteSpaceId":"sitesp_UtbXl","description":"Run an AWS detection test lab with CloudGoat and Pacu to validate CDR for AWS detections in Vectra.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"MuoHfrkBpTqwvNI8UL7A","title":"Recall best practices guide","pathname":"/operations/analyst-guidance/recall-best-practices-guide","siteSpaceId":"sitesp_UtbXl","description":"A guide to understand best practices & recommendations to get the most out of Recall in a fast and efficient way.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"eUJKXR0YAAHEZCM9SoAu","title":"Investigate Quick Start Guide (prior to SQL search)","pathname":"/operations/analyst-guidance/investigate-quick-start-guide-prior-to-sql-search","siteSpaceId":"sitesp_UtbXl","description":"Use the pre-SQL Investigate quick start to build queries, adjust filters, modify columns, and review cloud activity examples.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"zaj23hAG8TgHWIcLb5uI","title":"Advanced search reference guide (QUX)","pathname":"/operations/analyst-guidance/advanced-search-reference-guide-qux","siteSpaceId":"sitesp_UtbXl","description":"Use Advanced Search in QUX to investigate activity and build effective queries.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"ERoGpRqGlFfHkIpFl6J3","title":"Recall custom models - how to create detections (QUX)","pathname":"/operations/analyst-guidance/recall-custom-models-how-to-create-detections-qux","siteSpaceId":"sitesp_UtbXl","description":"Create Recall custom models in QUX to generate detections from saved searches, signatures, indicators, and policy checks.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"hVIFOPXJEP398gB8RFlB","title":"Crowdstrike EDR process correlation user guide","pathname":"/operations/analyst-guidance/crowdstrike-edr-process-correlation-user-guide","siteSpaceId":"sitesp_UtbXl","description":"Configure CrowdStrike EDR process correlation to add endpoint process context to network detections.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"PBvaHUcSsAXp4A8yc0BF","title":"Microsoft Defender EDR process correlation user guide","pathname":"/operations/analyst-guidance/microsoft-defender-edr-process-correlation-user-guide","siteSpaceId":"sitesp_UtbXl","description":"Configure Microsoft Defender for Endpoint (MDE) process correlation to add endpoint process context to network detections.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"b2qkte4MjfrLWq0jAAXH","title":"Vectra self-detection events","pathname":"/operations/analyst-guidance/vectra-self-detection-events","siteSpaceId":"sitesp_UtbXl","description":"Explains expected Vectra cloud/update/metadata-sharing traffic and why it may trigger Hidden HTTPS Tunnel, Multi-home fronted tunnel, or Smash and Grab detections.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"b0Bl1W4e0F5aNleveZrG","title":"Key asset treatment (QUX)","pathname":"/operations/analyst-guidance/key-asset-treatment-qux","siteSpaceId":"sitesp_UtbXl","description":"Mark and monitor key assets in QUX so high-value hosts stand out in filters, detections, dashboards, and notifications.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"s9xwYAQuxhmnvQbVNOex","title":"Exposure Findings - best practices guide","pathname":"/operations/analyst-guidance/exposure-findings-best-practices-guide","siteSpaceId":"sitesp_UtbXl","description":"Use Exposure Findings to identify, prioritize, and reduce attack surface risk from exposed assets and risky communications.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"bno1OWFvn01UCnJfMJV1","title":"Asset Inventory getting started (private preview)","pathname":"/operations/analyst-guidance/asset-inventory-getting-started-private-preview","siteSpaceId":"sitesp_UtbXl","description":"Getting Started with Asset Inventory: Understanding What's On Your Network - Private Preview","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Analyst Guidance"}]},{"id":"ciCcp37DkTgirwL3vAvw","title":"Updates","pathname":"/operations/readme-1","siteSpaceId":"sitesp_UtbXl","description":"Update guidance for Vectra appliances, including offline updates and troubleshooting upgrade status.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"}]},{"id":"bJ1RkqBrcLsqnsGoMx3p","title":"Offline updates (v8.9+)","pathname":"/operations/readme-1/offline-updates-v89","siteSpaceId":"sitesp_UtbXl","description":"Use offline update packages for air-gapped QUX deployments running version 8.9 or later.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Updates"}]},{"id":"zn9Mru81ygFq6HpWZNe8","title":"Offline updates (prior to v8.9)","pathname":"/operations/readme-1/offline-updates-prior-to-v89","siteSpaceId":"sitesp_UtbXl","description":"Use legacy offline update procedures for QUX deployments running Vectra software earlier than version 8.9.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Updates"}]},{"id":"jcVj6vncKcVMtoWfizXa","title":"Troubleshooting updates","pathname":"/operations/readme-1/troubleshooting-updates","siteSpaceId":"sitesp_UtbXl","description":"Troubleshoot Vectra appliance upgrades by checking versions, upgrade status, sensor versions, and version pinning.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Updates"}]},{"id":"57rojlA9rP4vqTS3HOgx","title":"Dashboards and Reports","pathname":"/operations/dashboards-and-reports","siteSpaceId":"sitesp_UtbXl","description":"Dashboard and report guidance for operational, executive, Recall, and custom reporting views.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"}]},{"id":"cTK5qOji7tNj4P1TDnjp","title":"Operational Overview report guidance","pathname":"/operations/dashboards-and-reports/operational-overview-report-guidance","siteSpaceId":"sitesp_UtbXl","description":"Use the Operational Overview report to communicate detection trends, team performance, and operational value.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Dashboards and Reports"}]},{"id":"yJM7RyzKvE4bfJvwoEVa","title":"Executive Overview report guidance","pathname":"/operations/dashboards-and-reports/executive-overview-report-guidance","siteSpaceId":"sitesp_UtbXl","description":"Use the Executive Overview report to brief security leaders on alert noise reduction, threat trends, and business-level outcomes.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Dashboards and Reports"}]},{"id":"ZYeckieUyQGepxfuDhNM","title":"Recall","pathname":"/operations/dashboards-and-reports/recall","siteSpaceId":"sitesp_UtbXl","description":"Recall dashboard guides for certificate expiry, Netlogon exploit visibility, host activity, and related metadata views.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Dashboards and Reports"}]},{"id":"vWVY1g5oewXMALYeSmV7","title":"Recall certificate expiry dashboard","pathname":"/operations/dashboards-and-reports/recall/recall-certificate-expiry-dashboard","siteSpaceId":"sitesp_UtbXl","description":"Use the Recall certificate expiry dashboard to track certificates expiring in the next 7, 30, and 60 days.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Dashboards and Reports"},{"label":"Recall"}]},{"id":"bqotdhWiXU3luACfX8ys","title":"Recall Netlogon exploit visibility dashboard","pathname":"/operations/dashboards-and-reports/recall/recall-netlogon-exploit-visibility-dashboard","siteSpaceId":"sitesp_UtbXl","description":"Use the Recall Netlogon exploit visibility dashboard to investigate traffic related to the Netlogon vulnerability.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Dashboards and Reports"},{"label":"Recall"}]},{"id":"IY2XPFCCy2RNyyvB3JNG","title":"Recall host dashboard","pathname":"/operations/dashboards-and-reports/recall/recall-host-dashboard","siteSpaceId":"sitesp_UtbXl","description":"Use the Recall host dashboard to review historical metadata and activity for a selected host.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Dashboards and Reports"},{"label":"Recall"}]},{"id":"pFyyWNdYUkWFb2kcpzOr","title":"Detection specific guidance","pathname":"/operations/detection-specific-guidance","siteSpaceId":"sitesp_UtbXl","description":"Detection-specific guidance for interpreting selected Vectra detections, behaviors, and investigation context.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"}]},{"id":"jrb9halMA92dAFZS9Xr8","title":"Suspicious Remote Desktop","pathname":"/operations/detection-specific-guidance/suspicious-remote-desktop","siteSpaceId":"sitesp_UtbXl","description":"Understand the Suspicious Remote Desktop detection model and the RDP behavior patterns it identifies.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Detection specific guidance"}]},{"id":"R4Tzrbcxfk5FpBlHu5m2","title":"Hidden HTTPS Tunnel - detection showing proxy IP as target","pathname":"/operations/detection-specific-guidance/hidden-https-tunnel-detection-showing-proxy-ip-as-target","siteSpaceId":"sitesp_UtbXl","description":"Understand why Hidden HTTPS Tunnel detections may show a proxy IP as the target and where to find the destination domain.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Detection specific guidance"}]},{"id":"rspBfN7Z3rTaO5A2PM93","title":"Data Gathering - detected between Brain and Sensor","pathname":"/operations/detection-specific-guidance/data-gathering-detected-between-brain-and-sensor","siteSpaceId":"sitesp_UtbXl","description":"Vectra detected data gathering between the brain and the sensor, triggering an alert.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Detection specific guidance"}]},{"id":"np9RP7vZieYUwhrt6rxy","title":"Suspect Protocol Activity detection descriptions","pathname":"/operations/detection-specific-guidance/suspect-protocol-activity-detection-descriptions","siteSpaceId":"sitesp_UtbXl","description":"This page will explain the different Suspect Protocol Activity (SPA) detections which can appear in the platform and serves as one pager content for the SPA detections.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Detection specific guidance"}]},{"id":"kbmTsqWUIXnVTXABwhQb","title":"Turla and Snake malware","pathname":"/operations/detection-specific-guidance/turla-and-snake-malware","siteSpaceId":"sitesp_UtbXl","description":"Vectra Notice: Turla and Snake Malware","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Detection specific guidance"}]},{"id":"mKXeSmpnTCVCjgZfKv3o","title":"Suspicious Remote Execution","pathname":"/operations/detection-specific-guidance/suspicious-remote-execution","siteSpaceId":"sitesp_UtbXl","description":"Understand the Suspicious Remote Execution detection model and how it identifies suspicious RPC-based remote execution.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Detection specific guidance"}]},{"id":"vgPxivVIdYQz1ubNigk4","title":"Intel AMT (Active Management Technology) detections","pathname":"/operations/detection-specific-guidance/intel-amt-active-management-technology-detections","siteSpaceId":"sitesp_UtbXl","description":"Review Vectra coverage for Intel AMT CVE-2017-5689 activity and related detection behavior.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Detection specific guidance"}]},{"id":"ZJxl0cz5ZpY1ff2GIWcD","title":"Licensing","pathname":"/operations/licensing","siteSpaceId":"sitesp_UtbXl","description":"Licensing guidance for Vectra products, including metrics and license-related reference information.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"}]},{"id":"AH8T1iailfgikfl2NES3","title":"Vectra licensing metrics (all products)","pathname":"/operations/licensing/vectra-licensing-metrics-all-products","siteSpaceId":"sitesp_UtbXl","description":"Review the licensing metrics used across Vectra products.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Licensing"}]},{"id":"jDCdw2fYlzj1cmB7DvGM","title":"Backup / Restore / DR","pathname":"/operations/backup-restore-dr","siteSpaceId":"sitesp_UtbXl","description":"Backup, restore, disaster recovery, and migration guidance for Vectra Brain appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"}]},{"id":"PceGAWWa5rJ1Swhoipa1","title":"Backup and restore (v8.5+)","pathname":"/operations/backup-restore-dr/backup-and-restore-v85","siteSpaceId":"sitesp_UtbXl","description":"Backup and restore guidance for Vectra Brain appliances running version 8.5 or later.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Backup / Restore / DR"}]},{"id":"2gPp2iwIucCX5YdHA2t7","title":"Introduction and changes","pathname":"/operations/backup-restore-dr/backup-and-restore-v85/introduction-and-changes","siteSpaceId":"sitesp_UtbXl","description":"Backup and Restore introduction and changes from earlier versions.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Backup / Restore / DR"},{"label":"Backup and restore (v8.5+)"}]},{"id":"jZRYnKjBmoUkip9gnwW2","title":"Backup and restore FAQ","pathname":"/operations/backup-restore-dr/backup-and-restore-v85/backup-and-restore-faq","siteSpaceId":"sitesp_UtbXl","description":"Frequently asked questions about backup and restore.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Backup / Restore / DR"},{"label":"Backup and restore (v8.5+)"}]},{"id":"HXTbZychnv0BxdsMTS1o","title":"Migration from earlier versions","pathname":"/operations/backup-restore-dr/backup-and-restore-v85/migration-from-earlier-versions","siteSpaceId":"sitesp_UtbXl","description":"Guidance for customers migrating from earlier versions of backup and restore.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Backup / Restore / DR"},{"label":"Backup and restore (v8.5+)"}]},{"id":"8DKuFJtRPy8WUXjopCnC","title":"Scheduling backups and running manual backups","pathname":"/operations/backup-restore-dr/backup-and-restore-v85/scheduling-and-manual-backups","siteSpaceId":"sitesp_UtbXl","description":"How to schedule backups and run backups manually.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Backup / Restore / DR"},{"label":"Backup and restore (v8.5+)"}]},{"id":"e8Pri4Rou35hyseyTYll","title":"Configuring external targets","pathname":"/operations/backup-restore-dr/backup-and-restore-v85/configuring-external-targets","siteSpaceId":"sitesp_UtbXl","description":"How to configure external targets including SCP, SFTP, and S3. Brain to Brain backups. Rotating old backups. Testing, renaming, and removing external backup targets.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Backup / Restore / DR"},{"label":"Backup and restore (v8.5+)"}]},{"id":"SAVJP8Iz9u94oRugLQA8","title":"Restoring backups","pathname":"/operations/backup-restore-dr/backup-and-restore-v85/restoring-backups","siteSpaceId":"sitesp_UtbXl","description":"Guidance for restoring backups and deleting older backup versions.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Backup / Restore / DR"},{"label":"Backup and restore (v8.5+)"}]},{"id":"FZGrgZVxlsw9oOL6twwA","title":"Troubleshooting and additional commands","pathname":"/operations/backup-restore-dr/backup-and-restore-v85/troubleshooting-and-additional-commands","siteSpaceId":"sitesp_UtbXl","description":"Additional backup and restore related commands and troubleshooting advice.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Backup / Restore / DR"},{"label":"Backup and restore (v8.5+)"}]},{"id":"rHC2iipGRu17GkoBMxgL","title":"All commands (syntax examples)","pathname":"/operations/backup-restore-dr/backup-and-restore-v85/all-commands-syntax-examples","siteSpaceId":"sitesp_UtbXl","description":"Examples of all backup and restore related commands.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Backup / Restore / DR"},{"label":"Backup and restore (v8.5+)"}]},{"id":"04EPORys5eoToAxUL4Nc","title":"Disaster recovery and migration (v8.5+)","pathname":"/operations/backup-restore-dr/disaster-recovery-and-migration-v85","siteSpaceId":"sitesp_UtbXl","description":"Plan disaster recovery and Brain migration for Vectra deployments running version 8.5 or later.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Backup / Restore / DR"}]},{"id":"bmLBoJ88KYOVHDNEICq5","title":"DR (Disaster Recover) process","pathname":"/operations/backup-restore-dr/disaster-recovery-and-migration-v85/dr-disaster-recover-process","siteSpaceId":"sitesp_UtbXl","description":"Follow the disaster recovery process for restoring a Brain backup to a target appliance during failover.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Backup / Restore / DR"},{"label":"Disaster recovery and migration (v8.5+)"}]},{"id":"mNJlsaZdOHoEXMTWpa2k","title":"Migration process","pathname":"/operations/backup-restore-dr/disaster-recovery-and-migration-v85/migration-process","siteSpaceId":"sitesp_UtbXl","description":"Follow the migration process for moving from an existing Brain to a replacement or upgraded Brain appliance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Backup / Restore / DR"},{"label":"Disaster recovery and migration (v8.5+)"}]},{"id":"nasO5KQ1pZMu5AidI6Bv","title":"Legacy details prior to v8.5","pathname":"/operations/backup-restore-dr/legacy-details-prior-to-v8.5","siteSpaceId":"sitesp_UtbXl","description":"Legacy backup, restore, disaster recovery, and migration guidance for Vectra versions prior to 8.5.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Backup / Restore / DR"}]},{"id":"5RKhK7ffr1TECQhoBnVp","title":"Backup / Restore (prior to v8.5)","pathname":"/operations/backup-restore-dr/legacy-details-prior-to-v8.5/backup-restore-prior-to-v85","siteSpaceId":"sitesp_UtbXl","description":"Restore backups in Vectra versions prior to 8.5.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Backup / Restore / DR"},{"label":"Legacy details prior to v8.5"}]},{"id":"P5nUN8cZ0wkD0jCVapNm","title":"Disaster recovery process (prior to v8.5)","pathname":"/operations/backup-restore-dr/legacy-details-prior-to-v8.5/disaster-recovery-process-prior-to-v85","siteSpaceId":"sitesp_UtbXl","description":"Plan disaster recovery for Cognito deployments running versions prior to 8.5.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Backup / Restore / DR"},{"label":"Legacy details prior to v8.5"}]},{"id":"U8HFHo5Kt9IhOr3p8bre","title":"Migrating to new Brain (prior to v8.5)","pathname":"/operations/backup-restore-dr/legacy-details-prior-to-v8.5/migrating-to-new-brain-prior-to-v85","siteSpaceId":"sitesp_UtbXl","description":"Migrate to a new Brain appliance in Vectra versions prior to 8.5.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Backup / Restore / DR"},{"label":"Legacy details prior to v8.5"}]},{"id":"UWcWmaU6z9kIhFyNgD2a","title":"Investigate","pathname":"/operations/investigate","siteSpaceId":"sitesp_UtbXl","description":"Investigate guides for AI-assisted search, SQL search, API usage, metadata, and investigation workflows.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"}]},{"id":"aTwBEkA8yYdIl96IOVfq","title":"AI-Assisted Search","pathname":"/operations/investigate/ai-assisted-search","siteSpaceId":"sitesp_UtbXl","description":"Use AI Assisted Search to ask investigation questions in plain language and get context-rich answers and next steps.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Investigate"}]},{"id":"CZSEPRcJ4iFsXAjBtF4H","title":"SQL search","pathname":"/operations/investigate/sql-search","siteSpaceId":"sitesp_UtbXl","description":"Accessing SQL Search, examples, syntax, fields, tables, operators, and functions supported.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Investigate"}]},{"id":"xwE2KTtcnEL22m7keb3x","title":"Vectra AI Platform Investigate FAQ","pathname":"/operations/investigate/vectra-ai-platform-investigate-faq","siteSpaceId":"sitesp_UtbXl","description":"FAQ for Vectra Investigate, including licensing, result limits, retention, search windows, and investigation workflows.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Investigate"}]},{"id":"mtbjNNprrnkVi7J4R4e2","title":"Investigate API user guide","pathname":"/operations/investigate/investigate-api-user-guide","siteSpaceId":"sitesp_UtbXl","description":"Using the RUX Investigate (Metadata) API Manually (e.g., with Postman)","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Investigate"}]},{"id":"uA5M8XgmUhrawtkycFqe","title":"Investigate API metadata schema reference","pathname":"/operations/investigate/investigate-api-metadata-schema-reference","siteSpaceId":"sitesp_UtbXl","description":"Available Tables and Fields for RUX Investigate (Metadata) API Queries","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"Investigate"}]},{"id":"1GuMMioqtcIvPPHZ1gMK","title":"General","pathname":"/operations/general","siteSpaceId":"sitesp_UtbXl","description":"General operations guidance for attack graphs, AI Triage, suspect protocol activity, and RUX portal links.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"}]},{"id":"yMO5x4OcAQHlKcsyn12J","title":"Attack Graph FAQ","pathname":"/operations/general/attack-graph-faq","siteSpaceId":"sitesp_UtbXl","description":"This article details the Attack Graph feature for entities in the Vectra UI.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"General"}]},{"id":"IvpsFKbZgRiGA6KGnpER","title":"AI-Triage in Detail","pathname":"/operations/general/ai-triage-in-detail","siteSpaceId":"sitesp_UtbXl","description":"Learn how AI Triage reviews detections, how it is enabled, and how behavior differs between RUX and QUX.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"General"}]},{"id":"5dKe3ykJD8I9DpUNJRW1","title":"Suspect Protocol Activity detections (feature overview)","pathname":"/operations/general/suspect-protocol-activity-detections-feature-overview","siteSpaceId":"sitesp_UtbXl","description":"Understand Suspect Protocol Activity detections, how they differ from Match, and how to manage SPA settings.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"General"}]},{"id":"VdpqkgVzhXKfaCfMkERY","title":"Using generic portal links (RUX)","pathname":"/operations/general/using-generic-portal-links-rux","siteSpaceId":"sitesp_UtbXl","description":"Generic Portal Links take you to specific pages in your RUX UI after inputting your RUX URL or tenant ID.  You might find these links in Docs, KBs, blogs, or training materials.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"General"}]},{"id":"DMQh3cSg28g5a2XHipaa","title":"Dark mode support for UI","pathname":"/operations/general/dark-mode-support-for-ui","siteSpaceId":"sitesp_UtbXl","description":"How to enable dark mode and switch between light and dark modes.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Operations"},{"label":"General"}]},{"id":"bEgNIayncCPCl9BYSyZ9","title":"AI and ML terminology","pathname":"/reference/ai-and-ml-terminology","siteSpaceId":"sitesp_UtbXl","description":"Definitions for common AI/ML terms used in Vectra docs.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"}]},{"id":"ER53InBcvYBqFPV0F8WU","title":"Vectra AI prioritization and scoring factors","pathname":"/reference/ai-driven-priortization-faq","siteSpaceId":"sitesp_UtbXl","description":"FAQ for AI-driven Prioritization (Urgency scoring) in Respond UX.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"}]},{"id":"bGNRv5OsK2VfEZPlBAPe","title":"Appliance support and EOS / EOL policy","pathname":"/reference/appliance-eos-eol-policy","siteSpaceId":"sitesp_UtbXl","description":"Appliance support policies, End-of-Sale (EOS) announcements, and End-of-Sale/End-of-Life (EOL) dates for Vectra appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"}]},{"id":"YGVd7RRPbzq7bL9oglIm","title":"Bandwidth used between Sensor and Brain","pathname":"/reference/bandwidth-used-between-sensor-and-brain","siteSpaceId":"sitesp_UtbXl","description":"Expected bandwidth from Sensor to Brain and how to interpret low-bandwidth alerts.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"}]},{"id":"TScZFidEeQhDwInAsxpn","title":"How detection PCAPs are generated","pathname":"/reference/how-detection-pcaps-are-generated","siteSpaceId":"sitesp_UtbXl","description":"This article discusses how Detection PCAPs are created as part of Detect for NDR. Selective PCAP is a different feature.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"}]},{"id":"I5DSCVUGx9Hrte6rYY51","title":"In-App support","pathname":"/reference/in-app-support","siteSpaceId":"sitesp_UtbXl","description":"Enable and manage in-app support, including telemetry fields and outbound endpoints.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"}]},{"id":"R5uEiaMjKfeWqjprAWFW","title":"Metadata attributes","pathname":"/reference/metadata-attributes","siteSpaceId":"sitesp_UtbXl","description":"Reference PDFs for Vectra network and cloud metadata fields.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"}]},{"id":"VgrDVseCdKCEcdRkHVnK","title":"Vectra AI Platform network metadata attributes","pathname":"/reference/metadata-attributes/vectra-ai-platform-network-metadata-attributes","siteSpaceId":"sitesp_UtbXl","description":"The attached PDF document describes the Vectra AI Platform Network metadata.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"},{"label":"Metadata attributes"}]},{"id":"1o7hShSlYC0SLgnV2jIK","title":"Vectra AI Platform Azure metadata attributes","pathname":"/reference/metadata-attributes/vectra-ai-platform-azure-metadata-attributes","siteSpaceId":"sitesp_UtbXl","description":"The attached pdf document describes the Vectra AI Platform Azure metadata; this metadata is available in Vectra's Respond UX (RUX) platform and visible in Investigate.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"},{"label":"Metadata attributes"}]},{"id":"4UbRRomQcKvCdYN94ZFS","title":"Vectra AI Platform AWS CloudTrail metadata attributes","pathname":"/reference/metadata-attributes/vectra-ai-platform-aws-cloudtrail-metadata-attributes","siteSpaceId":"sitesp_UtbXl","description":"Review AWS CloudTrail metadata available in the Vectra AI Platform and visible in Investigate.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"},{"label":"Metadata attributes"}]},{"id":"8AJwcTFH4p5a3rylfRkD","title":"Vectra AI Platform Azure AD and M365 metadata attributes","pathname":"/reference/metadata-attributes/vectra-ai-platform-azure-ad-and-m365-metadata-attributes","siteSpaceId":"sitesp_UtbXl","description":"Review Azure AD and M365 metadata available in RUX Advanced Investigations.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"},{"label":"Metadata attributes"}]},{"id":"SaexP8h3tHoetJr4WM3i","title":"Product Security","pathname":"/reference/product-security","siteSpaceId":"sitesp_UtbXl","description":"Product security statements and hardening guidance.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"}]},{"id":"SE1EnOtMtmeiXlQoxC1h","title":"Vectra stance on LPE (Local Privilege Escalation) appliance vulnerabilities","pathname":"/reference/product-security/vectra-stance-on-lpe-local-privilege-escalation-appliance-vulnerabilities","siteSpaceId":"sitesp_UtbXl","description":"Review Vectra's stance on local privilege escalation vulnerabilities affecting appliances.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"},{"label":"Product Security"}]},{"id":"9UiMReRN12J1jVgyLMQy","title":"Vectra statement on Ubuntu 20.04 LTS reaching EOL","pathname":"/reference/product-security/vectra-statement-on-ubuntu-2004-lts-reaching-eol","siteSpaceId":"sitesp_UtbXl","description":"Review Vectra guidance for Ubuntu 20.04 LTS end of support on appliance base operating systems.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"},{"label":"Product Security"}]},{"id":"zIK4BXDdnsEhd4gh9NIN","title":"Detect for AWS compliance brief","pathname":"/reference/product-security/detect-for-aws-compliance-brief","siteSpaceId":"sitesp_UtbXl","description":"Review how Vectra secures customer data for Detect for AWS.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"},{"label":"Product Security"}]},{"id":"OqZpNcqLvcb2PuGcbDF5","title":"Recall security and privacy statement","pathname":"/reference/product-security/recall-security-and-privacy-statement","siteSpaceId":"sitesp_UtbXl","description":"Review the Recall security and privacy statement PDF.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"},{"label":"Product Security"}]},{"id":"aNMdQmLF59y96tGDXmu2","title":"Vectra hardening (appliances)","pathname":"/reference/product-security/vectra-hardening-appliances","siteSpaceId":"sitesp_UtbXl","description":"How Vectra hardens appliances, including patching, encryption, and vulnerability management.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"},{"label":"Product Security"}]},{"id":"cLEy0ysCxaud5L3zlXjD","title":"RSPAN and ERSPAN support","pathname":"/reference/rspan-and-erspan-support","siteSpaceId":"sitesp_UtbXl","description":"RSPAN and ERSPAN compatibility for Vectra Sensors, including VLAN tag limits.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"}]},{"id":"3grOJfTVuETmSjSOu3M6","title":"Host ID best practices and functionality","pathname":"/reference/understanding-vectra-host-naming","siteSpaceId":"sitesp_UtbXl","description":"Understand Vectra Host ID, host naming behavior, and best practices for configuration and traffic engineering.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"}]},{"id":"ccc42daf45bcf3d8beeee4c71aacf97713b76e71","title":"Vectra's coverage of MITRE ATT&CK and D3FEND","pathname":"/reference/vectra-coverage-of-mitre-attandck-and-d3fend","siteSpaceId":"sitesp_UtbXl","description":"See how Vectra maps detections to MITRE ATT&CK v18 and supports MITRE D3FEND countermeasures, with navigator layers and export files.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"}]},{"id":"227d0b19791bf73f49e25724776e6198885fe221","title":"Vectra UI supported browsers","pathname":"/reference/vectra-ui-supported-browsers","siteSpaceId":"sitesp_UtbXl","description":"Supported browsers and version support policy for the Vectra UI.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"}]},{"id":"QoGSrStL9RGB3EGkxd7h","title":"Why is metadata sharing important","pathname":"/reference/why-is-metadata-sharing-important","siteSpaceId":"sitesp_UtbXl","description":"How metadata sharing works, what data is shared, and why it matters.","breadcrumbs":[{"label":"Documentation","icon":"book-blank"},{"label":"Reference"}]},{"id":"3SKL7kaOhZFpCM4rfYQ3","title":"Release Notes","pathname":"/release-notes","siteSpaceId":"sitesp_J0IgS","emoji":"1f4dd","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"}]},{"id":"FTf8GKHyTv9COu8wfqF8","title":"2026 RUX Release Notes","pathname":"/release-notes/respond-ux-rux/2026-rux-release-notes","siteSpaceId":"sitesp_J0IgS","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Respond UX (RUX)"}]},{"id":"g9w8cANeQepLZfKbvvfu","title":"2025 RUX Release Notes","pathname":"/release-notes/respond-ux-rux/2025-rux-release-notes","siteSpaceId":"sitesp_J0IgS","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Respond UX (RUX)"}]},{"id":"Sf9P9PQjQoyt77fdgUpD","title":"2024 RUX Release Notes","pathname":"/release-notes/respond-ux-rux/2024-rux-release-notes","siteSpaceId":"sitesp_J0IgS","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Respond UX (RUX)"}]},{"id":"bBuUxNV3wvrhzDJrmGOQ","title":"2026 QUX Release Notes","pathname":"/release-notes/quadrant-ux-qux/2026-qux-release-notes","siteSpaceId":"sitesp_J0IgS","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"}]},{"id":"ZIFVDS67oVRksBlAFWTb","title":"2025 QUX Release Notes","pathname":"/release-notes/quadrant-ux-qux/2025-qux-release-notes","siteSpaceId":"sitesp_J0IgS","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"}]},{"id":"WSGk3WgqHFF9WEVqDKIo","title":"Archived QUX Release Notes","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes","siteSpaceId":"sitesp_J0IgS","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"}]},{"id":"FVxh86SM9KmVvirUT6wl","title":"v9.0 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-ai-platform-90-release-notes","siteSpaceId":"sitesp_J0IgS","description":"Vectra AI Platform - 9.0 Release Notes with new Dynamic Group support of QUX and launch of High Performance GCP Brains","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"SndXihNqrdER4LVg6flA","title":"v8.10 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-ai-platform-810-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"bxUkHyx8ED9lPmafm9j8","title":"v8.9 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-ai-platform-89-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"lREFBf0uUoQmPMgk5fBS","title":"v8.8 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-ai-platform-88-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"DDZp6YIFpXQ82IxlkUvc","title":"v8.7 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-87-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"K6kMyp3vSCq7RTK90HOJ","title":"v8.6 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-86-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"nU3bWrVJnw3sDVlq2a5s","title":"v8.5 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-85-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"SIXqFBPTtcZGYuecvZNY","title":"v8.4 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-84-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"LvKfILY4YQsdLaz8wwJB","title":"v8.3 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-83-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"JB5XRQJakKFlFpy21sDO","title":"v8.2 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-82-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"cz3bx8tePAB2xJ7dlPSP","title":"v8.1 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-81-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"g2FumlXVN6WDu16HPgI1","title":"v8.0 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-80-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"ZLufAow7uRXCoyBkgujb","title":"v7.9 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-79-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"jZM0evfhKTGAn0pDlQuY","title":"v7.8 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-78-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"sQZHBT62Yh3FqXkW2HYE","title":"v7.7 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-77-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"tKit7M1f0X0biHPVHz2F","title":"v7.6 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-76-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"n1a0BHlSmnfkoO0CZEOn","title":"v7.5 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-75-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"gauLzO1NfRtFRz0sUTok","title":"v7.4 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-74-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"x98ATQ1Up42Ft0o3pW38","title":"v7.3 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-73-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"DqMsxfuj9VB0QUKvHsDX","title":"v7.2 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-72-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"ywD1cO19eaagUXfxJZWW","title":"v7.1 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-71-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"2qo9bKS86j1qAFjBVZPf","title":"v7.0 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-70-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"8gHidVMmZntKTBXTzEWL","title":"v6.20 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-620-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"CVv93lcPlFu6kZhRxeeI","title":"v6.19 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-detect-for-network-619-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"JEJd2WpcjqwuchAJP3t6","title":"v6.18 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-cognito-618-release-notes","siteSpaceId":"sitesp_J0IgS","description":"Cognito Version 6.18 Release Notes","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"7ToNNdB8dedzA3xy3ccK","title":"v6.17 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-cognito-617-release-notes","siteSpaceId":"sitesp_J0IgS","description":"Cognito Version 6.17 Release Notes","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"noSHyU6k5GwGRYDmRU0m","title":"v6.16 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/v6.16-release-notes-qux","siteSpaceId":"sitesp_J0IgS","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"5NWCD7QnbcwPvXE3xlPA","title":"v6.15 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/v6.15-release-notes-qux","siteSpaceId":"sitesp_J0IgS","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"IMFa0dBWK2yFiQ1y3krI","title":"v6.14 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/v6.14-release-notes-qux","siteSpaceId":"sitesp_J0IgS","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"nuhNAZqTRXAsj6d9rQ6Y","title":"v6.13 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/v6.13-release-notes-qux","siteSpaceId":"sitesp_J0IgS","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"jYpWpkd4mjbbUnX5ZzlK","title":"v6.12 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/v6.12-release-notes-qux","siteSpaceId":"sitesp_J0IgS","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"ditCdep2yNov5ptLYFbm","title":"v6.11 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-cognito-611-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"Jr10GmnCvaclMsFiv7Jt","title":"v6.10 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/v6.10-release-notes-qux","siteSpaceId":"sitesp_J0IgS","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"VDSWywWr6NE0FnHYLYvG","title":"v6.9 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-cognito-69-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"5P3NNLMMhSzGJPtkqn7y","title":"v6.8 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-cognito-68-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"jTIoVsA3wFOvJ8I5vEs1","title":"v6.7 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-cognito-67-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"7PUR6MX83MKI35krtoOs","title":"v6.6 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/v6.6-release-notes-qux","siteSpaceId":"sitesp_J0IgS","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"Hu0QsO9kLN3vUswWZOUs","title":"v6.5 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-cognito-65-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"T2e3yhOBIioTGW2kZgKs","title":"v6.4 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-cognito-64-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"zEuDnOYoYXYXKB6YwbsR","title":"v6.3 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-cognito-63-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"dS9KEMNs97fXt9NMczQ6","title":"v6.2 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-cognito-62-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"b5tBOZQPyHEr8UDPUju6","title":"v6.1 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-cognito-61-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"kKuBJymMOIRXYXoxlpeq","title":"v6.0 Release Notes (QUX)","pathname":"/release-notes/quadrant-ux-qux/archived-qux-release-notes/vectra-cognito-60-release-notes","siteSpaceId":"sitesp_J0IgS","description":"","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Quadrant UX (QUX)"},{"label":"Archived QUX Release Notes"}]},{"id":"YO0NfHmGfYInhlSiccSn","title":"Bug Fixes","pathname":"/release-notes/bug-fixes","siteSpaceId":"sitesp_J0IgS","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"}]},{"id":"TqVALY68xi11BVBqDjUR","title":"Coming soon","pathname":"/release-notes/doc-site-updates/coming-soon","siteSpaceId":"sitesp_J0IgS","description":"As major changes happen to the documentation site, look for relevant updates here.","breadcrumbs":[{"label":"Release Notes","icon":"file-lines"},{"label":"Doc Site Updates"}]},{"id":"hREB4vvaF4gy8SBi79i4","title":"Welcome","pathname":"/api-reference","siteSpaceId":"sitesp_6TKp1","description":"Landing page for Vectra API documentation.","breadcrumbs":[{"label":"API Reference","icon":"terminal"}]},{"id":"zlasPqerMemL6Gvw3v08","title":"Live documentation","pathname":"/api-reference/respond-ux-rux/live-documentation","siteSpaceId":"sitesp_6TKp1","description":"Temporary page linking to the live v3.x API documentation site until it is migrated into the main Vectra documentation site in a future update.","breadcrumbs":[{"label":"API Reference","icon":"terminal"},{"label":"Respond UX (RUX)"}]},{"id":"njH9eu74kH4nq2PaW1uB","title":"Help Center","pathname":"/help-center","siteSpaceId":"sitesp_1RviA","breadcrumbs":[{"label":"Help Center","icon":"life-ring"}]}]}