Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Vectra Networks Vectra

 

The JSA DSM for Vectra Networks Vectra collects events from the Vectra Networks Vectra X-Series platform.

The following table describes the specifications for the Vectra Networks Vectra DSM:

Table 1: Vectra Networks Vectra DSM Specifications

Specification

Value

Manufacturer

Vectra Networks

DSM name

Vectra Networks Vectra

RPM file name

DSM-VectraNetworksVectra-JSA_version-build_number.noarch.rpm

Supported versions

V2.2

Protocol

Syslog

Event Format

Common Event Format

Recorded event types

Host scoring, command and control, botnet activity, reconnaissance, lateral movement, exfiltration

Automatically discovered?

Yes

Includes identity?

No

Includes custom properties?

No

More information

Vectra Networks Website (http://www.vectranetworks.com)

To integrate Vectra Networks Vectra with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console in the order that they are listed:

    • DSMCommon RPM

    • Vectra Networks Vectra DSM RPM

  2. Configure your Vectra Networks Vectra device to send syslog events to JSA.

  3. If JSA does not automatically detect the log source, add a Vectra Networks Vectra log source on the JSA Console. The following table describes the parameters that require specific values for Vectra Networks Vectra event collection:

    Table 2: Vectra Networks Vectra Log Source Parameters

    Parameter

    Value

    Log Source type

    Vectra Networks Vectra

    Protocol Configuration

    Syslog

    Log Source Identifier

    A unique identifier for the log source.

The following table provides a sample event message for the Vectra Networks Vectra DSM:

Table 3: Vectra Networks Vectra Sample Message.

Event Name

Low level category

Sample log message

Host Scoring

Backdoor Detected

<13>Dec 22 16:38:53 
S11181714900481 - -: 
CEF:0|Vectra Networks|
Vectra|2.3|HSC|Host 
Score Change|3|externalId
=283 cat=HOST SCORING 
shost=IP-20.20.1.2 src=
20.20.1.2 flexNumber1=26 
flexNumber1Label=threat 
flexNumber2=60 flexNumber
2Label=certainty cs4=https:
//10.0.4.49/hosts/283 
cs4Label=URL start=
1450831133169 end=
1450831133169