Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Vectra Networks Vectra

The JSA DSM for Vectra Networks Vectra collects events from the Vectra Networks Vectra X-Series platform.

The following table describes the specifications for the Vectra Networks Vectra DSM:

Table 1: Vectra Networks Vectra DSM Specifications

Specification

Value

Manufacturer

Vectra Networks

DSM name

Vectra Networks Vectra

RPM file name

DSM-VectraNetworksVectra-JSA_version-build_number.noarch.rpm

Supported versions

V2.2

Protocol

Syslog

Event Format

Common Event Format (CEF). CEF:0 is supported.

Recorded event types

Host scoring, command and control, botnet activity, reconnaissance, lateral movement, exfiltration

Automatically discovered?

Yes

Includes identity?

No

Includes custom properties?

No

More information

Vectra Networks Website (http://www.vectranetworks.com)

To integrate Vectra Networks Vectra with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console in the order that they are listed:

    • DSMCommon RPM

    • Vectra Networks Vectra DSM RPM

  2. Configure your Vectra Networks Vectra device to send syslog events to JSA.

  3. If JSA does not automatically detect the log source, add a Vectra Networks Vectra log source on the JSA Console. The following table describes the parameters that require specific values for Vectra Networks Vectra event collection:

    Table 2: Vectra Networks Vectra Log Source Parameters

    Parameter

    Value

    Log Source type

    Vectra Networks Vectra

    Protocol Configuration

    Syslog

    Log Source Identifier

    A unique identifier for the log source.

The following table provides a sample event message for the Vectra Networks Vectra DSM:

Table 3: Vectra Networks Vectra Sample Message.

Event Name

Low level category

Sample log message

Host Scoring

Backdoor Detected

<13>Dec 22 16:38:53 
S11181714900481 - -: 
CEF:0|Vectra Networks|
Vectra|2.3|HSC|Host 
Score Change|3|externalId
=283 cat=HOST SCORING 
shost=IP-20.20.1.2 src=
20.20.1.2 flexNumber1=26 
flexNumber1Label=threat 
flexNumber2=60 flexNumber
2Label=certainty cs4=https:
//10.0.4.49/hosts/283 
cs4Label=URL start=
1450831133169 end=
1450831133169