Vectra AI Publishes Automated Response Integrations Framework on GitHub

March 20, 2024
Justin Howe
Sr. Professional Services Manager
Vectra AI Publishes Automated Response Integrations Framework on GitHub

Security works better together

In an industry that requires an entire technology stack to complete its purpose — to protect the organization from cyber attackers — we have all come to the conclusion that security just works better together.  

When separate security technologies like EDRs, SIEMs, SOARs, firewalls, NDRs and other tools are siloed, SOC programs have gaps in coverage, allowing attackers to elusively slip through backdoors and weakened defenses. In addition, silos cause analysts to act slower, taking more time to pivot from one tool to another as they investigate and enact response actions. When security does not work together, SOC programs lose out on the opportunity to effectively respond...and to respond with the utmost confidence.  

That is why technology integrations are the heart of the modern SOC as the bloodline that allows cybersecurity professionals to protect their organizations.

Vectra AI enables effective response through our integrations and frameworks

At Vectra AI, we recognize that technology integrations are the centerpiece to a modern SOC and aim at enabling our customers to take effective and rapid response actions. Vectra AI is a robust, open technology ecosystem that provides response capabilities wherever our customers need, whether that’s through incident management and response technology integrations such as SOARs or through response frameworks such as the Vectra Automated Response Integrations Framework.

What is the Vectra Automated Response Integrations Framework?

The Vectra Automated Response integrations framework extends Vectra’s robust suite of integration tools to allow for rapid response of security threats through firewalls, endpoint detection and response (EDR) tools, security orchestration, automation, and response (SOAR) tools, and more. This framework rapidly deploys as a docker container and targets hosts and accounts that are observed behaving in ways above a user-defined security priority threshold — sending immediate notification of such via email and/or syslog, while issuing entity isolation actions to the configured third-party tools.

Now, customers can maintain critical enforcement points which are supported by this framework, further extending Vectra AI’s value across all types of integrations.  

To take advantage of this tool, please visit Vectra’s public GitHub.  

FAQs