Vectra AI's Detections

Protecting your network from malicious behaviors.

Knowing the adversary is a traditional approach to defense. However, focusing on the myriad adversaries can be challenging. At Vectra AI, we build powerful AI-driven detections designed to find any threat based on their behaviors.

By Kill Chain Stage

Reconnaissance Lateral Movement Command & Control Exfiltration Botnet

By Attack Surface

Network Azure AD & M365 AWS

How Vectra AI Detects Threats

The modern cyber threat landscape is vast and varied, with over 250 known adversaries employing a myriad of tactics, techniques, and procedures (TTPs) to infiltrate and exploit networks. Despite this diversity, these adversaries often exhibit similar behaviors.

At Vectra AI, we understand these behaviors and have built advanced AI-driven detections to protect you against both known and unknown threats.

Our detection mechanisms are powered by advanced AI algorithms and machine learning techniques. By continuously analyzing network traffic and user behavior, Vectra AI identifies anomalies that could indicate malicious activity. Our platform is designed to detect a wide range of behaviors, including:

Command & Control: Identifying external entities controlling internal hosts.
Lateral Movement: Detecting attempts to move laterally within the network.
Reconnaissance: Uncovering efforts to map out network infrastructure.
Data Exfiltration: Recognizing unauthorized data transfers out of the network.
Privilege Escalation: Detecting unusual privilege-related activities.

Vectra AI's Detections

How Vectra AI Detects Threats

Detection Categories

Detections of Reconnaissance Activities

AWS Network Configuration Discovery

AWS Organization Discovery

AWS S3 Enumeration

AWS Suspect Credential Access from EC2

AWS Suspect Credential Access from ECS

AWS Suspect Credential Access from SSM

AWS Suspect Discovery From EC2 Instance

AWS Suspect Escalation Reconnaissance

AWS Suspicious EC2 Enumeration

AWS User Permissions Enumeration

File Share Enumeration

Internal Darknet Scan

Kerberoasting: Cipher Downgrade

Kerberoasting: SPN Sweep

Kerberos Account Scan

Kerberos Brute-Sweep

M365 Suspect eDiscovery Usage

M365 Suspicious Compliance Search

M365 Unusual eDiscovery Search

RDP Recon

RPC Recon

RPC Targeted Recon

SMB Account Scan

Suspicious LDAP Query

Suspicious Port Scan

Suspicious Port Sweep

Detections of Lateral Movement

AWS ECR Hijacking

AWS Lambda Hijacking

AWS Logging Disabled

AWS Ransomware S3 Activity

AWS Security Tools Disabled

AWS Suspect Admin Privilege Granting

AWS Suspect Console Pivot

AWS Suspect Login Profile Manipulation

AWS Suspect Organization Exit

AWS Suspect Privilege Escalation

AWS User Hijacking

Automated Replication

Azure AD Change to Trusted IP Configuration

Azure AD MFA Disabled

Azure AD Newly Created Admin Account

Azure AD Privilege Operation Anomaly

Azure AD Successful Brute-Force

Azure AD Unusual Scripting Engine Usage

Brute-Force

M365 Attacker Tool: Ruler

M365 DLL Hijacking Activity

M365 Disabling of Security Tools

M365 External Teams Access

M365 Internal Spearphishing

M365 Log Disabling Attempt

M365 Malware Stage: Upload

M365 Ransomware

M365 Risky Exchange Operation

M365 Suspicious Mailbox Manipulation

M365 Suspicious Mailbox Rule Creation

M365 Suspicious SharePoint Operation

M365 Suspicious Teams Application

Privilege Anomaly: Unusual Account on Host

Privilege Anomaly: Unusual Host

Privilege Anomaly: Unusual Service

Privilege Anomaly: Unusual Service - Insider

Privilege Anomaly: Unusual Service from Host

Privilege Anomaly: Unusual Trio

Ransomware File Activity

SMB Brute-Force

SQL Injection Activity

Shell Knocker Client

Shell Knocker Server

Stage Loader

Suspicious Active Directory Operations

Suspicious Admin

Suspicious Remote Desktop Protocol

Suspicious Remote Execution

Detections of C2 Activities