Learn how to do AI-assisted threat hunting


Why Now

Be the hunter
not the hunted


Threat hunting allows you to get ahead of attackers instead of constantly chasing them.


Avoid incident loss


Avoid incident loss by discovering hidden attackers early, before they accomplish their goals and well before other tools know about their presence.


Reduce costs


Reduce the costs associated with slow incident response by reducing attacker dwell-time beyond what is possible with other security tools.


Structure your hunts


Structure your hunts around specific types of attacker activities in your environment by using the MITRE ATT&CK framework.

Why Vectra

Proactively search for threats and investigate incidents across your entire environment including data center, cloud, and IoT devices.

Cognito Recall


Perform AI-driven threat hunting and retrospective threat hunting using behavioral detection algorithms derived from security domain-tailored machine learning.


Speed-up investigations by correlating threat-behavior data with host devices and workloads. The right information is always at your fingertips.


Gain complete visibility into unseen security vulnerabilities and gaps in regulatory and compliance mandates.

Attackers Can Run, But They Can't Hide


Data center



With Cognito Recall, attackers have nowhere to hide


High-fidelity data from machine learning-derived, security-enriched metadata—no packet captures or NetFlow.

Visibility using cloud logs and API calls. Integrate and share data with other security solutions—not just connectivity attributes.

Data-driven hunting with insights based on devices, privilege, identity, host names, and workloads—not solely IP addresses. 

Cognito Recall complements Cognito Detect


Instant security insights give organizations complete visibility into relevant host activities and behaviors.

Observe and understand common threads between compromised host devices, accounts and assets.

Complete views of attack progression and campaigns help identify other issues related to the attack.


Identify and categorize gaps in compliance to meet government and corporate regulatory directives.

Visualize and report on security-policy posture with unique Vectra data that is not available in other products.

Extend and enhance security and compliance through recurring assessments, detailed reports, and other Vectra services. 

Did You Know?

Nearly half the breaches of sensitive data are the result of internal actors

Source: Forrester Research 2019


Cognito in Action

Hunt using indicators of compromise

With full metadata search capabilities and limitless data storage, Cognito Recall enables security analysts to determine whether indicators of compromise exist in metadata, including user agents, IP addresses and domains.

Hunt for anomalous behaviors

Cognito Recall enables professional threat hunters to identify anomalous behaviors that are displayed through visual graphs.

Account based investigations

Cognito Recall enhances account-based investigations by providing the details that security analysts require to identify all uses and actions of potentially-compromised accounts in specific timeframes as well as actions against targets.

Target domain & IP address investigations

Cognito Recall tracks all outbound and inbound communication so security analysts can determine the host devices that have communicated with the same domain or IP address over a specific timeframe, including what occurred during the communication.

Our Customers

We’ve been a customer of Vectra for four years now. We’ve grown with the product and believe behavior detection is something we need to augment the signature detections that we have in place .

– Alex Attumalil, Global Cybersecurity at Under Armour
Get the Case Study >

With Cognito, I can focus on the highest-risk threats. With other solutions, I have to filter to get rid of hundreds or thousands of false positives.

– Matthias Tauber, Senior Services Manager for IT Security at DZ Bank
Get the Case Study >

Vectra saved the A&M System $7 million in a year and we cut threat investigation times from several days to a few minutes.

– Dan Basile, Executive Director of the Security Operations Center at Texas A&M
Get the Case Study >

What makes Vectra stand out is its ability to understand attack behaviors. To put it simply, Vectra’s advanced AI and machine learning understand that Live Nation clients don’t buy tickets. Only fans buy tickets.

– Beau Canada, VP of Information Security at Live Nation
Get the Case Study >

We used to have tens of thousands of events. With Vectra, I only have to deal with 10 or 12 critical events that I can investigate further.

– Albert Caballero, CISO at HBO LATAM
Get the Case Study >

Vectra is passionate about putting the customer first.

– Carmelo Gallo, Cybersecurity Manager at ED&F Man
Get the Case Study >

Vectra makes threat hunting more efficient. With Cognito, we can monitor and detect threats as quickly as possible.

– Liam Fu, Head of Information Security at The Very Group
Get the Case Study >

With Cognito we can stop threats before they cause damage.

– David Whelan, Group IT Director at Ardagh Group
Get the Case Study >

With Cognito, we can see if an exploit kit is being downloaded and if it was laterally distributed in the network. We have visibility into behaviors across the full lifecycle of an attack beyond the internet gateway.

– Eric Weakland, Director of Information Security at American University
Get the Case Study >

Cognito filled a gap. We needed to know what we didn’t know, and Cognito showed us what was hidden.

– Brett Walmsley, CTO at NHS Foundation Trust, Bolton
Get the Case Study >