Vectra Networks
Copy link

You can forward logs from Vectra Networks X-Series to SIEM (InsightIDR) to capture events as Third Party Alerts.

To send Vectra Networks logs to SIEM (InsightIDR):

  1. Configure Vectra to send CEF
  2. Configure a Third Party Event Source

Configure Vectra
Copy link

You must configure Vectra Networks to send CEF logs to SIEM (InsightIDR).

To do this:

  1. Sign in to your Vectra Networks account.
  2. From the top right corner, select the Cogwheel and select the Settings page.
  3. Select the Notifications tab.
vectra settings.png
  1. At the bottom of the page, find the “Syslog” section and click the Edit button.
  2. In the “Destination” field, provide the IP address of your SIEM (InsightIDR) Collector.
  3. In the “Port” field, enter the port on your Collector that will receive the Vectra logs.
vectra syslog.png
  1. In the “Protocol” field, select a protocol from the dropdown.
  2. In the “Format” field, select CEF as your log format.
  3. Click the Save button.

Configure SIEM (InsightIDR) to collect data from the event source
Copy link

After you complete the prerequisite steps and configure the event source to send data, you must add the event source in SIEM (InsightIDR).

To configure the new event source in SIEM (InsightIDR):

  1. From the left menu, go to Data Collection and click Setup Event Source > Add Event Source.
  2. Do one of the following:
    • Search for Vectra Networks X-Series in the event sources search bar.
    • In the Product Type filter, select Third Party Alerts.
  3. Select the Vectra Networks X-Series event source tile.
  4. Choose your collector and name your event source if you want.
  5. Optionally choose to send unparsed logs.
  6. Specify the port and protocol you used during Vectra configuration.
  7. Click the Save button.