Vectra Networks

You can forward logs from Vectra Networks X-Series to InsightIDR to capture events as Third Party Alerts.

To send Vectra Networks logs to InsightIDR:

  1. Configure Vectra to send CEF
  2. Configure a Third Party Event Source

Configure Vectra

You must configure Vectra Networks to send CEF logs to InsightIDR.

To do this:

  1. Sign in to your Vectra Networks account.
  2. From the top right corner, select the Cogwheel and select the Settings page.
  3. Select the Notifications tab.
  1. At the bottom of the page, find the “Syslog” section and click the Edit button.
  2. In the “Destination” field, provide the IP address of your InsightIDR Collector.
  3. In the “Port” field, enter the port on your Collector that will receive the Vectra logs.
  1. In the “Protocol” field, select a protocol from the dropdown.
  2. In the “Format” field, select CEF as your log format.
  3. Click the Save button.

Configure InsightIDR to collect data from the event source

After you complete the prerequisite steps and configure the event source to send data, you must add the event source in InsightIDR.

To configure the new event source in InsightIDR:

  1. From the left menu, go to Data Collection and click Setup Event Source > Add Event Source.
  2. Do one of the following:
    • Search for Vectra Networks X-Series in the event sources search bar.
    • In the Product Type filter, select Third Party Alerts.
  3. Select the Vectra Networks X-Series event source tile.
  4. Choose your collector and name your event source if you want.
  5. Optionally choose to send unparsed logs.
  6. Specify the port and protocol you used during Vectra configuration.
  7. Click the Save button.