Vectra Networks

You can forward logs from Vectra Networks X-Series to InsightIDR to capture events as Third Party Alerts.

To send Vectra Networks logs to InsightIDR:

  1. Configure Vectra to send CEF
  2. Configure a Third Party Event Source

Configure Vectra

You must configure Vectra Networks to send CEF logs to InsightIDR.

To do this:

  1. Sign in to your Vectra Networks account.
  2. From the top right corner, select the Cogwheel and select the Settings page.
  3. Select the Notifications tab.
  1. At the bottom of the page, find the “Syslog” section and click the Edit button.
  2. In the “Destination” field, provide the IP address of your InsightIDR Collector.
  3. In the “Port” field, enter the port on your Collector that will receive the Vectra logs.
  1. In the “Protocol” field, select a protocol from the dropdown.
  2. In the “Format” field, select CEF as your log format.
  3. Click the Save button.

Configure Vectra in InsightIDR

Now you must configure a third party event source in InsightIDR.

To do so:

  1. From your dashboard, select Data Collection on the left hand menu.
  2. When the Data Collection page appears, click the Setup Event Source dropdown and choose Add Event Source.
  3. From the “Third Party Alerts” section, click the Vectra Networks icon. The “Add Event Source” panel appears.
  4. Choose your collector and name your event source if you want.
  5. Optionally choose to send unparsed logs.
  6. Specify the port and protocol you used during Vectra configuration.
  7. Click the Save button.