Earlier name/vendor
Vectra Cognito
1 - X-Series
X-Series: Detects and investigates cyberattacks across cloud, data center, and enterprise networks using AI.
To onboard such a source to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| Analytics label | Message field | value |
|---|---|---|
vendor |
meta.vendor |
vectra |
product |
meta.product |
x-series |
service |
meta.service.name |
vectra_cef, vectra_cef_account_detection, vectra_cef_audit |
You can use the labels as:
- Filter labels on the Analytics page,
- in the Filter By Label field during log tapping.
You can use the message fields
- in Flow Processing steps, for example, in the Query field of Select Messages steps,
- in AQL expressions in the search bars.
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
vectra:cognito:detect |
main |
vectra:cognito:accountdetect |
main |
vectra:cognito:accountscoring |
main |
vectra:cognito:audit |
main |
vectra:cognito:campaigns |
main |
vectra:cognito:health |
main |
vectra:cognito:hostscoring |
main |
vectra:cognito:accountlockdown |
main |
If the Axoflow classification doesn’t set the source field for the message automatically, and you haven’t set it in a flow processing step manually (by setting the meta.destination.splunk.source field), AxoRouter automatically sets the source to the name of the AxoRouter connector that received the message (for example, axorouter-syslog-tcp-514).
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: VECTRA_DETECT.
Sending data to Microsoft Sentinel
When sending the data collected from this source to a Microsoft Sentinel destination, Axoflow normalizes the data and sends it to the following table: Syslog.