A Ruby extension for interfacing with Vectra API.
Like any other gem:
gem install vectra
Basic Block Configuration:
Vectra.configure do |config|
config.endpoint = @endpoint_url
config.username = @username
config.password = @password
end
endpoint should be your Vectra box URL, no need to add the /api suffix. If you include it, it won't break things either.
To get all detections, use #all:
Vectra::Detections.all
You can also get a detection by ID or by referencing the detection URL:
Vectra::Detections.get(1)
Vectra::Detections.get('https://vectra/detection/1')
Within the response of a detection, you may find Detection Details. You can get more details on these like so:
Vectra::Detections.get(1)["detection_detail_set"].each do |d|
details = Vectra::DetectionDetails.get(d)
puts "--> #{details["destination"]}:#{details["dst_port"]}"
end
Another type of detection detail you may see is the following:
Vectra::Detections.get(1)["relayed_comm_set"].each do |r|
details = Vectra::RelayComms.get(r)
puts "--> #{details['inbound_proto']} #{details["inbound_ip"]}:#{details["inbound_port"]} @ #{details['total_bytes_rcvd']} bytes"
end
There is also a DNS set:
Vectra::Detections.get(1)["dns_set"].each do |d|
details = Vectra::DNS.get(r)
puts "--> DNS Server: #{details['dns_ip']} resolved #{details['dns_request']} to #{details['resp']}"
end
And lastly, an SQL Injection Set
Vectra::Detections.get(1)["sqli_set"].each do |s|
details = Vectra::SQLi.get(s)
puts "Injection Attempted: #{details['ngram']} to #{details['destination']}"
end
Do not use ::Hosts.all if you are in production. This will be very costly if you have more than 5,000 discovered hosts.
Instead, pass a Host ID or URL:
Vectra::Hosts.get(1)
Vectra uses a next parameter in their responses for pagination. Default pagination is 50. This API client will follow the next pages.
Currently, all responses which contain arrays (hosts and detections) will be sorted in ASC order by ID.
FAQs
Unknown package
We found that vectra demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Rspack launches Rslint, a fast TypeScript-first linter built on typescript-go, joining in on the trend of toolchains creating their own linters.
Security News
Hacker Demonstrates How Easy It Is To Steal Data From Popular Password Managers
Security News
Oxlint’s new preview brings type-aware linting powered by typescript-go, combining advanced TypeScript rules with native-speed performance.