Ctrlk
ProductBook a demoOpen app
linkedinyoutube

Vectra Stream

Connect Vectra Stream to Radiant Security to forward network metadata via syslog for AI triage.

Vectra Stream is the network metadata forwarding capability of the Vectra platform, producing enriched logs of every observed connection, session, and protocol transaction across the monitored network. Connecting Vectra Stream forwards network metadata to Radiant Security over syslog. Radiant uses this metadata to support Vectra NDR alert triage, giving analysts the surrounding connection context needed to determine whether observed activity reflects a real compromise or benign network behavior.

Vectra Stream only supports forwarding data to one syslog server at a time. Contact the Radiant Security team if you need to forward to multiple syslog servers.

Vectra Stream forwards network metadata only, not alerts. If you have Vectra NDR, connect it as well so Radiant can triage the network alerts that this metadata supports. See Vectra NDR.

Vectra Stream can forward syslog to Radiant Security in two ways:

  • Through the Radiant Agent (recommended). Forward to a Radiant Agent deployed in your environment.

  • Direct to Radiant Security. Forward to a Radiant-managed collector. Use only when a Radiant Agent is not available.

Prerequisites

Add the data connector in Radiant Security

  1. Log in to Radiant Security.

  2. From the navigation menu, click Settings > Data Connectors, then click + Add Connector.

  3. Search for and select Radiant Agent, then click Data Feeds.

  4. Under Select your data feeds, select Vectra Stream, then click Credentials.

  5. Under Credential Name, enter an identifiable name for the Radiant Agent integration (e.g., Radiant Agent integration). To reuse an existing Radiant Agent credential, select it from the drop-down menu.

  6. Click Add Connector.

Configure Vectra Stream to forward syslog through the Radiant Agent

Before starting, confirm the IP address of the Radiant Agent and the port configured to receive Vectra Stream data. If you do not know the port, contact your Customer Success representative.

  1. Log in to the Vectra (Brain) UI with an admin user.

  2. Navigate to Settings > Cognito Stream > Destination.

  3. In the Destination section, enter the following:

    • Publisher: Syslog

    • Protocol: TCP

    • Server IP/Hostname: IP address of the Radiant Agent

    • Port: port configured on the Radiant Agent to receive Vectra Stream data

  1. Click Save.

  2. On the Cognito Stream page, enable Cognito Stream Metadata Forwarding.

  1. Click Save.

Configure Vectra Stream to forward syslog directly to Radiant Security

Use this path only when a Radiant Agent is not available. Use the collector IP provided in the Radiant data connector setup.

  1. Log in to the Vectra (Brain) UI with an admin user.

  2. Navigate to Settings > Cognito Stream > Destination.

  3. In the Destination section, enter the following:

    • Publisher: Syslog

    • Protocol: TCP

    • Server IP/Hostname: Radiant collector IP

    • Port: 7514

  4. Click Save.

  5. On the Cognito Stream page, enable Cognito Stream Metadata Forwarding.

  6. Click Save.

Verify ingestion

After Vectra Stream begins forwarding, confirm events are reaching Radiant.

  1. In Radiant, navigate to Log Management.

  2. Filter by rs_connectorType:"vectra_stream".

  3. Confirm recent events appear.

Allow several minutes for events to be parsed, indexed, and available for search.

PreviousVectra NDRNextWazuh Correlation Rule Alerts via Webhook

Last updated

Was this helpful?