# Vectra Stream

Vectra Stream is the network metadata forwarding capability of the Vectra platform, producing enriched logs of every observed connection, session, and protocol transaction across the monitored network. Connecting Vectra Stream forwards network metadata to Radiant Security over syslog. Radiant uses this metadata to support Vectra NDR alert triage, giving analysts the surrounding connection context needed to determine whether observed activity reflects a real compromise or benign network behavior.

{% hint style="info" %}
Vectra Stream only supports forwarding data to one syslog server at a time. Contact the Radiant Security team if you need to forward to multiple syslog servers.
{% endhint %}

{% hint style="warning" %}
Vectra Stream forwards network metadata only, not alerts. If you have Vectra NDR, connect it as well so Radiant can triage the network alerts that this metadata supports. See [Vectra NDR](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/vectra-ndr-syslog).
{% endhint %}

Vectra Stream can forward syslog to Radiant Security in two ways:

* **Through the Radiant Agent (recommended).** Forward to a Radiant Agent deployed in your environment.
* **Direct to Radiant Security.** Forward to a Radiant-managed collector. Use only when a Radiant Agent is not available.

### Prerequisites

* [ ] Admin access to Vectra Stream
* [ ] For the Radiant Agent path: a deployed [Radiant Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) reachable from Vectra Stream
* [ ] For the direct path: network egress from Vectra Stream to the Radiant collector IP on TCP port `7514`

### Add the data connector in Radiant Security

{% tabs %}
{% tab title="Radiant Agent (recommended)" %}

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors**, then click **+ Add Connector**.
3. Search for and select **Radiant Agent**, then click **Data Feeds**.
4. Under **Select your data feeds**, select **Vectra Stream**, then click **Credentials**.
5. Under **Credential Name**, enter an identifiable name for the Radiant Agent integration (e.g., `Radiant Agent integration`). To reuse an existing Radiant Agent credential, select it from the drop-down menu.
6. Click **Add Connector**.
   {% endtab %}

{% tab title="Direct syslog" %}

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors**, then click **+ Add Connector**.
3. Search for and select **Vectra Stream (syslog)**, then click **Data Feeds**.
4. Under **Select your data feeds**, select **Vectra Stream (syslog)**, then click **Credentials**.
5. Under **Credential Name**, enter an identifiable name (e.g., `Vectra Stream Credentials`). To reuse an existing credential, select it from the drop-down menu.
6. In the **Connector tag** field, enter a random value. This value acts as the salt to randomize the **Token** you download in the next step.
7. Click **Add Connector**.
   {% endtab %}
   {% endtabs %}

### Configure Vectra Stream to forward syslog through the Radiant Agent

Before starting, confirm the IP address of the Radiant Agent and the port configured to receive Vectra Stream data. If you do not know the port, contact your Customer Success representative.

1. Log in to the Vectra (Brain) UI with an admin user.
2. Navigate to **Settings** > **Cognito Stream** > **Destination**.
3. In the **Destination** section, enter the following:
   * **Publisher**: `Syslog`
   * **Protocol**: `TCP`
   * **Server IP/Hostname**: IP address of the Radiant Agent
   * **Port**: port configured on the Radiant Agent to receive Vectra Stream data

<div align="left"><figure><img src="/files/7Z8WdYVWCZZ8PqNodI42" alt=""><figcaption></figcaption></figure></div>

4. Click **Save**.
5. On the **Cognito Stream** page, enable **Cognito Stream Metadata Forwarding**.

<div align="left"><figure><img src="/files/Fn9NtmDeJX5KRt0k5mFr" alt=""><figcaption></figcaption></figure></div>

6. Click **Save**.

### Configure Vectra Stream to forward syslog directly to Radiant Security

Use this path only when a Radiant Agent is not available. Use the collector IP provided in the Radiant data connector setup.

1. Log in to the Vectra (Brain) UI with an admin user.
2. Navigate to **Settings** > **Cognito Stream** > **Destination**.
3. In the **Destination** section, enter the following:
   * **Publisher**: `Syslog`
   * **Protocol**: `TCP`
   * **Server IP/Hostname**: Radiant collector IP
   * **Port**: `7514`
4. Click **Save**.
5. On the **Cognito Stream** page, enable **Cognito Stream Metadata Forwarding**.
6. Click **Save**.

### Verify ingestion

After Vectra Stream begins forwarding, confirm events are reaching Radiant.

1. In Radiant, navigate to [Log Management](https://app.radiantsecurity.ai/logs).
2. Filter by `rs_connectorType:"vectra_stream"`.
3. Confirm recent events appear.

{% hint style="info" %}
Allow several minutes for events to be parsed, indexed, and available for search.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/vectra/vectra-stream.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.