Sold by: Vectra AI
Deployed on AWS
The Vectra Stream connector outputs Bro/Zeek formatted metadata from the Vectra Network Detection and Response Platform to any data-lake.
4.3
Overview
Stream enables the Vectra Platform to continuously send enriched network security metadata from a VPC deployment to a private data-lake, where it can be analyzed by security researchers and SOC professionals. Please Note - Vectra Stream requires an operational Vectra install.
Highlights
- Vectra is transforming cybersecurity with AI. Its Cognito platform provides network detection and response in real time while empowering threat hunters to perform highly efficient incident investigations.
Details
Sold by
Categories
Delivery method
Delivery option
Cognito Stream
Latest version
Operating system
OtherLinux 7
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata. Review certifications and security standards before purchase.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
Contact your Vectra sales representative
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Cognito Stream
Stream is a component of the Cognito Platform, required to use the Cognito Stream application. Stream is deployed in the customer's VPC. It receives network metadata from the Cognito Brain, converts it into a standard Bro / Zeek format and forwards it to the customer's data-lake.
CloudFormation Template (CFT)
AWS CloudFormation templates are JSON or YAML-formatted text files that simplify provisioning and management on AWS. The templates describe the service or application architecture you want to deploy, and AWS CloudFormation uses those templates to provision and configure the required services (such as Amazon EC2 instances or Amazon RDS DB instances). The deployed application and associated resources are called a "stack."
Version release notes
This release is for customers with existing Cognito Brain instances running version 9.6 and above. Please upgrade Brain instances to version 9.6 before continuing.
Additional details
Usage instructions
Verify your Cognito Brain is running version 9.6 or higher. Retrieve the IP Address of your Cognito Brain and the Sensor Registration Token from the Settings page under the Sensor section. Deploy Cognito Stream from AWS Marketplace, and provide the IP address of the Cognito Brain and the Sensor Registration token. The Stream instance's mgtSubnet needs access to ports 22 and 443 on the Cognito Brain. After the instance launches, it will automatically attempt to pair with the Brain IP provided. Log in to the Cognito Brain, browse to Settings page and select the Cognito Stream tab. Check the status and configure the destination for the metadata of the Stream instance. See the "Resources" section in the Cognito Brain UI for a copy of the complete setup documentation.
Resources
Vendor resources
Support
Vendor support
Login, email or call us 24/7
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Vectra Sensors are deployed in VPCs to monitor AWS deployments to detect hidden threats without requiring any endpoint agents.
For security leaders, builders, and operators, who are tasked with protecting a complex, ever-changing environment from attack, Vectra AI protects modern networks from modern attacks. When modern attackers beat customers' existing controls - and they will, Vectra AI sees their every move, connects the dots, prioritizes and stops the attack in real-time. Our customers say we are the cybersecurity AI that stops attacks others can't.
Vectra Threat Detection and Response for Partner Provided Consulting Engagements
Vectra Detect for AWS identifies attacks across your global AWS IaaS and PaaS footprint early to stop misconfiguration, credential theft and supply chain compromise from turning into breaches. Vectra Detect enables SecOps to investigate and respond to attacks efficiently.
Customer reviews
Manufacturing
Vectra AI: Fast, Insightful Threat Detection with Strong M365 and Azure AD Integration
Reviewed on Apr 02, 2026
Review provided by G2
What do you like best about the product?
Vectra AI was a valuable addition to our cybersecurity tools. It helps us protect our assets and the company network from modern attacks.
Our security analysts use Vectra AI to go through detections of anomalies in our environment. Easily integrated with M365 and Azure AD.
We were able to quickly identify and prevent data leakage by investigating a suspicious M365 mail forwarding detection by Vectra AI. Other M365 detections we observed included risky Exchange Operations, Phishing simulation configuration change, Suspect eDiscovery Usage, Malicious links sent by external Teams user, and many more.
Detections that helped our SOC team prevent a major cyber incident was Azure AD Admin account creation, Login attempts from a disabled account, Azure AD TOR activity, Azure AD Suspicious device registration, among others.
A great feature is the AI intelligence as well as the Vectra AI Post-Quantum Cryptography Readiness dashboard. Quantum computing threatens today's public-key cryptography, putting SSH and TLS key exchanges at risk of future decryption. This Vectra AI dashboard highlights hosts and daily SSH connections still relying on non-PQC key exchange, helping us identify exposure and prioritize migration to quantum-resistant algorithms.
The interface loads fast and offers clear visualization allowing our SOC analysts to explore our environment to uncover emerging threats.
When assistance was needed, we received fast and professional support from the vendor.
Cost may be a limitation for some, however, for us being a large company with permissive budget, it was a good investment for the value it brought.
Our security analysts use Vectra AI to go through detections of anomalies in our environment. Easily integrated with M365 and Azure AD.
We were able to quickly identify and prevent data leakage by investigating a suspicious M365 mail forwarding detection by Vectra AI. Other M365 detections we observed included risky Exchange Operations, Phishing simulation configuration change, Suspect eDiscovery Usage, Malicious links sent by external Teams user, and many more.
Detections that helped our SOC team prevent a major cyber incident was Azure AD Admin account creation, Login attempts from a disabled account, Azure AD TOR activity, Azure AD Suspicious device registration, among others.
A great feature is the AI intelligence as well as the Vectra AI Post-Quantum Cryptography Readiness dashboard. Quantum computing threatens today's public-key cryptography, putting SSH and TLS key exchanges at risk of future decryption. This Vectra AI dashboard highlights hosts and daily SSH connections still relying on non-PQC key exchange, helping us identify exposure and prioritize migration to quantum-resistant algorithms.
The interface loads fast and offers clear visualization allowing our SOC analysts to explore our environment to uncover emerging threats.
When assistance was needed, we received fast and professional support from the vendor.
Cost may be a limitation for some, however, for us being a large company with permissive budget, it was a good investment for the value it brought.
What do you dislike about the product?
Initial setup required some reading and calls to support. Cost may be a limitation for some.
What problems is the product solving and how is that benefiting you?
Vectra AI helps us protect our assets and the company network from modern attacks. It is a very powerful solution that offers large amount of data neatly presented through very intuitive and modern interface.
Higher Education
Easy to Learn, Clear, and Truly Helpfulclear use of product
Reviewed on Feb 19, 2026
Review provided by G2
What do you like best about the product?
easy to work with and clear method of learning to use
What do you dislike about the product?
i have zero problems with it and find it quite helpful
What problems is the product solving and how is that benefiting you?
it is helping us to do better threat hunting and know things before they become problems
Paul D.
Team Manager, Enterprise Information Security
Reviewed on Sep 17, 2020
Review provided by G2
What do you like best about the product?
Ease of deployment, intuitive UI, and easy to work with sales and support staff.
What do you dislike about the product?
Reporting is lacking, currently only one report available with different timelines, also no ability to export from the console.
What problems is the product solving and how is that benefiting you?
Visibility of network traffic, analysis of network traffic, and baselining.
Joel V.
Easy to deploy and works great at finding evil.
Reviewed on Sep 11, 2020
Review provided by G2
What do you like best about the product?
Vectra finds what other controls miss. It is used to help with network visibility and integrates great with Splunk. We have passed every pen test since Vectra was deployed. The company has really listened to the customers and made big improvements over the last three years.
What do you dislike about the product?
It can get expensive if you have a lot of offices. The appliances are not cheap so if you have a bunch of smaller offices it can start to add up.
What problems is the product solving and how is that benefiting you?
Network visibility in east-west traffic is our primary use. Because we ingest the data in Splunk it is also used to evaluate incidents and help make decisions on incident prioritization.
Recommendations to others considering the product:
Vectra helps IR teams with prioritizing events. It can take some time to get everything reporting correctly so use the Vectra resources to help create the rules and whitelisting events is recommended.
Information Technology and Services
Unbeaten speed of innovation
Reviewed on Aug 27, 2020
Review provided by G2
What do you like best about the product?
Vectra does what it says on the tin, but goes beyond in providing a constant. speed of innovation that means they are constantly releasing new features. and detections, helping us to keep up to speed with any threats on our network
What do you dislike about the product?
As with any security tool, the alerts! But thankfully by monitoring the. quadrant based approach serious issues boil up for quick investigation.
What problems is the product solving and how is that benefiting you?
East-west visibility and identification of dark/unknown IT