About VECTR
Overview
VECTR is a web-based tool that can help tracking purple team exercises and quantifying the results. Distribution options include both community and enterprise editions.
Key Characteristics
| Key | Value |
|---|---|
| Name | VECTR |
| Project URL | https://vectr.io/ |
| Documentation | https://docs.vectr.io/ |
| Author | Security Risk Advisors |
| Category | #software |
Description
From the official documentation:
VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios. VECTR provides the ability to create assessment groups, which consist of a collection of Campaigns and supporting Test Cases to simulate adversary threats. Campaigns can be broad and span activities across the kill chain, from initial compromise to privilege escalation and lateral movement and so on, or can be narrow in scope to focus on specific detection layers, tools, and infrastructure. VECTR is designed to promote full transparency between offense and defense, encourage training between team members, and improve detection & prevention success rates across the environment.
Components
Databases
Databases in VECTR are used to collect similar tests or reports. One usage scenario might be a database per business unit, or another might be per-company in the case of a conglomerate. Currently, Pure has two primary databases: one for red team Exercises, and one for purple team exercises.
Use the database icon in the upper right to select the assessments collection
Creating an Assessment
Assessments are created from collections of test cases, as shown in Figure 1. The analyst creates an assessment plan by first defining the tests to be performed and adding these tests to either a Campaign Template or a Group Template. One or more of these templates can then be added to an assessment.
graph LR
subgraph VECTR Database
tc(Test Cases)
tc --> c.1 & c.2 & c.3 & c.4 & c.5
subgraph Assessment 1
c.1(Campaign 1)
c.2(Intrusion Set 1)
subgraph Threat Actor Group Template
c.3(Threat Actor campaign 1)
c.4(Threat Actor campaign 2)
end
end
subgraph Assessment 2
c.5(External pen-testing engagement)
end
endFigure 1: Assessment Composition
Learning VECTR
Some resources for quickly learning or practicing VECTR usage:
Setup
Running VECTR in Docker
Configuration
Updating
To upgrade VECTR, simply update the version number in the docker-compose.yml to the desired version. This is described in the upgrade section in the official VECTR documentation.