Commvault Cloud

This Integration is part of the Commvault Cloud Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

Commvault Cloud provides pre-built integrations, automation workflows, and playbooks to streamline operations, enhance threat intelligence integration, and gain actionable insights through advanced reporting and analytics. This integration was integrated and tested with version 6.9.0 of CommvaultSecurityIQ.

Configure Commvault Cloud on Cortex XSOAR#

Navigate to Settings > Integrations > Servers & Services.
Search for Commvault Cloud.

Click Add instance to create and configure a new integration instance.

Parameter	Required
Long running instance	False
Mapper (incoming)	True
Commvault Webservice Url	True
Commvault API Token	True
Azure KeyVault Url	False
Azure KeyVault Tenant ID	False
Azure KeyVault Client ID	False
Azure KeyVault Client Secret	False
Port mapping (<port> or <host port>:<docker port>)	False
Incident type	False
Fetch incidents	False
Incidents Fetch Interval	False
Forwarding Rule	False
First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)	False
Max events to fetch	False

Click Test to validate the URLs, token, and connection.

Note :- If "Fetch Incidents" parameter is selected then make sure "Long running instance" capability of the integration is disabled.#

Note :- Set Mapper (incoming) to "Commvault Suspicious File Activity Mapper"#

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

commvault-security-set-disable-data-aging#

Disables data aging on CS

Base Command#

commvault-security-set-disable-data-aging

Input#

There are no input arguments for this command.

Context Output#

Path	Type	Description
CommvaultSecurityIQ.DisableDataAging	string	Status returned after calling disable data aging API

commvault-security-get-generate-token#

Generate Token

Base Command#

commvault-security-get-generate-token

Input#

There are no input arguments for this command.

Context Output#

Path	Type	Description
CommvaultSecurityIQ.GenerateToken	string	Status indicating whether successfully generated access token or not

commvault-security-get-access-token-from-keyvault#

Read the access token from KeyVault

Base Command#

commvault-security-get-access-token-from-keyvault

Input#

There are no input arguments for this command.

Context Output#

Path	Type	Description
CommvaultSecurityIQ.GetAccessToken	string	Status returned after getting the access token from KeyVault

commvault-security-set-disable-saml-provider#

Disable SAML provider

Base Command#

commvault-security-set-disable-saml-provider

Input#

There are no input arguments for this command.

Context Output#

Path	Type	Description
CommvaultSecurityIQ.DisableSaml	string	Status indicating whether successfully disabled SAML provider or not

commvault-security-get-copy-files-list-to-war-room#

Copy the list of affected files list to war room

Base Command#

commvault-security-get-copy-files-list-to-war-room

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

commvault-security-set-disable-user#

Disables user

Base Command#

commvault-security-set-disable-user

Input#

Argument Name	Description	Required
user_email	Email id of the user to be disabled.	Required

Context Output#

Path	Type	Description
CommvaultSecurityIQ.DisableUser	string	Response indicating whether successfully disabled user or not.

commvault-security-set-cleanroom-add-vm-to-recovery-group#

Add VM to Cleanroom

Base Command#

commvault-security-set-cleanroom-add-vm-to-recovery-group

Input#

Argument Name	Description	Required
vm_name	VM name.	Required
clean_recovery_point	Recovery point timestamp to which we add the VM.	Required

Context Output#

Path	Type	Description
CommvaultSecurityIQ.AddEntityToCleanroom	string	Response indicating whether successfully added the VM to the recovery point or not.