Skip to main content

Commvault Cloud

This Integration is part of the Commvault Cloud Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

Commvault Cloud provides pre-built integrations, automation workflows, and playbooks to streamline operations, enhance threat intelligence integration, and gain actionable insights through advanced reporting and analytics. This integration was integrated and tested with version 6.9.0 of CommvaultSecurityIQ.

Configure Commvault Cloud on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Commvault Cloud.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    Long running instanceFalse
    Mapper (incoming)True
    Commvault Webservice UrlTrue
    Commvault API TokenTrue
    Azure KeyVault UrlFalse
    Azure KeyVault Tenant IDFalse
    Azure KeyVault Client IDFalse
    Azure KeyVault Client SecretFalse
    Port mapping (<port> or <host port>:<docker port>)False
    Incident typeFalse
    Fetch incidentsFalse
    Incidents Fetch IntervalFalse
    Forwarding RuleFalse
    First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)False
    Max events to fetchFalse
  4. Click Test to validate the URLs, token, and connection.

Note :- If "Fetch Incidents" parameter is selected then make sure "Long running instance" capability of the integration is disabled.#
Note :- Set Mapper (incoming) to "Commvault Suspicious File Activity Mapper"#

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

commvault-security-set-disable-data-aging#


Disables data aging on CS

Base Command#

commvault-security-set-disable-data-aging

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
CommvaultSecurityIQ.DisableDataAgingstringStatus returned after calling disable data aging API

commvault-security-get-generate-token#


Generate Token

Base Command#

commvault-security-get-generate-token

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
CommvaultSecurityIQ.GenerateTokenstringStatus indicating whether successfully generated access token or not

commvault-security-get-access-token-from-keyvault#


Read the access token from KeyVault

Base Command#

commvault-security-get-access-token-from-keyvault

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
CommvaultSecurityIQ.GetAccessTokenstringStatus returned after getting the access token from KeyVault

commvault-security-set-disable-saml-provider#


Disable SAML provider

Base Command#

commvault-security-set-disable-saml-provider

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
CommvaultSecurityIQ.DisableSamlstringStatus indicating whether successfully disabled SAML provider or not

commvault-security-get-copy-files-list-to-war-room#


Copy the list of affected files list to war room

Base Command#

commvault-security-get-copy-files-list-to-war-room

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

commvault-security-set-disable-user#


Disables user

Base Command#

commvault-security-set-disable-user

Input#

Argument NameDescriptionRequired
user_emailEmail id of the user to be disabled.Required

Context Output#

PathTypeDescription
CommvaultSecurityIQ.DisableUserstringResponse indicating whether successfully disabled user or not.

commvault-security-set-cleanroom-add-vm-to-recovery-group#


Add VM to Cleanroom

Base Command#

commvault-security-set-cleanroom-add-vm-to-recovery-group

Input#

Argument NameDescriptionRequired
vm_nameVM name.Required
clean_recovery_pointRecovery point timestamp to which we add the VM.Required

Context Output#

PathTypeDescription
CommvaultSecurityIQ.AddEntityToCleanroomstringResponse indicating whether successfully added the VM to the recovery point or not.