Commvault Security IQ
This Integration is part of the Commvault Security IQ Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.8.0 and later.
Commvault Security IQ provides pre-built integrations, automation workflows, and playbooks to streamline operations, enhance threat intelligence integration, and gain actionable insights through advanced reporting and analytics. This integration was integrated and tested with version 6.8.0 of CommvaultSecurityIQ
Configure Commvault Security IQ on Cortex XSOAR#
Navigate to Settings > Integrations > Servers & Services.
Search for Commvault Security IQ.
Click Add instance to create and configure a new integration instance.
Parameter Required Long running instance False Mapper (incoming) True Commvault Webservice Url True Commvault API Token True Azure KeyVault Url False Azure KeyVault Tenant ID False Azure KeyVault Client ID False Azure KeyVault Client Secret False Port mapping (<port> or <host port>:<docker port>) False Incident type False Fetch incidents False Incidents Fetch Interval False Forwarding Rule False First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days) False Max events to fetch False Click Test to validate the URLs, token, and connection.
Note :- If "Fetch Incidents" parameter is selected then make sure "Long running instance" capability of the integration is disabled.#
Note :- Set Mapper (incoming) to "Commvault Suspicious File Activity Mapper"#
Commands#
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
commvault-security-set-disable-data-aging#
Disables data aging on CS
Base Command#
commvault-security-set-disable-data-aging
Input#
There are no input arguments for this command.
Context Output#
| Path | Type | Description |
|---|---|---|
| CommvaultSecurityIQ.DisableDataAging | string | Status returned after calling disable data aging API |
commvault-security-get-generate-token#
Generate Token
Base Command#
commvault-security-get-generate-token
Input#
There are no input arguments for this command.
Context Output#
| Path | Type | Description |
|---|---|---|
| CommvaultSecurityIQ.GenerateToken | string | Status indicating whether successfully generated access token or not |
commvault-security-get-access-token-from-keyvault#
Read the access token from KeyVault
Base Command#
commvault-security-get-access-token-from-keyvault
Input#
There are no input arguments for this command.
Context Output#
| Path | Type | Description |
|---|---|---|
| CommvaultSecurityIQ.GetAccessToken | string | Status returned after getting the access token from KeyVault |
commvault-security-set-disable-saml-provider#
Disable SAML provider
Base Command#
commvault-security-set-disable-saml-provider
Input#
There are no input arguments for this command.
Context Output#
| Path | Type | Description |
|---|---|---|
| CommvaultSecurityIQ.DisableSaml | string | Status indicating whether successfully disabled SAML provider or not |
commvault-security-get-copy-files-list-to-war-room#
Copy the list of affected files list to war room
Base Command#
commvault-security-get-copy-files-list-to-war-room
Input#
There are no input arguments for this command.
Context Output#
There is no context output for this command.
commvault-security-set-disable-user#
Disables user
Base Command#
commvault-security-set-disable-user
Input#
| Argument Name | Description | Required |
|---|---|---|
| user_email | Email id of the user to be disabled. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| CommvaultSecurityIQ.DisableUser | string | Response indicating whether successfully disabled user or not. |