Publisher: Commvault Systems
Connector Version: 2.0.0
Product Vendor: Commvault Systems
Product Name: Commvault Cloud
Product Version Supported (regex): ".*"
Minimum Product Version: 6.2.1
This app integrates with Commvault API to fetch threat indicators and respond
- A new asset configuration parameter, 'PhantomAPIToken' has been added in v2.0 of the app. Hence, it is requested to the end-user to update their existing assets and playbooks accordingly.
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Commvault Cloud asset in SOAR.
| VARIABLE | REQUIRED | TYPE | DESCRIPTION |
|---|---|---|---|
| CommvaultEndpoint | required | string | Commvault End Point |
| CommvaultAccessToken | required | string | Commvault Access Token |
| PhantomAPIToken | required | password | Phantom API token (For creating new events) |
test connectivity - Validate the asset configuration for connectivity using supplied configuration
disable user - Disable User
disable data aging - Disable data aging
disable idp - Disable IDP
on poll - Ingest events from Commvault API
Validate the asset configuration for connectivity using supplied configuration
Type: test
Read only: True
Validate the asset configuration for connectivity using supplied configuration.
No parameters are required for this action
No Output
Disable User
Type: contain
Read only: False
Disable Commvault Cloud user account if suspicious user behavior is detected to avoid exfiltration attempts.
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| user_email | required | Email Address of User | string |
| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
|---|---|---|---|
| action_result.parameter.user_email | string | ||
| action_result.status | string | success failed | |
| action_result.message | string | ||
| summary.total_objects | numeric | ||
| summary.total_objects_successful | numeric |
Disable data aging
Type: contain
Read only: False
Disable data aging within Commvault Cloud when server compromise is detected to protect backup data.
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| client_name | required | Client Name to disable data aging | string |
| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
|---|---|---|---|
| action_result.parameter.client_name | string | ||
| action_result.status | string | success failed | |
| action_result.message | string | ||
| summary.total_objects | numeric | ||
| summary.total_objects_successful | numeric |
Disable IDP
Type: contain
Read only: False
Disable IDP provider configured for Commvault Cloud user authentication to restrict access to backups in the event of a cyber incident to avoid exfiltration attempts.
No parameters are required for this action
| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
|---|---|---|---|
| action_result.status | string | success failed | |
| action_result.message | string | ||
| summary.total_objects | numeric | ||
| summary.total_objects_successful | numeric |
Ingest events from Commvault API
Type: ingest
Read only: True
Ingest events from Commvault API.
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| start_time | optional | Parameter ignored in this app | numeric | |
| end_time | optional | Parameter ignored in this app | numeric | |
| container_id | optional | Parameter ignored in this app | string | |
| container_count | optional | Maximum number of tickets to be ingested during poll now | numeric | |
| artifact_count | optional | Parameter ignored in this app | numeric |
No Output