Skip to main content

Commvault Cloud

Download With Dependencies

Commvault Cloud provides pre-built integrations, automation workflows, and playbooks to streamline operations, enhance threat intelligence integration, and gain actionable insights through advanced reporting and analytics.

Introducing Commvault Cloud integration pack for Commvault products. It enables security analysts swiftly respond to threats using pre-built integrations, playbooks to secure and audit backups and backup software ecosystem.

With today's evolving threat landscape, data is under constant risk of data destruction and exfiltration. Organizations are challenged with responding to security events as quickly as they can to limit the impact of cyber threats on their production as well as backup data. This content pack allows organizations to monitor anomaly alerts from Commvault Cloud data protection platforms, so they can respond with orchestrated actions to help fortify the data protection platform.

Key features :

  • Support for Commvault Cloud
  • Suspicious file anomaly monitoring to indicate file encryption.
  • Fetch Commvault Cloud file anomaly alerts over API, Commvault Webhook, or Syslog
  • Native API token storage or Azure Key Vault token storage
  • Ability to export and view list of infected files for investigation

Automation Use cases:

  • Disable data aging within Commvault Cloud when server compromise is detected to protect backup data.
  • Interactive runbook to disable Commvault Cloud user account if suspicious user behavior is detected to avoid exfiltration attempts.
  • Interactive runbook to disable IDP provider configured for Commvault Cloud user authentication to restrict access to backups in the event of a cyber incident to avoid exfiltration attempts.
  • Add a VM to the Cleanroom using the nearest clean recovery point, identified based on the incident time, after a compromise is detected.

Introducing Commvault Cloud integration pack for Commvault products. It enables security analysts swiftly respond to threats using pre-built integrations, playbooks to secure and audit backups and backup software ecosystem.

With today's evolving threat landscape, data is under constant risk of data destruction and exfiltration. Organizations are challenged with responding to security events as quickly as they can to limit the impact of cyber threats on their production as well as backup data. This content pack allows organizations to monitor anomaly alerts from Commvault Cloud data protection platforms, so they can respond with orchestrated actions to help fortify the data protection platform.

Key features :

  • Support for Commvault Cloud
  • Suspicious file anomaly monitoring to indicate file encryption.
  • Fetch Commvault Cloud file anomaly alerts over API, Commvault Webhook, or Syslog
  • Native API token storage or Azure Key Vault token storage
  • Ability to export and view list of infected files for investigation

Automation Use cases:

  • Disable data aging within Commvault Cloud when server compromise is detected to protect backup data.
  • Interactive runbook to disable Commvault Cloud user account if suspicious user behavior is detected to avoid exfiltration attempts.
  • Interactive runbook to disable IDP provider configured for Commvault Cloud user authentication to restrict access to backups in the event of a cyber incident to avoid exfiltration attempts.
  • Add a VM to the Cleanroom using the nearest clean recovery point, identified based on the incident time, after a compromise is detected.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByPartner
CreatedAugust 10, 2023
Last ReleaseDecember 8, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.