Skip to main content

Commvault Security IQ

Download With Dependencies

Commvault Security IQ provides pre-built integrations, automation workflows, and playbooks to streamline operations, enhance threat intelligence integration, and gain actionable insights through advanced reporting and analytics.

Introducing Commvault Security IQ integration pack for Commvault products. It enables security analysts swiftly respond to threats using pre-built integrations, playbooks to secure and audit backups and backup software ecosystem.

With today's evolving threat landscape, data is under constant risk of data destruction and exfiltration. Organizations are challenged with responding to security events as quickly as they can to limit the impact of cyber threats on their production as well as backup data. This content pack allows organizations to monitor anomaly alerts from Commvault and Metallic data protection platforms, so they can respond with orchestrated actions to help fortify the data protection platform.

Key features :

  • Support for Commvault and Metallic
  • Suspicious file anomaly monitoring to indicate file encryption.
  • Fetch Commvault and Metallic file anomaly alerts over API, Commvault Webhook, or Syslog
  • Native API token storage or Azure Key Vault token storage
  • Ability to export and view list of infected files for investigation

Automation Use cases:

  • Disable data aging within Commvault/Metallic when server compromise is detected to protect backup data
  • Interactive runbook to disable Commvault/Metallic user account if suspicious user behavior is detected to avoid exfiltration attempts.
  • Interactive runbook to disable IDP provider configured for Commvault/Metallic user authentication to restrict access to backups in the event of a cyber incident to avoid exfiltration attempts.

Introducing Commvault Security IQ integration pack for Commvault products. It enables security analysts swiftly respond to threats using pre-built integrations, playbooks to secure and audit backups and backup software ecosystem.

With today's evolving threat landscape, data is under constant risk of data destruction and exfiltration. Organizations are challenged with responding to security events as quickly as they can to limit the impact of cyber threats on their production as well as backup data. This content pack allows organizations to monitor anomaly alerts from Commvault and Metallic data protection platforms, so they can respond with orchestrated actions to help fortify the data protection platform.

Key features :

  • Support for Commvault and Metallic
  • Suspicious file anomaly monitoring to indicate file encryption.
  • Fetch Commvault and Metallic file anomaly alerts over API, Commvault Webhook, or Syslog
  • Native API token storage or Azure Key Vault token storage
  • Ability to export and view list of infected files for investigation

Automation Use cases:

  • Disable data aging within Commvault/Metallic when server compromise is detected to protect backup data
  • Interactive runbook to disable Commvault/Metallic user account if suspicious user behavior is detected to avoid exfiltration attempts.
  • Interactive runbook to disable IDP provider configured for Commvault/Metallic user authentication to restrict access to backups in the event of a cyber incident to avoid exfiltration attempts.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByPartner
CreatedAugust 10, 2023
Last ReleaseApril 7, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.