Skip to content

Commit 80f89fb

Browse files
Commvault Security IQ: Migrate data connector to CCF (v3.0.5)
1 parent 2d22044 commit 80f89fb

3 files changed

Lines changed: 14 additions & 4 deletions

File tree

Solutions/Commvault Security IQ/Data Connectors/CommvaultSecurityIQ_CCF/CommvaultSecurityIQ_PollerConfig.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,11 @@
2121
"queryWindowInMin": 30,
2222
"retryCount": 3,
2323
"timeoutInSeconds": 120,
24+
"queryTimeFormat": "UnixTimestampInSeconds",
25+
"queryParameters": {
26+
"fromTime": "{_QueryWindowStartTime}",
27+
"toTime": "{_QueryWindowEndTime}"
28+
},
2429
"headers": {
2530
"Accept": "application/json",
2631
"User-Agent": "MS-Sentinel-CCF-CommvaultSecurityIQ"

Solutions/Commvault Security IQ/Package/mainTemplate.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2008,6 +2008,11 @@
20082008
"queryWindowInMin": 30,
20092009
"retryCount": 3,
20102010
"timeoutInSeconds": 120,
2011+
"queryTimeFormat": "UnixTimestampInSeconds",
2012+
"queryParameters": {
2013+
"fromTime": "{_QueryWindowStartTime}",
2014+
"toTime": "{_QueryWindowEndTime}"
2015+
},
20112016
"headers": {
20122017
"Accept": "application/json",
20132018
"User-Agent": "MS-Sentinel-CCF-CommvaultSecurityIQ"

Solutions/Commvault Security IQ/README.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,9 @@ This SOAR integration connects Commvault Cloud with Microsoft Sentinel to enable
55

66
## Overview
77
This solution provides:
8-
- **Data Ingestion**: Automated collection of Commvault security events and anomalies
9-
- **Incident Creation**: Automatic creation of Sentinel incidents based on Commvault security events
10-
- **AI Powered Insights**: AI-driven coorelation of Commvault Threat Scan and Risk Analysis events with Sentinel Data Lake signals from tools like CrowdStrike, Netskope, and Palo Alto to validate impact on affected hosts and speed investigation.
8+
- **Data Ingestion**: Automated collection of Commvault client anomaly events via the Codeless Connector Framework
9+
- **Incident Creation**: Automatic creation of Sentinel incidents based on Commvault anomaly detections
10+
- **AI Powered Insights**: Use the Commvault Security Investigation Agent in Microsoft Security Copilot to correlate Commvault anomaly events with signals from tools like CrowdStrike, Netskope, and Palo Alto to validate impact on affected hosts and speed investigation.
1111
- **Incident Response**: Playbooks for automated remediation actions (disable users, disable data aging, etc.)
1212

1313
## Prerequisites
@@ -35,7 +35,7 @@ Installation
3535

3636
* Follow the instructions in [Creating an Access Token](https://documentation.commvault.com/2024e/essential/creating_access_token.html).
3737
* Ensure the user creating the token has **Admin** or **Tenant Admin** privileges.
38-
* Copy the generated **QSDK Token** — you will need it in Step 5.
38+
* Copy the generated **QSDK Token** — you will need it in Step 4.
3939

4040
**2\. Install Commvault Cloud Solution:**
4141

0 commit comments

Comments
 (0)