-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding a command to add VM to cleanroom recovery group and changing t…
…he integration name (#35229) (#35411) * Changes * Add VM to cleanroom recovery group Adding command to add VM to cleanroom recovery group * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Update pack_metadata.json * remove commented code Co-authored-by: Cv-securityIQ <[email protected]>
- Loading branch information
Showing
8 changed files
with
693 additions
and
201 deletions.
There are no files selected for viewing
263 changes: 237 additions & 26 deletions
263
Packs/CommvaultSecurityIQ/Integrations/CommvaultSecurityIQ/CommvaultSecurityIQ.py
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
171 changes: 170 additions & 1 deletion
171
...tSecurityIQ/Integrations/CommvaultSecurityIQ/CommvaultSecurityIQ_description.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,170 @@ | ||
Commvault Security IQ provides pre-built integrations, automation workflows, and playbooks to streamline operations, enhance threat intelligence integration, and gain actionable insights through advanced reporting and analytics.This integration was integrated and tested with version 6.8.0 of CommvaultSecurityIQ## Configure Commvault Security IQ on Cortex XSOAR1. Navigate to **Settings** > **Integrations** > **Servers & Services**.2. Search for Commvault Security IQ.3. Click **Add instance** to create and configure a new integration instance. | **Parameter**| **Required**| | ---| ---| | Long running instance| False| | Mapper (incoming)| True| | Commvault Webservice Url| True| | Commvault API Token| True| | Azure KeyVault Url| False| | Azure KeyVault Tenant ID| False| | Azure KeyVault Client ID| False| | Azure KeyVault Client Secret| False| | Port mapping (<port> or <host port>:<docker port>)| False| | Incident type| False| | Fetch incidents| False| | Incidents Fetch Interval| False| | Forwarding Rule| False| | First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)| False| | Max events to fetch| False|4. Click **Test** to validate the URLs, token, and connection.##### Note :- If "Fetch Incidents" parameter is selected then make sure "Long running instance" capability of the integration is disabled.##### Note :- Set Mapper (incoming) to "Commvault Suspicious File Activity Mapper"## CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.After you successfully execute a command, a DBot message appears in the War Room with the command details.### commvault-security-set-disable-data-aging***Disables data aging on CS#### Base Command`commvault-security-set-disable-data-aging`#### InputThere are no input arguments for this command.#### Context Output| **Path** | **Type** | **Description** || --- | --- | --- || CommvaultSecurityIQ.DisableDataAging | string | Status returned after calling disable data aging API | ### commvault-security-get-generate-token***Generate Token#### Base Command`commvault-security-get-generate-token`#### InputThere are no input arguments for this command.#### Context Output| **Path** | **Type** | **Description** || --- | --- | --- || CommvaultSecurityIQ.GenerateToken | string | Status indicating whether successfully generated access token or not | ### commvault-security-get-access-token-from-keyvault***Read the access token from KeyVault#### Base Command`commvault-security-get-access-token-from-keyvault`#### InputThere are no input arguments for this command.#### Context Output| **Path** | **Type** | **Description** || --- | --- | --- || CommvaultSecurityIQ.GetAccessToken | string | Status returned after getting the access token from KeyVault | ### commvault-security-set-disable-saml-provider***Disable SAML provider#### Base Command`commvault-security-set-disable-saml-provider`#### InputThere are no input arguments for this command.#### Context Output| **Path** | **Type** | **Description** || --- | --- | --- || CommvaultSecurityIQ.DisableSaml | string | Status indicating whether successfully disabled SAML provider or not | ### commvault-security-get-copy-files-list-to-war-room***Copy the list of affected files list to war room#### Base Command`commvault-security-get-copy-files-list-to-war-room`#### InputThere are no input arguments for this command.#### Context OutputThere is no context output for this command.### commvault-security-set-disable-user***Disables user#### Base Command`commvault-security-set-disable-user`#### Input| **Argument Name** | **Description** | **Required** || --- | --- | --- || user_email | Email id of the user to be disabled. | Required | #### Context Output| **Path** | **Type** | **Description** || --- | --- | --- || CommvaultSecurityIQ.DisableUser | string | Response indicating whether successfully disabled user or not. | | ||
Commvault Cloud provides pre-built integrations, automation workflows, and playbooks to streamline operations, enhance threat intelligence integration, and gain actionable insights through advanced reporting and analytics. | ||
This integration was integrated and tested with version 6.9.0 of CommvaultSecurityIQ. | ||
|
||
## Configure Commvault Cloud on Cortex XSOAR | ||
|
||
1. Navigate to **Settings** > **Integrations** > **Servers & Services**. | ||
2. Search for Commvault Cloud. | ||
3. Click **Add instance** to create and configure a new integration instance. | ||
|
||
| **Parameter**| **Required**| | ||
| ---| ---| | ||
| Long running instance| False| | ||
| Mapper (incoming)| True| | ||
| Commvault Webservice Url| True| | ||
| Commvault API Token| True| | ||
| Azure KeyVault Url| False| | ||
| Azure KeyVault Tenant ID| False| | ||
| Azure KeyVault Client ID| False| | ||
| Azure KeyVault Client Secret| False| | ||
| Port mapping (<port> or <host port>:<docker port>)| False| | ||
| Incident type| False| | ||
| Fetch incidents| False| | ||
| Incidents Fetch Interval| False| | ||
| Forwarding Rule| False| | ||
| First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)| False| | ||
| Max events to fetch| False| | ||
|
||
4. Click **Test** to validate the URLs, token, and connection. | ||
|
||
##### Note :- If "Fetch Incidents" parameter is selected then make sure "Long running instance" capability of the integration is disabled. | ||
##### Note :- Set Mapper (incoming) to "Commvault Suspicious File Activity Mapper" | ||
## Commands | ||
|
||
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. | ||
After you successfully execute a command, a DBot message appears in the War Room with the command details. | ||
|
||
### commvault-security-set-disable-data-aging | ||
|
||
*** | ||
Disables data aging on CS | ||
|
||
#### Base Command | ||
|
||
`commvault-security-set-disable-data-aging` | ||
|
||
#### Input | ||
|
||
There are no input arguments for this command. | ||
|
||
#### Context Output | ||
|
||
| **Path** | **Type** | **Description** | | ||
| --- | --- | --- | | ||
| CommvaultSecurityIQ.DisableDataAging | string | Status returned after calling disable data aging API | | ||
|
||
### commvault-security-get-generate-token | ||
|
||
*** | ||
Generate Token | ||
|
||
#### Base Command | ||
|
||
`commvault-security-get-generate-token` | ||
|
||
#### Input | ||
|
||
There are no input arguments for this command. | ||
|
||
#### Context Output | ||
|
||
| **Path** | **Type** | **Description** | | ||
| --- | --- | --- | | ||
| CommvaultSecurityIQ.GenerateToken | string | Status indicating whether successfully generated access token or not | | ||
|
||
### commvault-security-get-access-token-from-keyvault | ||
|
||
*** | ||
Read the access token from KeyVault | ||
|
||
#### Base Command | ||
|
||
`commvault-security-get-access-token-from-keyvault` | ||
|
||
#### Input | ||
|
||
There are no input arguments for this command. | ||
|
||
#### Context Output | ||
|
||
| **Path** | **Type** | **Description** | | ||
| --- | --- | --- | | ||
| CommvaultSecurityIQ.GetAccessToken | string | Status returned after getting the access token from KeyVault | | ||
|
||
### commvault-security-set-disable-saml-provider | ||
|
||
*** | ||
Disable SAML provider | ||
|
||
#### Base Command | ||
|
||
`commvault-security-set-disable-saml-provider` | ||
|
||
#### Input | ||
|
||
There are no input arguments for this command. | ||
|
||
#### Context Output | ||
|
||
| **Path** | **Type** | **Description** | | ||
| --- | --- | --- | | ||
| CommvaultSecurityIQ.DisableSaml | string | Status indicating whether successfully disabled SAML provider or not | | ||
|
||
### commvault-security-get-copy-files-list-to-war-room | ||
|
||
*** | ||
Copy the list of affected files list to war room | ||
|
||
#### Base Command | ||
|
||
`commvault-security-get-copy-files-list-to-war-room` | ||
|
||
#### Input | ||
|
||
There are no input arguments for this command. | ||
|
||
#### Context Output | ||
|
||
There is no context output for this command. | ||
### commvault-security-set-disable-user | ||
|
||
*** | ||
Disables user | ||
|
||
#### Base Command | ||
|
||
`commvault-security-set-disable-user` | ||
|
||
#### Input | ||
|
||
| **Argument Name** | **Description** | **Required** | | ||
| --- | --- | --- | | ||
| user_email | Email id of the user to be disabled. | Required | | ||
|
||
#### Context Output | ||
|
||
| **Path** | **Type** | **Description** | | ||
| --- | --- | --- | | ||
| CommvaultSecurityIQ.DisableUser | string | Response indicating whether successfully disabled user or not. | | ||
|
||
### commvault-security-set-cleanroom-add-vm-to-recovery-group | ||
|
||
*** | ||
Add VM to Cleanroom | ||
|
||
#### Base Command | ||
|
||
`commvault-security-set-cleanroom-add-vm-to-recovery-group` | ||
|
||
#### Input | ||
|
||
| **Argument Name** | **Description** | **Required** | | ||
| --- | --- | --- | | ||
| vm_name | VM name. | Required | | ||
| clean_recovery_point | Recovery point timestamp to which we add the VM. | Required | | ||
|
||
#### Context Output | ||
|
||
| **Path** | **Type** | **Description** | | ||
| --- | --- | --- | | ||
| CommvaultSecurityIQ.AddEntityToCleanroom | string | Response indicating whether successfully added the VM to the recovery point or not. | |
Oops, something went wrong.