CommvaultSecurityIQ
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Connector ID | CommvaultSecurityIQ_CL |
| Publisher | Commvault |
| Used in Solutions | Commvault Security IQ |
| Collection Method | Azure Function |
| Connector Definition Files | CommvaultSecurityIQ_API_AzureFunctionApp.json |
| Ingestion API | Log Ingestion API — Sibling ARM template declares DCR / Log Ingestion API resources |
| Microsoft Learn | View on Learn |
This Azure Function enables Commvault users to ingest alerts/events into their Microsoft Sentinel instance. With Analytic Rules,Microsoft Sentinel can automatically create Microsoft Sentinel incidents from incoming events and logs.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
CommvaultAlerts_CL |
✓ | ✓ | ✓ |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions:
- Workspace (Workspace): read and write permissions on the workspace are required.
- Keys (Workspace): read permissions to shared keys for the workspace are required. See the documentation to learn more about workspace keys.
Custom Permissions:
- Microsoft.Web/sites permissions: Read and write permissions to Azure Functions to create a Function App is required. See the documentation to learn more about Azure Functions.
- Commvault Environment Endpoint URL: Make sure to follow the documentation and set the secret value in KeyVault
- Commvault QSDK Token: Make sure to follow the documentation and set the secret value in KeyVault
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
NOTE: This connector uses Azure Functions to connect to a Commvault Instance to pull its logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the Azure Functions pricing page for details.
Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. Follow these instructions to use Azure Key Vault with an Azure Function App.
STEP 1 - Configuration steps for the Commvalut QSDK Token
Follow these instructions to create an API Token.
STEP 2 - Deploy the connector and the associated Azure Function
IMPORTANT: Before deploying the CommvaultSecurityIQ data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Commvault Endpoint URL and QSDK Token, readily available.
- Workspace ID:
WorkspaceIdNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.
- Primary Key:
PrimaryKeyNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.
Azure Resource Manager (ARM) Template
Use this method for automated deployment of the Commvault Security IQ data connector.
Click the Deploy to Azure button below.
Select the preferred Subscription, Resource Group and Region.
Enter the Workspace ID, Workspace Key 'and/or Other required fields' and click Next.
Click Create to deploy.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊