Commvault Cloud for Sentinel
Solution: Commvault Security IQ
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Commvault |
| Support Tier | Partner |
| Support Link | https://www.commvault.com/support |
| Categories | domains |
| Version | 3.0.4 |
| Author | svc.cv-securityiq@commvault.com |
| First Published | 2023-08-17 |
| Last Updated | 2026-03-25 |
| Solution Folder | Commvault Security IQ |
| Marketplace | Azure Marketplace · Popularity: ⚪ Very Low (8%) |
This Microsoft Sentinel integration enables Commvault users to ingest alerts and other data into their Microsoft Sentinel instance. With Analytic Rules, Microsoft Sentinel can automatically create Microsoft Sentinel incidents.
Contents
Data Connectors
This solution provides 1 data connector(s):
Tables Used
This solution uses 1 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
CommvaultAlerts_CL |
CommvaultSecurityIQ | Analytics |
Content Items
This solution includes 4 content item(s):
| Content Type | Count |
|---|---|
| Playbooks | 3 |
| Analytic Rules | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Commvault Cloud Alert | Medium | DefenseEvasion, Impact | CommvaultAlerts_CL |
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| Commvault Disable Data Aging Logic App Playbook | This Logic App executes when called upon by an Automation Rule. Accessing the KeyVault to retrieve v... | - |
| Commvault Disable SAML Provider Logic App Playbook | This Logic App executes when called upon by an Automation Rule. Accessing the KeyVault to retrieve v... | - |
| Commvault Disable User Logic App Playbook | This Logic App executes when called upon by an Automation Rule. Accessing the KeyVault to retrieve v... | - |
Additional Documentation
📄 Source: Commvault Security IQ/README.md
Commvault Cloud - Microsoft Sentinel Integration
This SOAR integration connects Commvault Cloud with Microsoft Sentinel to enable automated incident creation and response through Analytic Rules and Playbooks.
Overview
This solution provides: - Data Ingestion: Automated collection of Commvault security events and anomalies - Incident Creation: Automatic creation of Sentinel incidents based on Commvault security events - AI Powered Insights: AI-driven coorelation of Commvault Threat Scan and Risk Analysis events with Sentinel Data Lake signals from tools like CrowdStrike, Netskope, and Palo Alto to validate impact on affected hosts and speed investigation. - Incident Response: Playbooks for automated remediation actions (disable users, disable data aging, etc.)
Prerequisites
Before beginning the installation, ensure you have:
Commvault Requirements
- Administrative Access: Admin or Tenant Admin privileges in Commvault Cloud/Metallic
- API Access: Ability to generate access tokens for API integration
Azure Requirements
- Subscription Access: Contributor or Owner permissions on the Azure subscription
- Resource Group Access: Ability to create and manage resources in the target resource group
- Microsoft Sentinel: An active Sentinel workspace deployed in your Azure environment
- Log Analytics Workspace: A Log Analytics workspace associated with your Sentinel instance
- Azure Cloud Shell: Access to Azure Cloud Shell with PowerShell support
Required Azure Resources
The following Azure resources will be created or configured during this installation:
Key Vault
- Purpose: Securely stores Commvault credentials and API endpoints
- Required Secrets:
access-token: Your Commvault Cloud access tokenenvironment-endpoint-url: Your Commvault Cloud API endpoint URL (Commvault/Metallic endpoint URL : https://hostname/commandcenter/api )refresh-token: Your Commvault Cloud refresh token
Installation
1. Create Access Token in Commvault:
- Follow the instructions in Creating an Access Token / Refresh Token.
- Ensure the user creating the token has Admin or Tenant Admin privileges.
2. Create KeyVault:
- Azure Portal -> KeyVault -> Create -> Basics (select subscription, RG).
3. Create KeyVault Secrets:
- Go to Azure Portal -> KeyVault -> Secrets
- Create following secrets each by clicking on Generate/Import -> Manual:
| Name | Value | Enabled | Action |
|---|---|---|---|
"access-token" |
(Your Commvault/Metallic access token) | Yes | Create |
"refresh-token" |
(Your Commvault/Metallic refresh token) | Yes | Create |
"environment-endpoint-url" |
(Your Commvault/Metallic endpoint's URL) | Yes | Create |
4. Install Commvault Cloud Solution:
[Content truncated...]
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.4 | 05-03-2025 | Migrate to new data ingestion model via DCR & DCE setup |
| 3.0.3 | 12-09-2025 | Enhanced Data connector with configurable event collection and streamlined deployment |
| 3.0.2 | 28-03-2024 | Update Playbook - Bug fix in disabling data aging |
| 3.0.1 | 28-03-2024 | Adding Data Connector for Commvault Sentinel Integration |
| 3.0.0 | 21-08-2023 | Initial Solution Release |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊