Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding a command to add VM to cleanroom recovery group and changing the integration name #35229

Merged
merged 11 commits into from
Jul 14, 2024

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ configuration:
- Webhook
required: false
type: 15
- defaultvalue: 1 day
- defaultvalue: 1 day
display: First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)
additionalinfo: Only for Fetch Incidents
name: first_fetch
Expand All @@ -85,49 +85,49 @@ configuration:
section: Connect
displaypassword: Private Key
required: false
description: Commvault Security IQ provides pre-built integrations, automation workflows, and playbooks to streamline operations, enhance threat intelligence integration, and gain actionable insights through advanced reporting and analytics.
display: Commvault Security IQ
description: Commvault Cloud provides pre-built integrations, automation workflows, and playbooks to streamline operations, enhance threat intelligence integration, and gain actionable insights through advanced reporting and analytics.
display: Commvault Cloud
name: CommvaultSecurityIQ
script:
commands:
- deprecated: false
description: Disables data aging on CS
description: Disables data aging on CS.
execution: false
name: commvault-security-set-disable-data-aging
outputs:
- contextPath: CommvaultSecurityIQ.DisableDataAging
description: Status returned after calling disable data aging API
description: Status returned after calling disable data aging API.
type: string
- deprecated: false
description: Generate Token
description: Generate Token.
execution: false
name: commvault-security-get-generate-token
outputs:
- contextPath: CommvaultSecurityIQ.GenerateToken
description: Status indicating whether successfully generated access token or not
description: Status indicating whether successfully generated access token or not.
type: string
- deprecated: false
description: Read the access token from KeyVault
description: Read the access token from KeyVault.
execution: false
name: commvault-security-get-access-token-from-keyvault
outputs:
- contextPath: CommvaultSecurityIQ.GetAccessToken
description: Status returned after getting the access token from KeyVault
description: Status returned after getting the access token from KeyVault.
type: string
- deprecated: false
description: Disable SAML provider
description: Disable SAML provider.
execution: false
name: commvault-security-set-disable-saml-provider
outputs:
- contextPath: CommvaultSecurityIQ.DisableSaml
description: Status indicating whether successfully disabled SAML provider or not
description: Status indicating whether successfully disabled SAML provider or not.
type: string
- deprecated: false
description: Copy the list of affected files list to war room
description: Copy the list of affected files list to war room.
execution: false
name: commvault-security-get-copy-files-list-to-war-room
- deprecated: false
description: Disables user
description: Disables user.
execution: false
name: commvault-security-set-disable-user
arguments:
Expand All @@ -139,7 +139,24 @@ script:
- contextPath: CommvaultSecurityIQ.DisableUser
description: Response indicating whether successfully disabled user or not.
type: string
dockerimage: demisto/commvault:1.0.0.90788
- deprecated: false
description: Add VM to Cleanroom.
execution: false
name: commvault-security-set-cleanroom-add-vm-to-recovery-group
arguments:
- name: vm_name
description: VM name.
required: true
type: textArea
- name: clean_recovery_point
description: Recovery point timestamp to which we add the VM.
required: true
type: textArea
outputs:
- contextPath: CommvaultSecurityIQ.AddEntityToCleanroom
description: Response indicating whether successfully added the VM to the recovery point or not.
type: string
dockerimage: demisto/commvault:1.0.0.101101
feed: false
isfetch: true
longRunning: true
Expand Down
Original file line number Diff line number Diff line change
@@ -1 +1,170 @@
Commvault Security IQ provides pre-built integrations, automation workflows, and playbooks to streamline operations, enhance threat intelligence integration, and gain actionable insights through advanced reporting and analytics.This integration was integrated and tested with version 6.8.0 of CommvaultSecurityIQ## Configure Commvault Security IQ on Cortex XSOAR1. Navigate to **Settings** > **Integrations** > **Servers & Services**.2. Search for Commvault Security IQ.3. Click **Add instance** to create and configure a new integration instance. | **Parameter**| **Required**| | ---| ---| | Long running instance| False| | Mapper (incoming)| True| | Commvault Webservice Url| True| | Commvault API Token| True| | Azure KeyVault Url| False| | Azure KeyVault Tenant ID| False| | Azure KeyVault Client ID| False| | Azure KeyVault Client Secret| False| | Port mapping (&lt;port&gt; or &lt;host port&gt;:&lt;docker port&gt;)| False| | Incident type| False| | Fetch incidents| False| | Incidents Fetch Interval| False| | Forwarding Rule| False| | First fetch timestamp (&lt;number&gt; &lt;time unit&gt;, e.g., 12 hours, 7 days)| False| | Max events to fetch| False|4. Click **Test** to validate the URLs, token, and connection.##### Note :- If "Fetch Incidents" parameter is selected then make sure "Long running instance" capability of the integration is disabled.##### Note :- Set Mapper (incoming) to "Commvault Suspicious File Activity Mapper"## CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.After you successfully execute a command, a DBot message appears in the War Room with the command details.### commvault-security-set-disable-data-aging***Disables data aging on CS#### Base Command`commvault-security-set-disable-data-aging`#### InputThere are no input arguments for this command.#### Context Output| **Path** | **Type** | **Description** || --- | --- | --- || CommvaultSecurityIQ.DisableDataAging | string | Status returned after calling disable data aging API | ### commvault-security-get-generate-token***Generate Token#### Base Command`commvault-security-get-generate-token`#### InputThere are no input arguments for this command.#### Context Output| **Path** | **Type** | **Description** || --- | --- | --- || CommvaultSecurityIQ.GenerateToken | string | Status indicating whether successfully generated access token or not | ### commvault-security-get-access-token-from-keyvault***Read the access token from KeyVault#### Base Command`commvault-security-get-access-token-from-keyvault`#### InputThere are no input arguments for this command.#### Context Output| **Path** | **Type** | **Description** || --- | --- | --- || CommvaultSecurityIQ.GetAccessToken | string | Status returned after getting the access token from KeyVault | ### commvault-security-set-disable-saml-provider***Disable SAML provider#### Base Command`commvault-security-set-disable-saml-provider`#### InputThere are no input arguments for this command.#### Context Output| **Path** | **Type** | **Description** || --- | --- | --- || CommvaultSecurityIQ.DisableSaml | string | Status indicating whether successfully disabled SAML provider or not | ### commvault-security-get-copy-files-list-to-war-room***Copy the list of affected files list to war room#### Base Command`commvault-security-get-copy-files-list-to-war-room`#### InputThere are no input arguments for this command.#### Context OutputThere is no context output for this command.### commvault-security-set-disable-user***Disables user#### Base Command`commvault-security-set-disable-user`#### Input| **Argument Name** | **Description** | **Required** || --- | --- | --- || user_email | Email id of the user to be disabled. | Required | #### Context Output| **Path** | **Type** | **Description** || --- | --- | --- || CommvaultSecurityIQ.DisableUser | string | Response indicating whether successfully disabled user or not. |
Commvault Cloud provides pre-built integrations, automation workflows, and playbooks to streamline operations, enhance threat intelligence integration, and gain actionable insights through advanced reporting and analytics.
This integration was integrated and tested with version 6.9.0 of CommvaultSecurityIQ.

## Configure Commvault Cloud on Cortex XSOAR

1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
2. Search for Commvault Cloud.
3. Click **Add instance** to create and configure a new integration instance.

| **Parameter**| **Required**|
| ---| ---|
| Long running instance| False|
| Mapper (incoming)| True|
| Commvault Webservice Url| True|
| Commvault API Token| True|
| Azure KeyVault Url| False|
| Azure KeyVault Tenant ID| False|
| Azure KeyVault Client ID| False|
| Azure KeyVault Client Secret| False|
| Port mapping (&lt;port&gt; or &lt;host port&gt;:&lt;docker port&gt;)| False|
| Incident type| False|
| Fetch incidents| False|
| Incidents Fetch Interval| False|
| Forwarding Rule| False|
| First fetch timestamp (&lt;number&gt; &lt;time unit&gt;, e.g., 12 hours, 7 days)| False|
| Max events to fetch| False|

4. Click **Test** to validate the URLs, token, and connection.

##### Note :- If "Fetch Incidents" parameter is selected then make sure "Long running instance" capability of the integration is disabled.
##### Note :- Set Mapper (incoming) to "Commvault Suspicious File Activity Mapper"
## Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.

### commvault-security-set-disable-data-aging

***
Disables data aging on CS

#### Base Command

`commvault-security-set-disable-data-aging`

#### Input

There are no input arguments for this command.

#### Context Output

| **Path** | **Type** | **Description** |
| --- | --- | --- |
| CommvaultSecurityIQ.DisableDataAging | string | Status returned after calling disable data aging API |

### commvault-security-get-generate-token

***
Generate Token

#### Base Command

`commvault-security-get-generate-token`

#### Input

There are no input arguments for this command.

#### Context Output

| **Path** | **Type** | **Description** |
| --- | --- | --- |
| CommvaultSecurityIQ.GenerateToken | string | Status indicating whether successfully generated access token or not |

### commvault-security-get-access-token-from-keyvault

***
Read the access token from KeyVault

#### Base Command

`commvault-security-get-access-token-from-keyvault`

#### Input

There are no input arguments for this command.

#### Context Output

| **Path** | **Type** | **Description** |
| --- | --- | --- |
| CommvaultSecurityIQ.GetAccessToken | string | Status returned after getting the access token from KeyVault |

### commvault-security-set-disable-saml-provider

***
Disable SAML provider

#### Base Command

`commvault-security-set-disable-saml-provider`

#### Input

There are no input arguments for this command.

#### Context Output

| **Path** | **Type** | **Description** |
| --- | --- | --- |
| CommvaultSecurityIQ.DisableSaml | string | Status indicating whether successfully disabled SAML provider or not |

### commvault-security-get-copy-files-list-to-war-room

***
Copy the list of affected files list to war room

#### Base Command

`commvault-security-get-copy-files-list-to-war-room`

#### Input

There are no input arguments for this command.

#### Context Output

There is no context output for this command.
### commvault-security-set-disable-user

***
Disables user

#### Base Command

`commvault-security-set-disable-user`

#### Input

| **Argument Name** | **Description** | **Required** |
| --- | --- | --- |
| user_email | Email id of the user to be disabled. | Required |

#### Context Output

| **Path** | **Type** | **Description** |
| --- | --- | --- |
| CommvaultSecurityIQ.DisableUser | string | Response indicating whether successfully disabled user or not. |

### commvault-security-set-cleanroom-add-vm-to-recovery-group

***
Add VM to Cleanroom

#### Base Command

`commvault-security-set-cleanroom-add-vm-to-recovery-group`

#### Input

| **Argument Name** | **Description** | **Required** |
| --- | --- | --- |
| vm_name | VM name. | Required |
| clean_recovery_point | Recovery point timestamp to which we add the VM. | Required |

#### Context Output

| **Path** | **Type** | **Description** |
| --- | --- | --- |
| CommvaultSecurityIQ.AddEntityToCleanroom | string | Response indicating whether successfully added the VM to the recovery point or not. |
Loading
Loading