Commvault Cloud for Sentinel
作成者: Commvault
It enables Commvault users to ingest alerts and other data into their Sentinel Instance.
Commvault Cloud Data Connector for Microsoft Sentinel
About This Solution
What it offers: Automated security event ingestion from Commvault Cloud environments directly into Microsoft Sentinel, enabling centralized threat detection, incident response, and compliance monitoring for your data protection infrastructure.
Event Types Collected: By default, collects security-relevant events like anomalies and malware/ransomware threats as documented in the Threat Indicators Dashboard. Refer to the detailed documentation for more details.
Problem it solves: Eliminates security blind spots in data protection environments by providing real-time visibility into Commvault security events, reducing manual monitoring overhead, and enabling faster threat detection and response.
Quick Setup
- Create Access Token: Generate access/refresh tokens in Commvault Cloud with Admin privileges
- Setup Key Vault: Create Azure Key Vault with required secrets (access-token, refresh-token, environment-endpoint-url)
- Deploy Connector: Install from Sentinel Content Hub and configure Function App parameters
- Configure Permissions: Grant Function App access to Key Vault (Access Policies or RBAC)
For detailed configuration steps, prerequisites, and automation setup, visit: https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Commvault%20Security%20IQ