Overview
The Security Information and Event Management (SIEM) connector allows you to send alerts, audit logs, and events from a CommCell or a company to a third-party application. You can add an SIEM connector for a syslog server or a webhook.
For Commvault SaaS, the SIEM connector enables seamless integration with third-party applications without requiring knowledge of CommCell-specific configurations. Only audits and alerts can be sent to the third-party application. These audits and alerts at the company level are also shared with the CommCell-level SIEM connectors.
The software forwards logs to the syslog server every 8 minutes. The SIEM Connector takes a maximum of 16 minutes to send data to Syslog or Webhook, depending on the time at which the data was generated.
Key Features:
- Integration Options: Supports syslog servers and webhooks for third-party application integration.
- Company-Level Functionality: On Commvault SaaS, users can send audits and alerts without requiring CommCell-specific knowledge.
- Data Forwarding: Logs are forwarded to the syslog server every 8 minutes, with a maximum delay of 16 minutes for data delivery.
Note
When there is any SIEM connector configured against one of these streaming data types (Alerts, Audit, Events), the same streaming data type cannot be configured on another SIEM connector.
Finding the SIEM Connector Configuration
For Commvault SaaS, the SIEM connector configuration is located under Manage > System.
To access the SIEM connector configuration: 1. Navigate to Manage > System in the Commvault interface. 2. Click SIEM Connector tile to view or modify the settings.
Additional Notes for Commvault SaaS Users
-
Commvault SaaS users do not need to interact with CommCell-specific settings. All relevant configurations for the SIEM connector are available under the SIEM Connector section.
-
The terminology and navigation have been streamlined to ensure ease of use for new users unfamiliar with CommCell.
CHANGE_STATUS: CHANGES_MADE