Commvault's integration with Netskope Cloud Threat Exchange (CTE) allows organizations to view Indicators of Compromise (IOC) insights within the Unusual File Activity dashboard in order to perform actions to validate that backups are safe.
You can use NetSkope for the following:
-
Send Security IQ anomaly info to Netskope CTE.
-
Receive threat intelligence insights from Netskope CTE and view impacted servers in the Unusual File Activity Dashboard to drive proactive investigative actions for the clean recovery of data.
Procedure
-
Install the Commvault plugin from Netskope marketplace. See Commvault Plugin for Threat Exchange.
-
Create a user. For more information, see Creating a User.
-
Assign the following permissions to the user. For more information, see User Security Permissions.
-
View permission on the CommCell.
-
Agent Management on All Servers.
-
View permission on All Servers.
-
-
Create an access token for the user. For more information, see Creating an Access Token.
-
Configure the Commvault plugin using the access token.
-
After IOCs are received, go to the Unusual File Activity Report for Partner Integration to check for anomalies.