You can use Splunk SOAR to automate the process of analysing suspicious activity in your Commvault environment.
Note
The Commvault Cloud Splunk SOAR app can be found on the Splunk Marketplace.
Commvault Cloud provides pre-built integrations, automation workflows, and playbooks to streamline operations, enhance threat intelligence integration, and gain actionable insights through advanced reporting and analytics.
Introducing Commvault Cloud Splunk SOAR App for Commvault products. It enables security analysts to respond swiftly to threats using pre-built integrations, and playbooks to secure and audit backups and backup software ecosystems.
With today's evolving threat landscape, data is under constant risk of data destruction and exfiltration. Organizations are challenged with responding to security events as quickly as they can, in order to limit the impact of cyber threats on their production data and backup data. This app allows organizations to monitor anomaly alerts from Commvault Cloud data protection platforms, in order to respond with orchestrated actions to help fortify the data protection platform.
Key Features
-
Support for Commvault Cloud.
-
Suspicious file anomaly monitoring to indicate file encryption.
-
Fetch Commvault Cloud file anomaly alerts over API.
-
Ability to export and view list of infected files for investigation.
Automation Use Cases
-
Protect backup data by disabling data aging within Commvault Cloud when server compromise is detected.
-
Interactive runbook to disable Commvault Cloud user accounts if suspicious user behavior is detected to avoid exfiltration attempts.
-
Interactive runbook to disable IDP provider configured for Commvault Cloud user authentication to restrict access to backups in the event of a cyber incident to avoid exfiltration attempts.