Long Running Integrations as a SIEM Connector Using a Webhook

You can implement a long running integration as a SIEM connector using a webhook.

Procedure

1. Generate and save an access token. For more information, see Creating an Access Token.

2. Create a Commvault Security IQ instance at XSOAR as follows. For more information, see Commvault Security IQ.

   1. Specify Commvault API Token.

   2. Specify Commvault Webservice URL.

   3. Enable Long Running Instance.

   4. In Port Mapping, enter a valid available port number.

   5. Select Forwarding Rule as Webhook.

3. Configure the webhook. For more information, see Generic Webhook.

   The webhook URL will be returned in the following format: <CORTEX-XSOAR-URL>/instance/execute/<INTEGRATION-INSTANCE-NAME>.

   For example, if the XSOAR hostname is myxsoar.company.com and the Commvault Security IQ instance name is commvault_security_iq, then the webhook URL will be: https://myxsoar.company.com/instance/execute/commvault_security_iq.

4. Configure the webhook as a SIEM connector using the webhook URL created in Step 3, above. For more information, see Adding an SIEM Connector for a Webhook.