Commvault's integration with Netskope Cloud Threat Exchange (CTE) allows organizations to view Indicators of Compromise (IOC) insights within the Threat Indicators dashboard in order to perform actions to validate that backups are safe.
You can use NetSkope to do the following:
-
Send Security IQ anomaly info to Netskope CTE.
-
Receive threat intelligence insights from Netskope CTE and view impacted servers in the Threat Indicators dashboard to drive proactive investigative actions for the clean recovery of data.
Procedure
-
Install the Commvault plugin from Netskope marketplace. See Commvault Plugin for Threat Exchange.
-
Create a user. For more information, see Creating a User.
-
Assign the following permissions to the user. For more information, see User Security Permissions.
-
View permission on the CommCell.
-
Client Admin on Selected Servers.
-
View permission on All Servers.
-
-
Create an access token for the user. For more information, see Creating an Access Token.
Note
To ensure the service user cannot run workflows, the admin user must restrict access to the following required APIs only:
-
/commandcenter/api/Events
-
/commandcenter/api/Client/<Client ID>
-
/commandcenter/api/Client/Action/Report/Bulk/Anomaly
-
-
Configure the Commvault plugin using the access token.
-
After IOCs are received, go to the Threat Indicators Report for Partner Integration to check for anomalies.
Note
In order to view the Threat Indicators for Partner Integrations report (see Threat Indicators Report for Partner Integration), you must first receive indicators of compromise (IOC) from our partners.