Commvault Cloud Data Connector for Microsoft Sentinel

About This Solution

What it offers: Automated security event ingestion from Commvault Cloud environments directly into Microsoft Sentinel, enabling centralized threat detection, incident response, and compliance monitoring for your data protection infrastructure.

Event Types Collected: By default, collects security-relevant events like anomalies and malware/ransomware threats as documented in the Threat Indicators Dashboard. Refer to the detailed documentation for more details.

Problem it solves: Eliminates security blind spots in data protection environments by providing real-time visibility into Commvault security events, reducing manual monitoring overhead, and enabling faster threat detection and response.

Quick Setup

1. Create Access Token: Generate access/refresh tokens in Commvault Cloud with Admin privileges
2. Setup Key Vault: Create Azure Key Vault with required secrets (access-token, refresh-token, environment-endpoint-url)
3. Deploy Connector: Install from Sentinel Content Hub and configure Function App parameters
4. Configure Permissions: Grant Function App access to Key Vault (Access Policies or RBAC)

For detailed configuration steps, prerequisites, and automation setup, visit: https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Commvault%20Security%20IQ