Commvault¶

Commvault

About¶

The Commvault software platform delivers the unparalleled advantage and benefits of a truly holistic approach to data and information management. Within the platform, tightly integrated, powerful software delivers functionality throughout your physical and virtual environments to protect and recover data, manage costs and complexity, and gain better insight into your information.

Product Details¶

Vendor URL: Commvault

Product Type: Data Security

Product Tier: Tier III

Integration Method: Syslog

Integration URL: N/A

Log Guide: N/A

Parser Details¶

Log Format: KV

Expected Normalization Rate: 98%

Data Label: COMMVAULT

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field	UDM Field
Commcellname	metadata.description
Computer	observer.hostname
Description	network.email.to
Eventid	security_result.about.email
Eventseverity	network.email.mail_id
Occurencetime	metadata.product_event_type
Program	observer.application
Utctimestamp	network.email.subject

Product Event Types¶

Event	UDM Event Classification
all	GENERIC_EVENT

Log Sample¶

Events: Eventid = {4357039}  Occurrencetime = {10 Dec 2023 17:28:57}  Eventseverity = {Major}  Commcellname = {computer2}  Computer = {computer1}  Program = {MediaManager}  Description = {Access Path [Cloud library path] on MediaAgent [computer1] for MountPath [[computer1] sample] in library [LIBRARY] is offline.}  Utctimestamp = {1702250937}

Sample Parsing¶

metadata.event_timestamp = "10 Dec 2023 17:28:57"
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "Commvault"
metadata.product_name = "Commvault Backup"
metadata.ingested_timestamp = "1702250937"
principal.hostnamt = "computer2"
principal.asset.software.name = "MediaManager"
observer.hostname = "computer1"
security_result.description = "Access Path [Cloud library path] on MediaAgent [computer1] for MountPath [[computer1] sample] in library [LIBRARY] is offline."
security_result.severity = "CRITICAL"
security_result.severity_details = "Major"

Rules¶

Coming Soon