Commvault Metallic¶
About¶
Metallic AI combines ML-driven automation and AI simplicity to deliver risk detection, readiness, and cloud-scale recovery with speed and certainty.
Product Details¶
Vendor URL: Metallic
Product Type: Data Security
Product Tier: Tier III
Integration Method: Webhook
Integration URL: Generic Webhook - Cyderes Documentation
Log Guide: n/a
Parser Details¶
Log Format: JSON
Expected Normalization Rate: near 100%
Data Label: COMMVAULT_METALLIC
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| "Commvault" | metadata.vendor_name |
| "Metallic" | metadata.product_name |
| GENERIC_EVENT | metadata.event_type |
| Detected Criteria | metadata.description |
| Type | metadata.product_event_type |
| CommCell | observer.hostname |
| domain | principal.administrative_domain |
| username | principal.user.userid |
| User | principal.user.userid |
| User | principal.user.email_addresses |
| Instance | principal.application |
| Virtual Machine Name | principal.asset.asset_id |
| Virtual Machine Host Name | principal.hostname |
| Job ID | principal.process.pid |
| Client | principal.resource.name |
| Agent Type | principal.resource.resource_subtype |
| Alert | security_result.description |
| Description | security_result.summary |
| Status | security_result.summary |
| Storage Policies Used | security_result.detection_fields |
| Backup Level | security_result.detection_fields |
| Backup Set | security_result.detection_fields |
| Error Code | security_result.detection_fields |
| Additional Information | security_result.detection_fields |
| Protected Counts | security_result.detection_fields |
| Failed Counts | security_result.detection_fields |
| Failure Reason | security_result.detection_fields |
| Failure reason for Virtual Machine Backup | security_result.detection_fields |
| Virtual Machine Backup Status | security_result.detection_fields |
| Subclient | security_result.detection_fields |
| Start Time | security_result.detection_fields |
| End Time | security_result.detection_fields |
| Scheduled Time | security_result.detection_fields |
Product Event Types¶
| Product Event | Description | UDM Event |
|---|---|---|
| All | All events | GENERIC_EVENT |
Log Sample¶
{"Additional Information ":"Not Applicable","Agent Type":"SharePoint Server","Alert":"completed backup with errors","Backup Level":"Incremental","Backup Set":"Sharepoint Online","Client":"Company_SharePoint","CommCell":"M3","Detected Criteria":"Job Succeeded with Errors","Detected Time":"Wed Jan 24 15:29:56 2024","End Time":"Wed Jan 24 15:29:48 2024","Error Code":"Not Applicable","Failed Counts":"3","Failure Reason":"Not Applicable","Failure reason for Virtual Machine Backup":"Not Applicable","Instance":"Not Applicable","Job ID":"1234","Protected Counts":"302","Scheduled Time":"Wed Jan 24 15:05:35 2024","Start Time":"Wed Jan 24 15:05:38 2024","Status":"Completed w/ one or more errors","Storage Policies Used":"policy-metallic-o365-storage-eastus2","Subclient":"SharepointOnline","Type":"Job Management - Data Protection","User":"master","Virtual Machine Backup Status":"Not Applicable","Virtual Machine Host Name":"Not Applicable","Virtual Machine Name":"Not Applicable"}
Sample Parsing¶
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "Commvault"
metadata.product_name = "Metallic"
metadata.product_event_type = "Job Management - Data Protection"
metadata.description = "Job Succeeded with Errors"
principa.hostname = "Not Applicable"
principal.user.userid = "master"
principal.process.pid = "1234"
principal.asset.asset_id = "cv:Not Applicable"
principal.application = "Not Applicable"
principal.resource.resource_subtype = "SharePoint Server"
principal.resource.name = "Company_SharePoint"
observer.hostname = "M3"
security_result.summary = "Completed w/ one or more errors"
security_result.description = "completed backup with errors"
security_result.detection_fields.key = "storagePoliciesUsed"
security_result.detection_fields.value = "policy-metallic-o365-storage-eastus2"
security_result.detection_fields.key = "backupLevel"
security_result.detection_fields.value = "Incremental"
security_result.detection_fields.key = "backupSet"
security_result.detection_fields.value = Sharepoint Online"
security_result.detection_fields.key = "errorCode"
security_result.detection_fields.value = "Not Applicable"
security_result.detection_fields.key = "additionalInformation"
security_result.detection_fields.value = "Not Applicable"
security_result.detection_fields.key = "protectedCounts"
security_result.detection_fields.value = "302"
security_result.detection_fields.key = "failedCounts"
security_result.detection_fields.value = "3"
security_result.detection_fields.key = "failureReason"
security_result.detection_fields.value = "Not Applicable"
security_result.detection_fields.key = "failureReasonForVMBackup"
security_result.detection_fields.value = "Not Applicable"
security_result.detection_fields.key = "VMBackupStatus"
security_result.detection_fields.value = "Not Applicable"
security_result.detection_fields.key = "subclient"
security_result.detection_fields.value = "SharepointOnline"
security_result.detection_fields.key = "startTime"
security_result.detection_fields.value = "Wed Jan 24 15:05:38 2024"
security_result.detection_fields.key = "scheduledTime"
security_result.detection_fields.value = "Wed Jan 24 15:05:35 2024"
security_result.detection_fields.key = "endTime"
security_result.detection_fields.value = "Wed Jan 24 15:29:48 2024"