You can integrate Cleanroom solution with Palo Alto XSOAR to identify clean recovery points.
You can allow security teams to automatically create a recovery group and add workloads into the recovery with clean recovery points using Palo Alto XSOAR.
Procedure
-
Create a dedicated recovery target that will be used as the Cleanroom target for Palo Alto XSOAR based recoveries and assign security operations team as the users of the target so that this target is automatically selected when recovery group is created by the Security operations team using Palo Alto XSOAR platform.
For instructions, see Creating a cleanroom Recovery Target
-
Ask your Security Operations team to add VMs to the recovery group using Commvault Palo Alto Playbook.
For information about how to integrate Commvault with Palo Alto XSOAR, go to the Commvault Cloud page on the Palo Alto documentation website.
-
To add VMs to a Cleanroom recovery group along with the clean recovery point that you want to use during recovery, run the following command:
commvault-security-set-cleanroom-add-vm-to-recovery-groupThis will create a recovery group with the name APIRecoveryGroup with VMs that you added.
-
-
After the APIRecoveryGroup recovery group is created, perform Cleanroom recovery of the VMs into the automatically selected target.
For instructions, see Recover a Recovery Group or an Entity into a Cleanroom Site.
What to Do Next
The Security Operations team can log in to the recovered VMs in the Cleanroom environment and perform extensive security validations to confirm that the recovered workloads are free of ransomware and anomalies.