How to Deploy & Activate the Commvault Threatwise Appliance | Setup, Sensors & SIEM Tutorial скачать в хорошем качестве

How to Deploy & Activate the Commvault Threatwise Appliance | Setup, Sensors & SIEM Tutorial

Before activating your Commvault Threatwise® appliance, you’ll need to deploy it in your virtual environment, configure network settings, initialize it in TSOC, and set up deception sensors across your network. This tutorial walks you step-by-step through deploying the Threatwise appliance, configuring VLAN-based sensors, and integrating Syslog forwarding into your SIEM for full SOC visibility. What This Video Covers Downloading Threatwise appliance files from the TSOC → Products → Download directory Deploying the appliance on VMware using VMDK, OVF, NVRAM, MF files Network adapter configuration: Management, NIS, subnets/VLAN trunks Required ports: 5443 & 8443 (TSOC) and 53 (DNS) Creating Group ID and Appliance ID Correctly formatting the Management Server URL using your tenant ID Setting manual static network configuration (IP, mask, GW, DNS) Completing appliance activation in TSOC Creating VLAN segments and deploying sensors Deploying a Debian Linux sensor with SSH deception service Enabling and configuring Syslog for SIEM forwarding Chapters 00:00 Activating ThreatWise Appliance 07:00 Deploying Additional Sensors 09:48 Integrating ThreatWise with SOC Operations TL;DR A complete walkthrough of Threatwise appliance activation, including OVF deployment, static network setup, TSOC initialization, sensor creation (Windows & Linux deception assets), and Syslog integration for SIEM-based monitoring. Key Takeaways Threatwise deployment requires only four key VMware files: VMDK, OVF, MF, NVRAM Static IP configuration is recommended for appliance stability The Management Server URL must follow: – tenantID-APL.threatwise.metallic.io TSOC detects the new appliance automatically under Pending Initialization Sensors can emulate Windows or Linux systems across VLANs/subnets for wider deception coverage Adding services like SSH increases detection surfaces Syslog integration sends: – Security events (e.g., threat activity) – Monitoring events (e.g., disk warnings) SIEM forwarding uses UDP 514 by default Who Is This For? CISOs CIOs / IT Leadership SOC Managers & SOC Analysts Security Architects Security Engineers / Threat Hunters Network Engineers managing VLANs & segmentation Platform & Infrastructure Teams deploying security appliances FAQ Q: Which ports must be opened for Threatwise to work? A: Ports 5443 and 8443 are required for TSOC communication; port 53 is needed for DNS resolution. Q: Can I deploy sensors across different VLANs or subnets? A: Yes — creating interfaces (e.g., ETH2) and assigning VLAN IDs allows sensors to cover different network zones. Q: What types of sensors can I deploy? A: You can deploy deception sensors such as Windows or Linux (Debian) systems, with optional services like SSH for additional attacker interaction. Q: Why integrate Syslog with my SIEM? A: Syslog ensures all Threatwise alerts appear in your SIEM for real-time SOC monitoring, correlation, and response. Q: Do I need checksum files (MD5)? A: They are optional and used only for file verification. Explore more how-to content and learning resources at Readiverse Academy: https://bit.ly/48WgFgy #Threatwise #Commvault #CyberSecurity #DeceptionTechnology #SIEM #SOC #NetworkSecurity #VMwareDeployments