Cohesity - Identify Restore Point for Affected Virtual Machines

This workflow is triggered by an incident automation rule and identifies available restore points for impacted assets in Cohesity DataProtect.

Description

This workflow is triggered by an automation rule as soon as an incident is created in Cisco XDR. Once triggered, the workflow retrieves the list of virtual machine assets associated with the incident and then determines the most recent and viable restore point for each virtual machine in Cohesity DataProtect.

Targets: Platform APIs, Cohesity DataProtect

Steps:

For each target:
- Make sure the target is a host and fetch its details from XDR assets
- Validate and convert the serial number (to a VMware UUID)
- Search for matching protection objects in Cohesity (skip the target if 0 or more than 1 is found)
- Get a summary of snapshots for the object (if no summaries were returned, skip the target)
  - For each cluster the object belongs to:
    - Get a snapshot summary and check if a viable snapshot is available
- Check if a snapshot was found (if not, skip the target)
- Update the workflow execution log

This workflow requires the following targets to be available before it can be run.

Integration targets

Cisco XDR
Cohesity DataProtect

Author

Cohesity

Version

v1.5

Integration

Cohesity DataProtect

Average rating

No ratings yet

Authorship

Cisco Verified

support@cohesity.com

Content Licensing

Cisco Verified

This workflow is triggered by an incident automation rule and identifies available restore points for impacted assets in Cohesity DataProtect.

Cisco Verified

This workflow appears in the pivot menu and leverages Cohesity DataProtect to restore the selected virtual machine to its most recent backup snapshot.

Cisco Verified

This workflow appears in the pivot menu and enables you to capture snapshots of virtual machines in Cohesity DataProtect.

Cisco Verified

This workflow is triggered by an automation rule when an incident is created in Cisco XDR.