Veeam ONE VM with No Backup

Back


Id	0e76e420-fa55-4718-adc6-40a1a76411af
Rulename	Veeam ONE VM with No Backup
Description	Detects Veeam ONE VMs with no backup.
Severity	High
Required data connectors	VeeamCustomTablesDataConnector
Kind	Scheduled
Query frequency	5m
Query period	5m
Trigger threshold	0
Trigger operator	gt
Source Uri	https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Veeam/Analytic Rules/Veeam_One_VM_with_no_backup.yaml
Version	1.0.1
Arm template	0e76e420-fa55-4718-adc6-40a1a76411af.json

KQL

VeeamOneTriggeredAlarms_CL | where PredefinedAlarmId == 314

YAML

customDetails:
  ObjectName: ObjectName
  ObjectId: ObjectId
  ObjectType: ObjectType
  TriggeredAlarmId: TriggeredAlarmId
  Description: Description
  PredefinedAlarmId: PredefinedAlarmId
  Comment: Comment
  Status: Status
  Name: Name
  VoneHostName: VoneHostName
  TriggeredTime: TriggeredTime
name: Veeam ONE VM with No Backup
relevantTechniques: []
id: 0e76e420-fa55-4718-adc6-40a1a76411af
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Veeam/Analytic Rules/Veeam_One_VM_with_no_backup.yaml
requiredDataConnectors:
- dataTypes:
  - VeeamOneTriggeredAlarms_CL
  connectorId: VeeamCustomTablesDataConnector
eventGroupingSettings:
  aggregationKind: AlertPerResult
version: 1.0.1
severity: High
triggerThreshold: 0
queryPeriod: 5m
queryFrequency: 5m
status: Available
query: VeeamOneTriggeredAlarms_CL | where PredefinedAlarmId == 314
tactics: []
kind: Scheduled
description: Detects Veeam ONE VMs with no backup.
triggerOperator: gt

ARM