customDetails:
BackupObjectId: MachineBackupObjectId
MachineDisplayName: MachineDisplayName
VbrHostName: VbrHostName
MachineUuid: MachineUuid
eventGroupingSettings:
aggregationKind: AlertPerResult
triggerOperator: gt
entityMappings:
- entityType: Host
fieldMappings:
- columnName: VbrHostName
identifier: HostName
triggerThreshold: 0
severity: Medium
query: VeeamMalwareEvents_CL
tactics: []
queryPeriod: 5m
version: 1.0.1
queryFrequency: 5m
description: Detects when restore points are marked as infected. This might indicate potential compromise of backup data.
status: Available
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Veeam/Analytic Rules/Malware_Event_Detected.yaml
name: Malware Event Detected
id: b42424a6-10f4-447b-92a0-55ac38f4a475
relevantTechniques: []
kind: Scheduled
requiredDataConnectors:
- dataTypes:
- VeeamMalwareEvents_CL
connectorId: VeeamCustomTablesDataConnector
