Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
  1. Microsoft Sentinel Analytics Rules
  2. /
  3. Analytic Rules
  4. /
  5. Malware Event Detected

Malware Event Detected

Back
Idb42424a6-10f4-447b-92a0-55ac38f4a475
RulenameMalware Event Detected
DescriptionDetects when restore points are marked as infected. This might indicate potential compromise of backup data.
SeverityMedium
Required data connectorsVeeamCustomTablesDataConnector
KindScheduled
Query frequency5m
Query period5m
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Veeam/Analytic Rules/Malware_Event_Detected.yaml
Version1.0.1
Arm templateb42424a6-10f4-447b-92a0-55ac38f4a475.json
Deploy To Azure
VeeamMalwareEvents_CL

entityMappings:
- entityType: Host
  fieldMappings:
  - identifier: HostName
    columnName: VbrHostName
tactics: []
requiredDataConnectors:
- dataTypes:
  - VeeamMalwareEvents_CL
  connectorId: VeeamCustomTablesDataConnector
id: b42424a6-10f4-447b-92a0-55ac38f4a475
severity: Medium
status: Available
customDetails:
  VbrHostName: VbrHostName
  BackupObjectId: MachineBackupObjectId
  MachineDisplayName: MachineDisplayName
  MachineUuid: MachineUuid
query: VeeamMalwareEvents_CL
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Veeam/Analytic Rules/Malware_Event_Detected.yaml
kind: Scheduled
queryPeriod: 5m
version: 1.0.1
name: Malware Event Detected
queryFrequency: 5m
eventGroupingSettings:
  aggregationKind: AlertPerResult
relevantTechniques: []
description: Detects when restore points are marked as infected. This might indicate potential compromise of backup data.
triggerThreshold: 0
triggerOperator: gt