Best Practice Compliance Check Not Passed

Back


Id	f920ac64-dfd0-4dea-9b7c-acecf1ea2b28
Rulename	Best Practice Compliance Check Not Passed
Description	Detects when a security best practice does not pass a compliance check in Veeam Security & Compliance Analyzer.
Severity	Medium
Required data connectors	VeeamCustomTablesDataConnector
Kind	Scheduled
Query frequency	5m
Query period	5m
Trigger threshold	0
Trigger operator	gt
Source Uri	https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Veeam/Analytic Rules/Best_Practice_Compliance_Check_Not_Passed.yaml
Version	1.0.1
Arm template	f920ac64-dfd0-4dea-9b7c-acecf1ea2b28.json

KQL

VeeamSecurityComplianceAnalyzer_CL
| where Status != "OK"

YAML

customDetails:
  Note: Note
  VbrHostName: VbrHostName
  TenantId: TenantId
  BestPracticeName: BestPractice
  Id: Id
  Status: Status
name: Best Practice Compliance Check Not Passed
relevantTechniques: []
id: f920ac64-dfd0-4dea-9b7c-acecf1ea2b28
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Veeam/Analytic Rules/Best_Practice_Compliance_Check_Not_Passed.yaml
requiredDataConnectors:
- dataTypes:
  - VeeamSecurityComplianceAnalyzer_CL
  connectorId: VeeamCustomTablesDataConnector
eventGroupingSettings:
  aggregationKind: AlertPerResult
version: 1.0.1
severity: Medium
triggerThreshold: 0
queryPeriod: 5m
queryFrequency: 5m
status: Available
query: |-
  VeeamSecurityComplianceAnalyzer_CL
  | where Status != "OK"  
tactics: []
kind: Scheduled
description: Detects when a security best practice does not pass a compliance check in Veeam Security & Compliance Analyzer.
triggerOperator: gt

ARM