Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
  1. Microsoft Sentinel Analytics Rules
  2. /
  3. Analytic Rules
  4. /
  5. Best Practice Compliance Check Not Passed

Best Practice Compliance Check Not Passed

Back
Idf920ac64-dfd0-4dea-9b7c-acecf1ea2b28
RulenameBest Practice Compliance Check Not Passed
DescriptionDetects when a security best practice does not pass a compliance check in Veeam Security & Compliance Analyzer.
SeverityMedium
Required data connectorsVeeamCustomTablesDataConnector
KindScheduled
Query frequency5m
Query period5m
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Veeam/Analytic Rules/Best_Practice_Compliance_Check_Not_Passed.yaml
Version1.0.1
Arm templatef920ac64-dfd0-4dea-9b7c-acecf1ea2b28.json
Deploy To Azure
VeeamSecurityComplianceAnalyzer_CL
| where Status != "OK"

relevantTechniques: []
name: Best Practice Compliance Check Not Passed
queryFrequency: 5m
version: 1.0.1
triggerThreshold: 0
severity: Medium
requiredDataConnectors:
- connectorId: VeeamCustomTablesDataConnector
  dataTypes:
  - VeeamSecurityComplianceAnalyzer_CL
tactics: []
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Veeam/Analytic Rules/Best_Practice_Compliance_Check_Not_Passed.yaml
query: |-
  VeeamSecurityComplianceAnalyzer_CL
  | where Status != "OK"  
kind: Scheduled
queryPeriod: 5m
triggerOperator: gt
customDetails:
  BestPracticeName: BestPractice
  Id: Id
  VbrHostName: VbrHostName
  TenantId: TenantId
  Note: Note
  Status: Status
eventGroupingSettings:
  aggregationKind: AlertPerResult
id: f920ac64-dfd0-4dea-9b7c-acecf1ea2b28
status: Available
description: Detects when a security best practice does not pass a compliance check in Veeam Security & Compliance Analyzer.