VeeamSecurityComplianceAnalyzer_CL
| where Status != "OK"
kind: Scheduled
tactics: []
triggerThreshold: 0
triggerOperator: gt
version: 1.0.1
status: Available
queryFrequency: 5m
id: f920ac64-dfd0-4dea-9b7c-acecf1ea2b28
requiredDataConnectors:
- connectorId: VeeamCustomTablesDataConnector
dataTypes:
- VeeamSecurityComplianceAnalyzer_CL
name: Best Practice Compliance Check Not Passed
description: Detects when a security best practice does not pass a compliance check in Veeam Security & Compliance Analyzer.
customDetails:
TenantId: TenantId
Status: Status
Id: Id
BestPracticeName: BestPractice
Note: Note
VbrHostName: VbrHostName
relevantTechniques: []
query: |-
VeeamSecurityComplianceAnalyzer_CL
| where Status != "OK"
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Veeam/Analytic Rules/Best_Practice_Compliance_Check_Not_Passed.yaml
queryPeriod: 5m
severity: Medium
eventGroupingSettings:
aggregationKind: AlertPerResult
