VeeamSecurityComplianceAnalyzer_CL
| where Status != "OK"
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Veeam/Analytic Rules/Best_Practice_Compliance_Check_Not_Passed.yaml
triggerThreshold: 0
severity: Medium
queryFrequency: 5m
eventGroupingSettings:
aggregationKind: AlertPerResult
customDetails:
TenantId: TenantId
BestPracticeName: BestPractice
Note: Note
Status: Status
Id: Id
VbrHostName: VbrHostName
relevantTechniques: []
triggerOperator: gt
id: f920ac64-dfd0-4dea-9b7c-acecf1ea2b28
requiredDataConnectors:
- connectorId: VeeamCustomTablesDataConnector
dataTypes:
- VeeamSecurityComplianceAnalyzer_CL
version: 1.0.0
name: Best Practice Compliance Check Not Passed
tactics: []
description: Detects when a security best practice does not pass a compliance check in Veeam Security & Compliance Analyzer.
query: |-
VeeamSecurityComplianceAnalyzer_CL
| where Status != "OK"
status: Available
queryPeriod: 5m
kind: Scheduled
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspace": {
"type": "String"
}
},
"resources": [
{
"apiVersion": "2024-01-01-preview",
"id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/f920ac64-dfd0-4dea-9b7c-acecf1ea2b28')]",
"kind": "Scheduled",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/f920ac64-dfd0-4dea-9b7c-acecf1ea2b28')]",
"properties": {
"alertRuleTemplateName": "f920ac64-dfd0-4dea-9b7c-acecf1ea2b28",
"customDetails": {
"BestPracticeName": "BestPractice",
"Id": "Id",
"Note": "Note",
"Status": "Status",
"TenantId": "TenantId",
"VbrHostName": "VbrHostName"
},
"description": "Detects when a security best practice does not pass a compliance check in Veeam Security & Compliance Analyzer.",
"displayName": "Best Practice Compliance Check Not Passed",
"enabled": true,
"entityMappings": null,
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Veeam/Analytic Rules/Best_Practice_Compliance_Check_Not_Passed.yaml",
"query": "VeeamSecurityComplianceAnalyzer_CL\n| where Status != \"OK\"",
"queryFrequency": "PT5M",
"queryPeriod": "PT5M",
"severity": "Medium",
"status": "Available",
"subTechniques": [],
"suppressionDuration": "PT1H",
"suppressionEnabled": false,
"tactics": [],
"techniques": [],
"templateVersion": "1.0.0",
"triggerOperator": "GreaterThan",
"triggerThreshold": 0
},
"type": "Microsoft.OperationalInsights/workspaces/providers/alertRules"
}
]
}