Veeam Backup & Replication integration
You can integrate Veeam Backup & Replication with Sophos Central so that it sends events to Sophos for analysis.
This page gives you an overview of the integration.
Veeam Backup & Replication product overview
Built on the principles of Data Security, Data Recovery and Data Freedom, Veeam Data Platform provides the confidence you need to take a stand against cyberattacks.
- Detect and identify cyberthreats.
- Respond and recover faster from ransomware.
- Secure and compliant protection for your data.
Sophos documents
Integrate Veeam Backup & Replication
What we ingest
We ingest the full syslog output of Veeam Backup & Replication syslog, before applying filtering and scoring defined in partnership with Veeam.
Sample alerts seen by Sophos:
GlobalMfaDisabled
RansomwareDetected
EncryptionPasswordChanged
Filtering
Platform filter
- We ALLOW any valid message which contains a Veeam event instanceId.
- We DROP specific instance Ids categorized as not security related. We categorize the Ids in partnership with Veeam.
Sample threat mappings
{"alertType": "RansomwareDetected", "threatId": "T1486", "threatName": "Data Encrypted for Impact"}
{"alertType": "EncryptionPasswordChanged", "threatId": "T1490", "threatName": "Inhibit System Recovery"}
{"alertType": "GlobalMfaDisabled", "threatId": "TA0005", "threatName": "Defense Evasion"}