Skip to content
Find out how we support MDR.

Veeam Backup & Replication integration

You can integrate Veeam Backup & Replication with Sophos Central so that it sends events to Sophos for analysis.

This page gives you an overview of the integration.

Veeam Backup & Replication product overview

Built on the principles of Data Security, Data Recovery and Data Freedom, Veeam Data Platform provides the confidence you need to take a stand against cyberattacks.

  • Detect and identify cyberthreats.
  • Respond and recover faster from ransomware.
  • Secure and compliant protection for your data.

Sophos documents

Integrate Veeam Backup & Replication

What we ingest

We ingest the full syslog output of Veeam Backup & Replication syslog, before applying filtering and scoring defined in partnership with Veeam.

Sample alerts seen by Sophos:

  • GlobalMfaDisabled
  • RansomwareDetected
  • EncryptionPasswordChanged

Filtering

Platform filter

  • We ALLOW any valid message which contains a Veeam event instanceId.
  • We DROP specific instance Ids categorized as not security related. We categorize the Ids in partnership with Veeam.

Sample threat mappings

{"alertType": "RansomwareDetected", "threatId": "T1486", "threatName": "Data Encrypted for Impact"}
{"alertType": "EncryptionPasswordChanged", "threatId": "T1490", "threatName": "Inhibit System Recovery"}
{"alertType": "GlobalMfaDisabled", "threatId": "TA0005", "threatName": "Defense Evasion"}

Vendor documentation

Syslog Monitoring