Feature Request- Generate alerts for restore point deletions, especially via Files Tab in B&R console

[Brad Schubring]

Regarding this thread and case 05942639
veeam-one-f28/vm-restore-point-deletion ... 85567.html

I was asked by my workplace to show if we could alert based on malicious/inappropriate administrator activity in the B&R console, specifically the deletion of restore points. I believe that when done through the means documented in the thread above, a 10050 event is generated, which is the same event ID for automatically removed restore points and makes it challenging to alert on. Further, deletion through the files tab do not generate events at all. This would be the ideal place to act as a malicious actor.

I understand that preventing the deletion or mitigating it via immutability is the solution. However, I would argue that knowing that the restore point was deleted is an important part of recovering. Immutability is not typically as lengthy of a time period as overall retention. This leaves a gap for backups to age out of immutability, but still be in retention if you don't realize that the deletion happened.

I'd like to suggest events centered around manual admin actions in the console could fill this gap. Alternatively, on each job run if there was an alert generated when part of the expected backup chain was missing could also draw attention to the action afterwards and allow quicker response.

I hope my explanation makes sense, please let me know your thoughts!

[HannesK]

Hello,
we agree with what you say and we have some ideas for improvement.

Question: would it help you, if only "backup administrators" can access the "files" section?

Best regards,
Hannes