Surebackup integration with SIEM

Availability for the Always-On Enterprise

Surebackup integration with SIEM

Veeam Logoby nick.tan » Wed Jun 11, 2014 9:46 am

Is there anyway for surebackup to output a certain log/report to be sent to Security information and event management (SIEM) ?

I understand that there will be a SureBackup mail report, did anyone tried to integrate it with SIEM before?
nick.tan
Influencer
 
Posts: 15
Liked: never
Joined: Mon Apr 22, 2013 9:17 am
Full Name: Nick Tan

[MERGED] Veeam to SIEM

Veeam Logoby BrentBPPI » Tue Jul 25, 2017 5:14 pm

Does anyone have Veeam going to their SIEM? If so are you using the API, Events on the servers, or UDLA?
BrentBPPI
Novice
 
Posts: 9
Liked: never
Joined: Thu Feb 02, 2017 4:11 pm
Full Name: Brent Barnett

Re: Surebackup integration with SIEM

Veeam Logoby Vitaliy S. » Mon Aug 21, 2017 11:43 am

As far as I know, usually Windows Event log is used to post events to SIEM about backup activity. We have events for almost all actions, cases, so this should be a good start.
Vitaliy S.
Veeam Software
 
Posts: 21180
Liked: 1260 times
Joined: Mon Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov

Re: Surebackup integration with SIEM

Veeam Logoby theta12 » Mon Apr 16, 2018 9:44 pm

Sorry to drag this back up, but I was just asked about this feature myself due to audit requirements, but not with Sure Backups. We actually want to get the logs shipped off to our SIEM when a RESTORE event happens. I can see in the Windows event logs that event id 210 is registered showing that a restore session has been initiated, but this does not included the details that the history logs show in enterprise manager. I know that I can create an email to be sent when restores occur, but my manager wants this to be sent to the SIEM via event logs so it can be searched and recorded. I don't see any WIndows event logs that show this kind of detail (or I'm just missing it). Does this event live somewhere other than the EM application event logs?
theta12
Influencer
 
Posts: 14
Liked: never
Joined: Wed May 24, 2017 1:37 pm

Re: Surebackup integration with SIEM

Veeam Logoby Vitaliy S. » Tue Apr 17, 2018 11:18 am

All our events are tracked via Windows Event log. Here is the documented list of what you can expect there. On top of that, while I understand that it is not what you're searching for, but if you have Veeam ONE deployed, then this report might provide a bit more info on the restore operator activity.
Vitaliy S.
Veeam Software
 
Posts: 21180
Liked: 1260 times
Joined: Mon Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov

Re: Surebackup integration with SIEM

Veeam Logoby theta12 » Mon Apr 23, 2018 2:55 pm

Yes, we're going to have to use the report from Veeam One and have it emailed monthly to our Security Team. It just really would have been much easier to have the details of the restores in the event logs as these automatically get sent to the SIEM. Could we ask for a feature request to get the additional restore details added to the Windows event logs? Basically, the who, what, when, where details of the report?
theta12
Influencer
 
Posts: 14
Liked: never
Joined: Wed May 24, 2017 1:37 pm

Re: Surebackup integration with SIEM

Veeam Logoby Vitaliy S. » Mon Apr 23, 2018 4:40 pm

Sure, you've have just made this request via your post. Thanks!
Vitaliy S.
Veeam Software
 
Posts: 21180
Liked: 1260 times
Joined: Mon Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov

Re: Surebackup integration with SIEM

Veeam Logoby Dima P. » Mon Apr 23, 2018 5:59 pm

theta12,

Quick googling shows that SIEM might support SNMP traps. If that true your can configure SureBackup job to send SNMP trap and catch it from SIEM side.
Dima P.
Veeam Software
 
Posts: 7956
Liked: 570 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: Prague
Full Name: Dmitry Popov


Return to Veeam Backup & Replication



Who is online

Users browsing this forum: Bing [Bot] and 32 guests