Availability for the Always-On Enterprise
Post Reply
nick.tan
Influencer
Posts: 15
Liked: never
Joined: Apr 22, 2013 9:17 am
Full Name: Nick Tan
Contact:

Surebackup integration with SIEM

Post by nick.tan » Jun 11, 2014 9:46 am

Is there anyway for surebackup to output a certain log/report to be sent to Security information and event management (SIEM) ?

I understand that there will be a SureBackup mail report, did anyone tried to integrate it with SIEM before?

BrentBPPI
Service Provider
Posts: 9
Liked: never
Joined: Feb 02, 2017 4:11 pm
Full Name: Brent Barnett
Contact:

[MERGED] Veeam to SIEM

Post by BrentBPPI » Jul 25, 2017 5:14 pm

Does anyone have Veeam going to their SIEM? If so are you using the API, Events on the servers, or UDLA?

Vitaliy S.
Veeam Software
Posts: 21431
Liked: 1274 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Surebackup integration with SIEM

Post by Vitaliy S. » Aug 21, 2017 11:43 am

As far as I know, usually Windows Event log is used to post events to SIEM about backup activity. We have events for almost all actions, cases, so this should be a good start.

theta12
Influencer
Posts: 14
Liked: never
Joined: May 24, 2017 1:37 pm
Contact:

Re: Surebackup integration with SIEM

Post by theta12 » Apr 16, 2018 9:44 pm

Sorry to drag this back up, but I was just asked about this feature myself due to audit requirements, but not with Sure Backups. We actually want to get the logs shipped off to our SIEM when a RESTORE event happens. I can see in the Windows event logs that event id 210 is registered showing that a restore session has been initiated, but this does not included the details that the history logs show in enterprise manager. I know that I can create an email to be sent when restores occur, but my manager wants this to be sent to the SIEM via event logs so it can be searched and recorded. I don't see any WIndows event logs that show this kind of detail (or I'm just missing it). Does this event live somewhere other than the EM application event logs?

Vitaliy S.
Veeam Software
Posts: 21431
Liked: 1274 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Surebackup integration with SIEM

Post by Vitaliy S. » Apr 17, 2018 11:18 am

All our events are tracked via Windows Event log. Here is the documented list of what you can expect there. On top of that, while I understand that it is not what you're searching for, but if you have Veeam ONE deployed, then this report might provide a bit more info on the restore operator activity.

theta12
Influencer
Posts: 14
Liked: never
Joined: May 24, 2017 1:37 pm
Contact:

Re: Surebackup integration with SIEM

Post by theta12 » Apr 23, 2018 2:55 pm

Yes, we're going to have to use the report from Veeam One and have it emailed monthly to our Security Team. It just really would have been much easier to have the details of the restores in the event logs as these automatically get sent to the SIEM. Could we ask for a feature request to get the additional restore details added to the Windows event logs? Basically, the who, what, when, where details of the report?

Vitaliy S.
Veeam Software
Posts: 21431
Liked: 1274 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Surebackup integration with SIEM

Post by Vitaliy S. » Apr 23, 2018 4:40 pm

Sure, you've have just made this request via your post. Thanks!

Dima P.
Veeam Software
Posts: 8426
Liked: 616 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Surebackup integration with SIEM

Post by Dima P. » Apr 23, 2018 5:59 pm

theta12,

Quick googling shows that SIEM might support SNMP traps. If that true your can configure SureBackup job to send SNMP trap and catch it from SIEM side.

Post Reply

Who is online

Users browsing this forum: apopkov, Bing [Bot], DonZoomik, foggy, jmpatrick and 63 guests