What Changed
Major enhancement to the Veeam solution adding comprehensive security monitoring capabilities:
- 137+ New Detection Rules: Extensive coverage for backup infrastructure security events including malware detection, encryption changes, user management, and ransomware indicators
- Enhanced Data Connector: Updated function app with improved event filtering, processing capabilities, and Coveware integration for threat intelligence
- Simplified Analytics: Consolidated from multiple rules to single streamlined analytics rule
- Comprehensive Coverage: Added monitoring for VeeamONE, backup repositories, credentials management, and multi-factor authentication events
Detection Coverage Unlocked
The new detection rules provide security visibility across Veeam infrastructure:
- Backup Security: Repository deletions, encryption password changes, backup failures
- Access Control: User/group management, MFA events, credential record changes
- Threat Detection: Malware activity detection, ransomware indicators, suspicious backup patterns
- Infrastructure Changes: Host deletions, service provider updates, storage modifications
- Compliance Monitoring: License management, best practice compliance checks
Data Source Enhancement
Function app connector improvements enable:
- Enhanced event filtering for reduced noise
- Coveware security findings integration
- Better processing of VeeamONE alarm data
- Improved backup session monitoring
Affected Files
This large-scale update touched 531 files across multiple solution components. Key security-relevant changes include 137+ new YAML detection rules, enhanced C# function app code, updated sample data, and comprehensive solution packaging updates.