|
Veeam Backup & Replication Security Events |
Latest Veeam Backup & Replication security events by severity
level.
Hide Query Show Query #Vendor="veeam"
| #event.module="vbr"
| in(field=event.id, values=["41600","42220","25500","26100","28100","28970","29800","30100","30400","31500","31600","31700","31800","31900","40204","40400","40500","40600","42260","42270","42302","23090","23420","24080","28200","28500","28920","28950","28980","29120","29150","29900","30200","30500","32120","32200","41402","115","31210","31400","40201","40205","40206","41610","42230","42301","42401","42402","42404","42405","21224","26110","31200","36013","42210","42500","27000","24060","24030","24050","24070","24040","42290","23630","23631","23632","23633","24020","24114","24131","24140","24142","24143","24160","24170","25000","25210","25220","25400","25700","25800","26000","26600","26700","26800","26900","27200","27300","27500","27600","27900","28400","28800","28850","28940","29110","29140","30700","30800","31000","32100","32400","32800","40202","41200","41401","42280"])
| in(field=host.name, values=[?hostname])
| groupBy(Vendor.Severity)
| Pie Chart |
|
Four-Eyes Authorization Events by Operation |
Latest Veeam Backup & Replication four-eyes authorization
events by operation.
Hide Query Show Query #Vendor="veeam"
| #event.module="vbr"
| event.id="42402"
| in(field=host.name, values=[?hostname])
| Vendor.OperationId = *
| match(file="veeam/veeamdataplatform/operation_names_lookup.csv", column="Operation Id", field=Vendor.OperationId, strict=false)
| default(field=OperationName, value="Unknown Operation")
| timeChart(series=OperationName, span="1 day")
| Time Chart |
|
Veeam Backup & Replication Security Events by Name |
Statistics on Veeam Backup & Replication security events by
name. By default, data is displayed for the last 30 days.
Hide Query Show Query #Vendor="veeam"
| #event.module="vbr"
| in(field=event.id, values=["41600","42220","25500","26100","28100","28970","29800","30100","30400","31500","31600","31700","31800","31900","40204","40400","40500","40600","42260","42270","42302","23090","23420","24080","28200","28500","28920","28950","28980","29120","29150","29900","30200","30500","32120","32200","41402","115","31210","31400","40201","40205","40206","41610","42230","42301","42401","42402","42404","42405","21224","26110","31200","36013","42210","42500","27000","24060","24030","24050","24070","24040","42290","23630","23631","23632","23633","24020","24114","24131","24140","24142","24143","24160","24170","25000","25210","25220","25400","25700","25800","26000","26600","26700","26800","26900","27200","27300","27500","27600","27900","28400","28800","28850","28940","29110","29140","30700","30800","31000","32100","32400","32800","40202","41200","41401","42280"])
| in(field=host.name, values=[?hostname])
| match(file="veeam/veeamdataplatform/vbr_events_lookup.csv", column="Event Id", field=event.id)
| groupBy(field="Event Name")
| Pie Chart |
|
Daily Veeam Backup & Replication Security Events |
Daily statistics on Veeam Backup & Replication security events
over time.
Hide Query Show Query #Vendor="veeam"
| #event.module="vbr"
| in(field=event.id, values=["41600","42220","25500","26100","28100","28970","29800","30100","30400","31500","31600","31700","31800","31900","40204","40400","40500","40600","42260","42270","42302","23090","23420","24080","28200","28500","28920","28950","28980","29120","29150","29900","30200","30500","32120","32200","41402","115","31210","31400","40201","40205","40206","41610","42230","42301","42401","42402","42404","42405","21224","26110","31200","36013","42210","42500","27000","24060","24030","24050","24070","24040","42290","23630","23631","23632","23633","24020","24114","24131","24140","24142","24143","24160","24170","25000","25210","25220","25400","25700","25800","26000","26600","26700","26800","26900","27200","27300","27500","27600","27900","28400","28800","28850","28940","29110","29140","30700","30800","31000","32100","32400","32800","40202","41200","41401","42280"])
| in(field=host.name, values=[?hostname])
| match(file="veeam/veeamdataplatform/vbr_events_lookup.csv", column="Event Id", field=event.id)
| timeChart(series=Severity, span="1 day")
| Time Chart |
|
Latest Veeam ONE Alarms |
Latest Veeam ONE alarms over time.
Hide Query Show Query #Vendor="veeam"
| #event.module="veeamone"
| in(field=event.id, values=["395", "364", "369", "391", "365", "370", "314", "331", "376", "377", "403", "316", "342", "381", "315", "332", "344", "378"])
| in(field=host.name, values=[?vonehostname])
| rename(field="host.name", as="Data Source")
| rename(field=Vendor.Severity, as=Severity)
| rename(field=message, as="Message Details")
| rename(field=Vendor.alarm_name, as="Alarm Name")
| rename(field=Vendor.alarm_type, as="Alarm Type")
| rename(field=Vendor.status_old, as="Previous Status")
| rename(field=Vendor.status_new, as="Current Status")
| rename(field=Vendor.object_name, as="Object Name")
| rename(field=Vendor.object_path, as="Object Path")
| table([@timestamp, "Data Source", "Alarm Name", Severity, "Alarm Type", "Message Details", "Previous Status", "Current Status", "Object Name", "Object Path"])
| Table |
|
All Security Activities |
The total amount of security activities on Veeam Backup &
Replication and Veeam ONE servers. By default, data is displayed
for the last 7 days.
Hide Query Show Query #Vendor="veeam"
| in(field=event.id, values=["41600","42220","25500","26100","28100","28970","29800","30100","30400","31500","31600","31700","31800","31900","40204","40400","40500","40600","42260","42270","42302","23090","23420","24080","28200","28500","28920","28950","28980","29120","29150","29900","30200","30500","32120","32200","41402","115","31210","31400","40201","40205","40206","41610","42230","42301","42401","42402","42404","42405","21224","26110","31200","36013","42210","42500","27000","24060","24030","24050","24070","24040","42290","23630","23631","23632","23633","24020","24114","24131","24140","24142","24143","24160","24170","25000","25210","25220","25400","25700","25800","26000","26600","26700","26800","26900","27200","27300","27500","27600","27900","28400","28800","28850","28940","29110","29140","30700","30800","31000","32100","32400","32800","40202","41200","41401","42280","395", "364", "369", "391", "365", "370", "314", "331", "376", "377", "403", "316", "342", "381", "315", "332", "344","378"])
| in(field=host.name, values=[?hostname, ?vonehostname])
| count()
| Single Value |
|
Latest Veeam Backup & Replication Security Events |
Latest Veeam Backup & Replication security events over time.
Hide Query Show Query #Vendor="veeam"
| #event.module="vbr"
| in(field=event.id, values=["41600","42220","25500","26100","28100","28970","29800","30100","30400","31500","31600","31700","31800","31900","40204","40400","40500","40600","42260","42270","42302","23090","23420","24080","28200","28500","28920","28950","28980","29120","29150","29900","30200","30500","32120","32200","41402","115","31210","31400","40201","40205","40206","41610","42230","42301","42401","42402","42404","42405","21224","26110","31200","36013","42210","42500","27000","24060","24030","24050","24070","24040","42290","23630","23631","23632","23633","24020","24114","24131","24140","24142","24143","24160","24170","25000","25210","25220","25400","25700","25800","26000","26600","26700","26800","26900","27200","27300","27500","27600","27900","28400","28800","28850","28940","29110","29140","30700","30800","31000","32100","32400","32800","40202","41200","41401","42280"])
| in(field=host.name, values=[?hostname])
| match(file="veeam/veeamdataplatform/vbr_events_lookup.csv", column="Event Id", field=event.id)
| rename(field=message, as="Message Details")
| rename(field=host.name, as="Data Source")
| rename(field=Vendor.FullUserName, as=User)
| table([@timestamp, "Data Source", User, "Message Details", Severity])
| Table |
|
Daily Veeam ONE Alarms |
Daily statistics on Veeam ONE alarms over time.
Hide Query Show Query #Vendor="veeam"
| #event.module="veeamone"
| in(field=event.id, values=["395", "364", "369", "391", "365", "370", "314", "331", "376", "377", "403", "316", "342", "381", "315", "332", "344", "378"])
| in(field=host.name, values=[?vonehostname])
| timeChart(series=Vendor.Severity, span="1 day")
| Time Chart |
|
Marked as Infected |
Statistics on Veeam Backup & Replication objects marked as
Infected. By default, data is displayed for the last 30 days.
Hide Query Show Query #Vendor="veeam"
| #event.module="vbr"
| event.id="42220"
| in(field=host.name, values=[?hostname])
| count()
| Single Value |
|
Veeam ONE Alarms by Name |
Statistics on Veeam ONE alarms by name. By default, data is
displayed for the last 30 days.
Hide Query Show Query #Vendor="veeam"
| #event.module="veeamone"
| in(field=event.id, values=["395", "364", "369", "391", "365", "370", "314", "331", "376", "377", "403", "316", "342", "381", "315", "332", "344", "378"])
| in(field=host.name, values=[?vonehostname])
| groupBy(field=Vendor.alarm_name)
| Pie Chart |
|
Veeam ONE Alarms |
Latest Veeam ONE alarms by severity level.
Hide Query Show Query #Vendor="veeam"
| #event.module="veeamone"
| in(field=event.id, values=["395", "364", "369", "391", "365", "370", "314", "331", "376", "377", "403", "316", "342", "381", "315", "332", "344", "378"])
| in(field=host.name, values=[?vonehostname])
| groupBy(field=Vendor.Severity)
| Pie Chart |
|
Marked as Suspicious |
Statistics on Veeam Backup & Replication objects marked as
Suspicious. By default, data is displayed for the last 30 days.
Hide Query Show Query #Vendor="veeam"
| #event.module="vbr"
| event.id="41600"
| in(field=host.name, values=[?hostname])
| count()
| Single Value |
|
Four-Eyes Authorization Events |
Statistics on Veeam Backup & Replication four-eyes
authorization events. By default, data is displayed for the last
30 days.
Hide Query Show Query #Vendor="veeam"
| #event.module="vbr"
| event.id="42402"
| in(field=host.name, values=[?hostname])
| count()
| Single Value |
