MR IT Surgeon

Maximizing Backup Security:  Veeam-Wazuh Integration Syslog I previously wrote a blog post on custom Integration for Wazuh & Veeam. This allowed any rules that were triggered or matched in Wazuh from multiple sources , to initiate a call to Veeam via the incident API this would initiate a Quick backup to preserve data in a on-going attack & would flag any existing backup images within the time frame as Infected or containing malicious code. Link here :  http://www.mritsurgeon.co.za/2024/01/orchestrating-cybersecurity-resilience.html  In this post here i take it a little bit further and we look at integrating Veeam events via Syslog into Wazuh. In Veeam V12.1 Veeam added syslog integration for SIEM , so that Security professionals or anyone monitoring a SOC can see events around the backup infrastructure. Why is this important: Malicious actors generally target backup infrastructure to ensure organizations have no ability to recover post the rest of their exploit / ki

Integrating Veeam Backup & Replication with Sleuthkit Autopsy ( Part 1 ) In today's digital age, data security and forensic analysis play a crucial role in investigating incidents and ensuring the integrity of digital assets. As organizations increasingly rely on backup solutions like Veeam Backup & Replication for data protection, the need for seamless integration with forensic analysis tools becomes paramount.

  Orchestrating Cybersecurity Resilience: Veeam-Wazuh Custom Integration In the ever-evolving landscape of cybersecurity, organizations face the ongoing challenge of bolstering their defenses against various threats. One crucial aspect of this defense strategy involves the integration of security tools that can work seamlessly to detect and respond to potential risks. In this blog post, we will delve into the fusion of two powerful tools: Wazuh, an open-source security information and event management (SIEM) tool, and Veeam, specifically exploring the recent addition of the Incident API in the V12.1 release.

 Zero to hero YARA rules In this follow-up to a previous blog I wrote on exploration of threat hunting with Veeam & YARA , in this blog I want to go into detail on how to create, maintain & test YARA rules. Checkout my previous post here: Threat Hunting with Veeam : Leveraging Yara for Incident Response (mritsurgeon.co.za)

Continuous Resilience: High Availability through Automated Config Backup and Restore in Veeam V12.1 Introduction: In this post of Veeam Backup and Replication Version 12.1, we'll uncover the importance of Disaster Recovery (DR) and High Availability (HA) strategies, emphasizing the role of the configuration database. While Veeam's self-describing metadata facilitates individual backup recoveries, safeguarding the configuration database ensures seamless continuity of day-to-day operations in the face of primary server failures.

Threat Hunting with Veeam : Leveraging Yara for Incident Response  Introduction : In Veeam version 12.1, a significant addition to its feature set is the enhanced security functionality. Among the standout tools for incident response, Veeam introduced Inline Scanning with Entropy analysis and integrated Yara for post-backup examination. This article delves into the power of Yara and demonstrates how it can be a vital asset in the arsenal of cybersecurity teams. Understanding Yara: Yara is a versatile and indispensable tool in the field of malware analysis. It is a staple in most cybersecurity professionals' toolboxes. YARA rules are customizable patterns used for identifying specific malware, targeted attacks, and security threats tailored to your unique environment.

  Veeam API   with Python as PowerBi Data Source Power BI is a powerful business intelligence tool that allows users to visualize data and gain insights from it. While Power BI provides built-in data connectors to various sources, including SQL Server, Oracle, Excel, and others, it also supports using custom connectors to access data from various other sources.

  I setup a Veeam Agent for Linux on ChatGPT Think Everyone is Familiar with what Chat GPT is , I previously wrote a blog on how to use ChatGPT in your everyday as a Veeam Engineer. In doing so and continued experimenting with the platform I also realized you can get ChatGPT to emulate an operating system terminal, in this short post I will show you how I got it to emulate a Linux Server that had a Veeam Agent for Linux Pre installed.  

How ChatGPT can help you as a Veeam Backup Engineer 10 Tips If you haven’t heard of ChatGPT just yet this post will probably blow your mind , ChatGPT reached 1 Million subscribers in just 5 days this an massive achievement , there are some mixed views on ChatGPT function , but my personal opinion is if used correctly can help you accelerate and better your individual performance as an individual , you can learn from its answers & use the AI large data set to advance your understanding on technology or a specific topic. https://openai.com/blog/chatgpt/ 

Veeam Kasten on Rancher K3s running on WSL 2 ,  first App : Guide Intro   I wanted to run a small lab environment on my laptop , i would normally do this contained in a VM on hyper V or Vmware Workstation. Since we can Install Windows Subsystem Linux , i decided why not just use WSL to achieve the same. What I’ve done is install windows subsystem Linux on windows & then Install K3s then install Kasten’s , then install a application called sock shop from Weave Works Here are the steps , from WSL install to Application install  **NOTE  For WSL i recommend creating a config to limit its usage or you will see VMMEM process use most of your system resources.  See the tail end of this post for config example i used. WSL: In PowerShell as administrator run the following : Enable- WindowsOptionalF eature -Online -FeatureName Microsoft-Windows-Subsystem-Linux wsl -- list -- online wsl --install -d ubuntu-20.04 You will then be prompted with WSL Ubuntu Terminal , fi