Skip to main content

Posts

Showing posts from March, 2024

Maximizing Data Security: Veeam-Wazuh Integration via Syslog

Maximizing Backup Security:  Veeam-Wazuh Integration Syslog I previously wrote a blog post on custom Integration for Wazuh & Veeam. This allowed any rules that were triggered or matched in Wazuh from multiple sources , to initiate a call to Veeam via the incident API this would initiate a Quick backup to preserve data in a on-going attack & would flag any existing backup images within the time frame as Infected or containing malicious code. Link here :  http://www.mritsurgeon.co.za/2024/01/orchestrating-cybersecurity-resilience.html  In this post here i take it a little bit further and we look at integrating Veeam events via Syslog into Wazuh. In Veeam V12.1 Veeam added syslog integration for SIEM , so that Security professionals or anyone monitoring a SOC can see events around the backup infrastructure. Why is this important: Malicious actors generally target backup infrastructure to ensure organizations have no ability to recover post the rest of their exploit / ki