MR IT Surgeon

Maximizing Backup Security:  Veeam-Wazuh Integration Syslog I previously wrote a blog post on custom Integration for Wazuh & Veeam. This allowed any rules that were triggered or matched in Wazuh from multiple sources , to initiate a call to Veeam via the incident API this would initiate a Quick backup to preserve data in a on-going attack & would flag any existing backup images within the time frame as Infected or containing malicious code. Link here :  http://www.mritsurgeon.co.za/2024/01/orchestrating-cybersecurity-resilience.html  In this post here i take it a little bit further and we look at integrating Veeam events via Syslog into Wazuh. In Veeam V12.1 Veeam added syslog integration for SIEM , so that Security professionals or anyone monitoring a SOC can see events around the backup infrastructure. Why is this important: Malicious actors generally target backup infrastructure to ensure organizations have no ability to recover post the rest of their exploit / ki

Integrating Veeam Backup & Replication with Sleuthkit Autopsy ( Part 1 ) In today's digital age, data security and forensic analysis play a crucial role in investigating incidents and ensuring the integrity of digital assets. As organizations increasingly rely on backup solutions like Veeam Backup & Replication for data protection, the need for seamless integration with forensic analysis tools becomes paramount.

  Orchestrating Cybersecurity Resilience: Veeam-Wazuh Custom Integration In the ever-evolving landscape of cybersecurity, organizations face the ongoing challenge of bolstering their defenses against various threats. One crucial aspect of this defense strategy involves the integration of security tools that can work seamlessly to detect and respond to potential risks. In this blog post, we will delve into the fusion of two powerful tools: Wazuh, an open-source security information and event management (SIEM) tool, and Veeam, specifically exploring the recent addition of the Incident API in the V12.1 release.

 Zero to hero YARA rules In this follow-up to a previous blog I wrote on exploration of threat hunting with Veeam & YARA , in this blog I want to go into detail on how to create, maintain & test YARA rules. Checkout my previous post here: Threat Hunting with Veeam : Leveraging Yara for Incident Response (mritsurgeon.co.za)

Threat Hunting with Veeam : Leveraging Yara for Incident Response  Introduction : In Veeam version 12.1, a significant addition to its feature set is the enhanced security functionality. Among the standout tools for incident response, Veeam introduced Inline Scanning with Entropy analysis and integrated Yara for post-backup examination. This article delves into the power of Yara and demonstrates how it can be a vital asset in the arsenal of cybersecurity teams. Understanding Yara: Yara is a versatile and indispensable tool in the field of malware analysis. It is a staple in most cybersecurity professionals' toolboxes. YARA rules are customizable patterns used for identifying specific malware, targeted attacks, and security threats tailored to your unique environment.