MR IT Surgeon

Maximizing Backup Security:  Veeam-Wazuh Integration Syslog I previously wrote a blog post on custom Integration for Wazuh & Veeam. This allowed any rules that were triggered or matched in Wazuh from multiple sources , to initiate a call to Veeam via the incident API this would initiate a Quick backup to preserve data in a on-going attack & would flag any existing backup images within the time frame as Infected or containing malicious code. Link here :  http://www.mritsurgeon.co.za/2024/01/orchestrating-cybersecurity-resilience.html  In this post here i take it a little bit further and we look at integrating Veeam events via Syslog into Wazuh. In Veeam V12.1 Veeam added syslog integration for SIEM , so that Security professionals or anyone monitoring a SOC can see events around the backup infrastructure. Why is this important: Malicious actors generally target backup infrastructure to ensure organizations have no ability to recover post the rest of their exploit / ki

  Orchestrating Cybersecurity Resilience: Veeam-Wazuh Custom Integration In the ever-evolving landscape of cybersecurity, organizations face the ongoing challenge of bolstering their defenses against various threats. One crucial aspect of this defense strategy involves the integration of security tools that can work seamlessly to detect and respond to potential risks. In this blog post, we will delve into the fusion of two powerful tools: Wazuh, an open-source security information and event management (SIEM) tool, and Veeam, specifically exploring the recent addition of the Incident API in the V12.1 release.

Threat Hunting with Veeam : Leveraging Yara for Incident Response  Introduction : In Veeam version 12.1, a significant addition to its feature set is the enhanced security functionality. Among the standout tools for incident response, Veeam introduced Inline Scanning with Entropy analysis and integrated Yara for post-backup examination. This article delves into the power of Yara and demonstrates how it can be a vital asset in the arsenal of cybersecurity teams. Understanding Yara: Yara is a versatile and indispensable tool in the field of malware analysis. It is a staple in most cybersecurity professionals' toolboxes. YARA rules are customizable patterns used for identifying specific malware, targeted attacks, and security threats tailored to your unique environment.