MR IT Surgeon

Maximizing Backup Security:  Veeam-Wazuh Integration Syslog I previously wrote a blog post on custom Integration for Wazuh & Veeam. This allowed any rules that were triggered or matched in Wazuh from multiple sources , to initiate a call to Veeam via the incident API this would initiate a Quick backup to preserve data in a on-going attack & would flag any existing backup images within the time frame as Infected or containing malicious code. Link here :  http://www.mritsurgeon.co.za/2024/01/orchestrating-cybersecurity-resilience.html  In this post here i take it a little bit further and we look at integrating Veeam events via Syslog into Wazuh. In Veeam V12.1 Veeam added syslog integration for SIEM , so that Security professionals or anyone monitoring a SOC can see events around the backup infrastructure. Why is this important: Malicious actors generally target backup infrastructure to ensure organizations have no ability to recover post the rest of their exploit / ki

  Orchestrating Cybersecurity Resilience: Veeam-Wazuh Custom Integration In the ever-evolving landscape of cybersecurity, organizations face the ongoing challenge of bolstering their defenses against various threats. One crucial aspect of this defense strategy involves the integration of security tools that can work seamlessly to detect and respond to potential risks. In this blog post, we will delve into the fusion of two powerful tools: Wazuh, an open-source security information and event management (SIEM) tool, and Veeam, specifically exploring the recent addition of the Incident API in the V12.1 release.