Veeam Data Connector (using Azure Functions)
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | VeeamCustomTablesDataConnector |
| Publisher | Veeam |
| Used in Solutions | Veeam |
| Collection Method | Azure Function |
| Connector Definition Files | Veeam_API_FunctionApp.json |
| Ingestion API | HTTP Data Collector API — Connector definition requires workspace key (SharedKey pattern) |
Veeam Data Connector allows you to ingest Veeam telemetry data from multiple custom tables into Microsoft Sentinel.
The connector supports integration with Veeam Backup & Replication, Veeam ONE and Coveware platforms to provide comprehensive monitoring and security analytics. The data is collected through Azure Functions and stored in custom Log Analytics tables with dedicated Data Collection Rules (DCR) and Data Collection Endpoints (DCE).
Custom Tables Included:
-
VeeamMalwareEvents_CL: Malware detection events from Veeam Backup & Replication
-
VeeamSecurityComplianceAnalyzer_CL: Security & Compliance Analyzer results collected from Veeam backup infrastructure components
-
VeeamAuthorizationEvents_CL: Authorization and authentication events
-
VeeamOneTriggeredAlarms_CL: Triggered alarms from Veeam ONE servers
-
VeeamCovewareFindings_CL: Security findings from Coveware solution
-
VeeamSessions_CL: Veeam sessions
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
VeeamAuthorizationEvents_CL |
? | ✓ | ? |
VeeamCovewareFindings_CL |
? | ✓ | ? |
VeeamMalwareEvents_CL |
? | ✓ | ? |
VeeamOneTriggeredAlarms_CL |
? | ✓ | ? |
VeeamSecurityComplianceAnalyzer_CL |
? | ✓ | ? |
VeeamSessions_CL |
? | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): read and write permissions on the workspace are required. - Keys (Workspace): read permissions to shared keys for the workspace are required. See the documentation to learn more about workspace keys.
Custom Permissions: - Microsoft.Web/sites permissions: Read and write permissions to Azure Functions to create a Function App is required. See the documentation to learn more about Azure Functions. - Veeam Infrastructure Access: Access to Veeam Backup & Replication REST API and Veeam ONE monitoring platform is required. This includes proper authentication credentials and network connectivity.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
NOTE: This connector uses Azure Functions to connect to Veeam APIs and pull data into Microsoft Sentinel custom tables. This may result in additional data ingestion costs. See the Azure Functions pricing page for details.
STEP 1 - Select the deployment option for Veeam Data Connector and associated Azure Functions
IMPORTANT: Before you deploy Veeam Data Connector, prepare Workspace Name (can be copied from the following). - Workspace Name:
WorkspaceNameNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.
2. Azure Resource Manager (ARM) Template
Use this method for automated deployment of the Veeam data connector using an ARM Template.
-
Click the Deploy to Azure button below.
2. Select the preferred Subscription, Resource Group and Location. 3. Enter the Microsoft Sentinel Workspace Name. 4. Click Review + Create, Create.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊