NetBackup - Microsoft Sentinel Integration

Solution: Veritas NetBackup

Veritas NetBackup Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Solutions Index

Attribute Value
Publisher Veritas Technologies LLC
Support Tier Partner
Support Link https://www.veritas.com/content/support/en_US/contact-us
Categories domains
Version 3.0.1
Author Microsoft - support@microsoft.com
First Published 2023-09-25
Solution Folder Veritas NetBackup
Marketplace Azure Marketplace · Popularity: 🔵 Medium (61%)

The Veritas solution for Microsoft Sentinel allows you to analyze NetBackup audit events. The solution uses analytics rules to automatically generate incidents when an abnormal user activity is detected in NetBackup.

Contents

Data Connectors

This solution does not include data connectors.

This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.

Tables Used

This solution queries 1 table(s) from its content items:

Table Used By Content
NetBackupAlerts_CL Analytics

Content Items

This solution includes 2 content item(s):

Content Type Count
Analytic Rules 2

Analytic Rules

Name Severity Tactics Tables Used
Alarming number of anomalies generated in NetBackup Medium Discovery, CredentialAccess NetBackupAlerts_CL
Multiple failed attempts of NetBackup login Medium CredentialAccess, Discovery NetBackupAlerts_CL

Additional Documentation

📄 Source: Veritas NetBackup/README.md

Veritas NetBackup and Microsoft Sentinel Integration Guide

The integration between Veritas NetBackup and Microsoft Sentinel empowers security operations teams by providing valuable insights from Veritas NetBackup Anomaly Detection and Malware Scanning engines directly into Microsoft Sentinel.
These insights provide the following advantages to Security and IT ops:

Veritas NetBackup has developed a first-class, in-product integration with Microsoft Sentinel. Security insights will be pushed via NetBackup APIs directly into the Microsoft Sentinel workspace, eliminating any dependency on playbooks or the need to develop data connectors separately. The threat hunting queries with enrich anomaly events from NetBackup helps during Ransomware analysis and helps incident prioritization when security administrators deal with several thousand security events.

Prerequisites

Veritas NetBackup should be configured to send appropriate events to Microsoft Sentinel and must be running version 10.2 or higher.

Microsoft Sentinel and NetBackup should be configured to connect to API end points using an account with the relevant privileges necessary to perform the desired operations.

A workspace key and ID are required for NetBackup to connect to Sentinel. These are generated in Sentinel via its SIEM WebUI/API interface and stored and used by the NetBackup primary server.

How NetBackup Sends Events to Microsoft Sentinel

Veritas NetBackup sends events to SIEM platforms using Microsoft Sentinel as an example. A workspace key and ID are required for NetBackup to connect to Sentinel. These are generated in Microsoft Sentinel via its SIEM WebUI/API interface and stored and used by the NetBackup primary server. Once NetBackup connect to Microsoft Sentinel, NetBackup audits its own logs for the type(s) of alerts you ve configured for forwarding to Microsoft Sentinel. The selected alerts are then sent to Microsoft Sentinel as audit alert broadcast messages. Ref Figure 1

Connecting Veritas NetBackup to Microsoft Sentinel

[Content truncated...]

Release Notes

Version Date Modified (DD-MM-YYYY) Change History
3.0.0 13-11-2024 Initial version

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Solutions Index