Acronis Cyber Protect Cloud

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Solutions Index

---

Attribute	Value
Publisher	Acronis International GmbH
Support Tier	Partner
Support Link	https://www.acronis.com/en/support
Categories	domains,verticals
Version	3.0.0
Author	Acronis - support@acronis.com
First Published	2025-10-28
Last Updated	2026-03-02
Solution Folder	Acronis Cyber Protect Cloud
Marketplace	Azure Marketplace · Popularity: ⚪ Very Low (0%)

The Acronis Cyber Protect Cloud solution for Microsoft Sentinel enables companies to ingest Acronis alerts, events, and activities into Microsoft Sentinel. The data is initially stored on a device on the company network using the Acronis agent as a writer. See Acronis SIEM Connector documentation here The integration includes custom Acronis detection rules and hunting queries to help companies proactively hunt for threats.

Contents

• Data Connectors
• Tables Used
• Content Items

Data Connectors

This solution does not include data connectors.

This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.

Tables Used

This solution queries 1 table(s) from its content items:

Table	Used By Content
CommonSecurityLog	Analytics, Hunting

Content Items

This solution includes 17 content item(s):

Content Type	Count
Hunting Queries	13
Analytic Rules	4

Analytic Rules

Name	Severity	Tactics	Tables Used
Acronis - Login from Abnormal IP - Low Occurrence	Medium	InitialAccess	CommonSecurityLog
Acronis - Multiple Endpoints Accessing Malicious URLs	Medium	Execution	CommonSecurityLog
Acronis - Multiple Endpoints Infected by Ransomware	High	Impact	CommonSecurityLog
Acronis - Multiple Inboxes with Malicious Content Detected	Medium	InitialAccess	CommonSecurityLog

Hunting Queries

Name	Tactics	Tables Used
Acronis - ASZ defence: Unauthorized operation is detected and blocked	-	CommonSecurityLog
Acronis - Agent failed updating more than twice in a day	-	CommonSecurityLog
Acronis - Agents offline for 2 days or more	DefenseEvasion	CommonSecurityLog
Acronis - Audit Log	-	CommonSecurityLog
Acronis - Cloud Connection Errors	-	CommonSecurityLog
Acronis - Endpoints Accessing Malicious URLs	Execution	CommonSecurityLog
Acronis - Endpoints Infected by Ransomware	Impact	CommonSecurityLog
Acronis - Endpoints with Backup issues	-	CommonSecurityLog
Acronis - Endpoints with EDR Incidents	-	CommonSecurityLog
Acronis - Endpoints with high failed login attempts	-	CommonSecurityLog
Acronis - Inboxes with Malicious Content	InitialAccess	CommonSecurityLog
Acronis - Login from Abnormal IP - Low Occurrence	InitialAccess	CommonSecurityLog
Acronis - Protection Service Errors	-	CommonSecurityLog

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.0	11-11-2025	Initial Solution Release. The publisherId has been Updated.

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Solutions Index