Add XSIAM part of Veeam App (#36447) (#36534)

* Add XSIAM part of Veeam App * Update Packs/Veeam/ReleaseNotes/1_0_1.md * Update Packs/Veeam/ReleaseNotes/1_0_1.md * Update Packs/Veeam/README.md * Update Packs/Veeam/README.md * Update Packs/Veeam/README.md * Update Packs/Veeam/README.md * Update Packs/Veeam/README.md * Update Packs/Veeam/README.md * Add fromVersion object to dashboards and reports. Add "defaultDataSource" object to pack_metadata.json * Remove all "creator_mail" objects from reports and dashboards * Add ignore validation for RN113, RN114 * Use absolute Image URLs for README.md --------- Co-authored-by: nikita-konoplin <nikita.konoplin@veeam.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
demisto · Sep 26, 2024 · 0457114 · 0457114
1 parent b1ffc95
commit 0457114
Show file tree

Hide file tree

Showing 17 changed files with 5,414 additions and 9 deletions.
diff --git a/Packs/Veeam/.pack-ignore b/Packs/Veeam/.pack-ignore
@@ -92,4 +92,7 @@ ignore=RM100
 ignore=GR103
 
 [file:classifier-Veeam_Backup_&_Replication_RESTAPI.json]
-ignore=GR103
+ignore=GR103
+
+[file:1_0_1.md]
+ignore=RN113,RN114
diff --git a/Packs/Veeam/README.md b/Packs/Veeam/README.md
@@ -1,8 +1,14 @@
-The Veeam App for Palo Alto Networks XSOAR allows Veeam Data Platform Advanced and Premium customers to combine the automation and orchestration features of Cortex XSOAR with a simple and powerful [Veeam Data Platform](https://www.veeam.com/products/veeam-data-platform.html) that goes beyond backup, providing businesses with reliable data protection, seamless recovery, and streamlined data management. Using the data received from Veeam Backup & Replication and Veeam ONE REST APIs the Veeam App creates custom incidents related to malware detection and the health state of the backup infrastructure components. These incidents can be managed through built-in Veeam Incident Dashboard and resolved manually or automatically with built-in Veeam playbooks.
+# Overview
+
+Secure backup is critical to your cyber resilience. [Veeam Data Platform](https://www.veeam.com/products/veeam-data-platform.html) provides comprehensive capabilities to extend the principles of Zero Trust to data backup and recovery including Proactive Threat Hunting, Immutability Everywhere, and Secure Access.
+
+<~XSOAR>
+Using the data received from Veeam Backup & Replication and Veeam ONE REST APIs, the app creates custom incidents related to malware detection and the health state of the backup infrastructure components. These incidents can be managed through the built-in Veeam Incident dashboard and resolved manually or automatically with built-in Veeam playbooks.
+
+The content pack includes:
 
-The pack includes:
 - Veeam Incident Dashboard: an overview of all API activities and incidents handled by the Veeam App
-- Leverage custom incident types and fields related to malware detection and health state of the backup infrastructure components
+- Leverage custom incident types and fields related to malware detection and the health state of the backup infrastructure components
 - Predefined incident classifiers and incoming mappers for incident types
 - Ingestion of the most important security alerts and detections:
   - Configuration Backup State
@@ -17,4 +23,37 @@ The pack includes:
 
 # Documentation
 
-[Veeam App for Palo Alto XSOAR User Guide](https://helpcenter.veeam.com/docs/security_plugins_xsoar/guide/)
+[Veeam Helpcenter User Guide](https://helpcenter.veeam.com/docs/security_plugins_xsoar/guide/)
+
+# Screenshots
+
+![The XSOAR Dashboard](https://raw.githubusercontent.com/demisto/content/master/Packs/Veeam/doc_files/Veeam_XSOAR_Dashboard.png)
+
+![Veeam - Start Instant VM Recovery Automatically](https://raw.githubusercontent.com/demisto/content/master/Packs/Veeam/doc_files/Veeam_XSOAR_Playbooks.png)
+</~XSOAR>
+<~XSIAM>
+This app allows Veeam Data Platform Advanced and Premium users to monitor various security activities in their Veeam backup infrastructure for:
+
+- Veeam Backup & Replication events.
+- Alarms triggered by Veeam ONE.
+
+The app gets information from the event forwarding capabilities via syslog servers integrated with Veeam Backup & Replication and Veeam ONE, parses the data and displays it on the Veeam Data Platform Monitoring dashboard. For events and alarms with Medium, High and Critical severity, the app generates alerts and displays them on the Veeam Security Activities dashboard.
+
+The content pack includes:
+
+- Built-in dashboards to monitor job statuses and security activities on a daily basis.
+- Built-in reports.
+- Multiple data source support.
+
+# Documentation
+
+[Veeam Helpcenter User Guide](https://helpcenter.veeam.com/docs/security_plugins_xsiam/guide/)
+
+The documentation also includes examples of correlation rules for Veeam security activities.
+
+# Screenshots
+
+![The Security Dachboard](https://raw.githubusercontent.com/demisto/content/master/Packs/Veeam/XSIAMDashboards/Veeam_Security_Activities_Dashboard_image.png)
+
+![The Moitoring Dachboard](https://raw.githubusercontent.com/demisto/content/master/Packs/Veeam/XSIAMDashboards/Veeam_Data_Platform_Monitoring_Dashboard_image.png)
+</~XSIAM>
diff --git a/Packs/Veeam/ReleaseNotes/1_0_1.md b/Packs/Veeam/ReleaseNotes/1_0_1.md
@@ -0,0 +1,22 @@
+#### XSIAM Dashboards
+
+##### New: Veeam Data Platform Monitoring
+Added the **'Veeam Data Platform Monitoring'** Cortex XSIAM dashboard for the Veeam App pack.
+##### New: Veeam Security Activities
+Added the **'Veeam Security Activities'** Cortex XSIAM dashboard for the Veeam App pack.
+
+#### XSIAM Reports
+##### New: All Veeam security events with Critical and High severity for the last 24h
+Added the **'All Veeam security events with Critical and High severity for the last 24h'** Cortex XSIAM report for the Veeam App pack.
+##### New: All Veeam malware detection events for the last 24h
+Added the **'All Veeam malware detection events for the last 24h'** Cortex XSIAM report for the Veeam App pack.
+##### New: All Veeam four-eyes authorization events for the last 24h
+Added the **'All Veeam four-eyes authorization events for the last 24h'** Cortex XSIAM report for the Veeam App pack.
+##### New: All Veeam finished jobs for the last 24h
+Added the **'All Veeam finished jobs for the last 24h'** Cortex XSIAM report for the Veeam App pack.
+##### New: All Veeam failed multi-factor authentication events for the last 24h
+Added the **'All Veeam failed multi-factor authentication events for the last 24h'** Cortex XSIAM report for the Veeam App pack.
+##### New: All Veeam security events for the last 7 days
+Added the **'All Veeam security events for the last 7 days'** Cortex XSIAM report for the Veeam App pack.
+##### New: All Veeam triggered alarms for the last 7 days
+Added the **'All Veeam triggered alarms for the last 7 days'** Cortex XSIAM report for the Veeam App pack.