Creating Analytics Rules

To create an analytics rule from a template, perform the following steps:

1. Open the Analytics section:

• If you use Microsoft Sentinel in the Microsoft Defender portal, click Microsoft Sentinel > Configuration > Analytics in the portal menu.
• If you use Microsoft Sentinel in the Microsoft Azure portal, click Configuration > Analytics in the workspace menu.

2. On the Rule templates tab, select the template and click Create rule. For more information on rules supported by Veeam App for Microsoft Sentinel, see Analytics Rules Reference.
3. At the General step of the wizard, review default values for the name, description and severity, and update them if required.
4. At the Set rule logic step of the wizard, review default values for the query scheduling and alert threshold, and update them if required.
5. At the Incident settings step of the wizard, review default values for the incident creating and update them if required. If you want to automatically create an incident when a Veeam analytics rule triggers an alert, make sure that the Create incidents from alerts triggered by this analytics rule toggle is set to Enabled.

6. At the Automated response step of the wizard, you can create an automation rule to run a Veeam playbook on specific condition, for example, when this analytics rule triggers an incident. To do this, perform the following steps:

1. Click Add new.
2. Enter the name of the rule.
3. In the Actions field, select Run playbook from the drop-down list.
4. Select the playbook applicable to this analytics rule. For more information, see Playbook Reference.
5. Click Apply.

7. To complete the wizard and create the rule, click Review + create > Save.

Created rules will appear on the Active rules tab.