Incident Reference
Veeam App for Palo Alto Networks XSOAR supports the following incident types:
Incident Type | Source | Description | Severity |
|---|---|---|---|
Backup Copy Creation Time | Veeam ONE | Incident based on the Backup Copy RPO alarm. For more details, see Veeam Backup & Replication Alarms. | Critical |
Backup Server Security Status | Veeam ONE | Incident based on the Backup Server security & compliance state alarm. For more details, see Veeam Backup & Replication Alarms. | Medium |
Configuration Backup | Veeam Backup & Replication | Incident based on the date of the last successful Veeam Backup & Replication configuration backup. | Medium |
Enterprise Application Backup | Veeam ONE | Incident based on the Application with no recent data backup sessions alarm. For more details, see Veeam Backup & Replication Alarms. | Critical |
Immutability Change Tracking | Veeam ONE | Incident based on the Immutability change tracking alarm. For more details, see Veeam Backup & Replication Alarms. | Medium |
Immutability State | Veeam ONE | Incident based on the Immutability state alarm. For more details, see Veeam Backup & Replication Alarms. | Medium |
Incident Fetch Error | Veeam App for Palo Alto Networks XSOAR | Incident based on Veeam REST APIs availability. | Medium |
Incremental Backup Size | Veeam ONE | Incident based on the Suspicious incremental backup size alarm. For more details, see Veeam Backup & Replication Alarms. | Critical |
Job Disabling | Veeam ONE | Incident based on the Job disabled alarm. For more details, see Veeam Backup & Replication Alarms. | Medium |
Job Duration | Veeam ONE | Incident based on the Unusual job duration alarm. For more details, see Veeam Backup & Replication Alarms. | Medium |
Job Duration Deviation (Veeam Backup for Microsoft 365) | Veeam ONE | Incident based on the Unusual job duration (Veeam Backup for Microsoft 365) alarm. For more details, see Veeam Backup for Microsoft 365 Alarms. | Medium |
Malware Detection - Antivirus Scan | Veeam Backup & Replication | Incident based on the Veeam Backup & Replication malware event. For more details, see the Malware Activity Detected event in the Event Reference. | High or Critical |
Malware Detection - Deleted Files | Veeam Backup & Replication | Incident based on the Veeam Backup & Replication malware event. For more details, see the Malware Activity Detected event in the Event Reference. | High or Critical |
Malware Detection - Encrypted Files | Veeam Backup & Replication | Incident based on the Veeam Backup & Replication malware event. For more details, see the Malware Activity Detected event in the Event Reference. | High or Critical |
Malware Detection - Ransomware Notes | Veeam Backup & Replication | Incident based on the Veeam Backup & Replication malware event. For more details, see the Malware Activity Detected event in the Event Reference. | High or Critical |
Malware Detection - Renamed Files | Veeam Backup & Replication | Incident based on the Veeam Backup & Replication malware event. For more details, see the Malware Activity Detected event in the Event Reference. | High or Critical |
Malware Detection - Suspicious Files and Extensions | Veeam Backup & Replication | Incident based on the Veeam Backup & Replication malware event. For more details, see the Malware Activity Detected event in the Event Reference. | High or Critical |
Malware Detection - Unknown | Veeam Backup & Replication | Incident based on the Veeam Backup & Replication malware event. For more details, see the Malware Activity Detected event in the Event Reference. | High or Critical |
Malware Detection - Yara Scan | Veeam Backup & Replication | Incident based on the Veeam Backup & Replication malware event. For more details, see the Malware Activity Detected event in the Event Reference. | High or Critical |
Malware Detection Change Tracking | Veeam ONE | Incident based on the Veeam malware detection change tracking alarm. For more details, see Veeam Backup & Replication Alarms. | Critical |
Physical Machine Backup | Veeam ONE | Incident based on the Computer with no backup alarm. For more details, see Veeam Backup & Replication Alarms. | Critical |
Possible Malware Activity | Veeam ONE | Incident based on the Potential malware in backups alarm. For more details, see Veeam Backup & Replication Alarms. | Critical |
Repository Capacity | Veeam Backup & Replication | Incident based on the backup repository free space. | High |
Virtual Machine Backup | Veeam ONE | Incident based on the VM with no backups alarm. For more details, see VMware vSphere Alarms and Microsoft Hyper-V Alarms. | Critical |
Virtual Machine Replica | Veeam ONE | Incident based on the VM with no replica alarm. For more details, see VMware vSphere Alarms and Microsoft Hyper-V Alarms. | Critical |