Veeam App for Palo Alto Networks XSOAR 1.0
User Guide
Related documents
Search

Closing Incidents

You can close Veeam App for Palo Alto Networks XSOAR incidents manually or using Veeam playbooks.

Closing Incidents Manually

After you resolve the incident on the Veeam Backup & Replication or Veeam ONE integration instance, you need to close it in Veeam App for Palo Alto Networks XSOAR. To do this, perform the following steps:

  1. On the Incident Info tab, click Actions > Close incident.
  2. Select the close reason and specify close notes if required.
  3. Click Close Incident.

After you close the incident, it will disappear from the Veeam Backup & Replication Active Incidents or Veeam ONE Active Incidents widget.

Closing Incidents with Playbooks

For specific incidents, you can use Veeam playbooks:

Playbook Name

Applicable to

Description

Veeam - Start Configuration Backup

Configuration Backup incidents.

Starts configuration backup job for the Veeam Backup & Replication integration instance. When the job finishes with the Warning or Success state, the incident will be automatically closed.

Veeam - Start Instant VM Recovery Automatically

Incidents based on Veeam Backup & Replication malware events.

Starts the Instant Recovery session with automatic configuration. The playbook automatically gets the latest clean restore point and the name of the restored virtual machine, defines the folder and the ESXi host, and starts the Instant Recovery session. You can also enable the antivirus scan during the session.

If the playbook cannot automatically define the folder and the ESXi host, you can start the Instant Recovery session with manual configuration and specify the required parameters explicitly.

When the session finishes with the Warning or Success state, you need to finish the migration in the Veeam Backup & Replication console and close the incident manually.

Note: The playbook runs the veeam-vbr-get-inventory-objects command to get required inventory information from the Veeam Backup & Replication integration instance. This command contains custom parameters and cannot be run as a single command in the Cortex XSOAR command-line interface.

Veeam - Start Instant VM Recovery Manually

Incidents based on Veeam Backup & Replication malware events.

Starts the Instant Recovery session with manual configuration. The playbook automatically gets the latest clean restore point and the name of the restored virtual machine. To start the Instant Recovery session, you need to specify parameters required for the API request.

When the session finishes with the Warning or Success state, you need to finish the migration in the Veeam Backup & Replication console and close the incident manually.

Veeam - Resolve Triggered Alarms

Incidents based on Veeam ONE alarms.

Resolves Veeam ONE triggered alarms. The playbook automatically sets the alarm resolution type and closes the incident.

View all results across Veeam
Back to document search