Merge pull request Azure#12911 from Veeam-Rnd-DataManagement/veeam-develop

Support Coveware API changes and fix dashboard drilldowns

Author: v-atulyadav

Solutions/Veeam/Analytic Rules/Adding_User_or_Group_Failed.yaml

@@ -17,15 +17,13 @@ triggerOperator: gt
 triggerThreshold: 0
 eventGroupingSettings:
   aggregationKind: AlertPerResult
-tactics:
-- DefenseEvasion
-relevantTechniques:
-- T1562
+tactics: []
+relevantTechniques: []
 query: "Veeam_GetSecurityEvents\n| where instanceId == 31210\n| project\n    Date\
   \ = format_datetime(TimeGenerated, 'dd.MM.yyyy HH:mm'),\n    DataSource = original_host,\n\
   \    EventId = instanceId,\n    UserName = user,\n    MessageDetails = Description,\n\
   \    Severity = SeverityDescription"
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
 customDetails:
   Date: Date

Solutions/Veeam/Analytic Rules/Application_Group_Deleted.yaml

@@ -17,16 +17,14 @@ triggerOperator: gt
 triggerThreshold: 0
 eventGroupingSettings:
   aggregationKind: AlertPerResult
-tactics:
-- Impact
-relevantTechniques:
-- T1485
+tactics: []
+relevantTechniques: []
 query: "Veeam_GetSecurityEvents\n| where instanceId == 30500\n| extend Name =  extract(\"\
   Name=\\\"([^\\\"]*)\\\"\", 1, SyslogMessage)\n| project\n    Date = format_datetime(TimeGenerated,\
   \ 'dd.MM.yyyy HH:mm'),\n    DataSource = original_host,\n    EventId = instanceId,\n\
   \    UserName = user,\n    [\"Application Group Name\"] = Name,\n    MessageDetails\
   \ = Description,\n    Severity = SeverityDescription"
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
 customDetails:
   Date: Date

Solutions/Veeam/Analytic Rules/Application_Group_Settings_Updated.yaml

@@ -17,16 +17,14 @@ triggerOperator: gt
 triggerThreshold: 0
 eventGroupingSettings:
   aggregationKind: AlertPerResult
-tactics:
-- DefenseEvasion
-relevantTechniques:
-- T1562.001
+tactics: []
+relevantTechniques: []
 query: "Veeam_GetSecurityEvents\n| where instanceId == 30400\n| extend Name =  extract(\"\
   Name=\\\"([^\\\"]*)\\\"\", 1, SyslogMessage)\n| project\n    Date = format_datetime(TimeGenerated,\
   \ 'dd.MM.yyyy HH:mm'),\n    DataSource = original_host,\n    EventId = instanceId,\n\
   \    UserName = user,\n    [\"Application Group Name\"] = Name,\n    MessageDetails\
   \ = Description,\n    Severity = SeverityDescription"
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
 customDetails:
   Date: Date

Solutions/Veeam/Analytic Rules/Archive_Repository_Deleted.yaml

@@ -17,16 +17,14 @@ triggerOperator: gt
 triggerThreshold: 0
 eventGroupingSettings:
   aggregationKind: AlertPerResult
-tactics:
-- Impact
-relevantTechniques:
-- T1485
+tactics: []
+relevantTechniques: []
 query: "Veeam_GetSecurityEvents\n| where instanceId == 29900\n| extend Name = extract(\"\
   Name=\\\"([^\\\"]*)\\\"\", 1, SyslogMessage)\n| project\n    Date = format_datetime(TimeGenerated,\
   \ 'dd.MM.yyyy HH:mm'),\n    DataSource = original_host,\n    EventId = instanceId,\n\
   \    [\"User Name\"] = user,\n    [\"Object Name\"] = Name,\n    MessageDetails\
   \ = Description,\n   Severity = SeverityDescription"
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
 customDetails:
   Date: Date

Solutions/Veeam/Analytic Rules/Archive_Repository_Settings_Updated.yaml

@@ -17,16 +17,14 @@ triggerOperator: gt
 triggerThreshold: 0
 eventGroupingSettings:
   aggregationKind: AlertPerResult
-tactics:
-- DefenseEvasion
-relevantTechniques:
-- T1562.001
+tactics: []
+relevantTechniques: []
 query: "Veeam_GetSecurityEvents\n| where instanceId == 29800\n| extend Name =  extract(\"\
   Name=\\\"([^\\\"]*)\\\"\", 1, SyslogMessage)\n| project\n    Date = format_datetime(TimeGenerated,\
   \ 'dd.MM.yyyy HH:mm'),\n    DataSource = original_host,\n    EventId = instanceId,\n\
   \    UserName = user,\n    [\"Object Name\"] = Name,\n   MessageDetails = Description,\n\
   \   Severity = SeverityDescription"
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
 customDetails:
   Date: Date

Solutions/Veeam/Analytic Rules/Attempt_to_Delete_Backup_Failed.yaml

@@ -17,18 +17,14 @@ triggerOperator: gt
 triggerThreshold: 0
 eventGroupingSettings:
   aggregationKind: AlertPerResult
-tactics:
-- DefenseEvasion
-- Impact
-relevantTechniques:
-- T1562
-- T1490
+tactics: []
+relevantTechniques: []
 query: "Veeam_GetSecurityEvents\n| where instanceId == 41800\n| extend Endpoint =\
   \ extract(\"param2=\\\"([^\\\"]*)\\\"\", 1, SyslogMessage)\n| project\n    Date\
   \ = format_datetime(TimeGenerated, 'dd.MM.yyyy HH:mm'),\n    DataSource = original_host,\n\
   \    EventId = instanceId,\n    [\"User Name\"] = user,\n    [\"Endpoint\"] = Endpoint,\n\
   \    MessageDetails = Description,\n   Severity = SeverityDescription"
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
 customDetails:
   Date: Date

Solutions/Veeam/Analytic Rules/Attempt_to_Update_Security_Object_Failed.yaml

@@ -18,16 +18,14 @@ triggerOperator: gt
 triggerThreshold: 0
 eventGroupingSettings:
   aggregationKind: AlertPerResult
-tactics:
-- DefenseEvasion
-relevantTechniques:
-- T1562
+tactics: []
+relevantTechniques: []
 query: "Veeam_GetSecurityEvents\n| where instanceId == 41810\n| extend Endpoint =\
   \ extract(\"param2=\\\"([^\\\"]*)\\\"\", 1, SyslogMessage)\n| project\n    Date\
   \ = format_datetime(TimeGenerated, 'dd.MM.yyyy HH:mm'),\n    DataSource = original_host,\n\
   \    EventId = instanceId,\n    [\"User Name\"] = user,\n    [\"Endpoint\"] = Endpoint,\n\
   \    MessageDetails = Description,\n   Severity = SeverityDescription"
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
 customDetails:
   Date: Date

Solutions/Veeam/Analytic Rules/Backup_Proxy_Deleted.yaml

@@ -17,16 +17,13 @@ triggerOperator: gt
 triggerThreshold: 0
 eventGroupingSettings:
   aggregationKind: AlertPerResult
-tactics:
-- Impact
-relevantTechniques:
-- T1485
-- T1490
+tactics: []
+relevantTechniques: []
 query: "Veeam_GetSecurityEvents\n| where instanceId == 27900\n| project\n    Date\
   \ = format_datetime(TimeGenerated, 'dd.MM.yyyy HH:mm'),\n    DataSource = original_host,\n\
   \    EventId = instanceId,\n    [\"User Name\"] = user,\n  MessageDetails = Description,\n\
   \   Severity = SeverityDescription"
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
 customDetails:
   Date: Date

Solutions/Veeam/Analytic Rules/Backup_Repository_Deleted.yaml

@@ -17,17 +17,14 @@ triggerOperator: gt
 triggerThreshold: 0
 eventGroupingSettings:
   aggregationKind: AlertPerResult
-tactics:
-- Impact
-relevantTechniques:
-- T1485
-- T1490
+tactics: []
+relevantTechniques: []
 query: "Veeam_GetSecurityEvents\n| where instanceId == 28200\n| extend Name =  extract(\"\
   Name=\\\"(?<Name>[^\\\"]*)\\\"\", 1, SyslogMessage)\n| project\n    Date = format_datetime(TimeGenerated,\
   \ 'dd.MM.yyyy HH:mm'),\n    DataSource = original_host,\n    EventId = instanceId,\n\
   \    UserName = user,\n    [\"Object Name\"] = Name,\n    MessageDetails = Description,\n\
   \    Severity = SeverityDescription"
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
 customDetails:
   Date: Date

Solutions/Veeam/Analytic Rules/Backup_Repository_Settings_Updated.yaml

@@ -17,19 +17,15 @@ triggerOperator: gt
 triggerThreshold: 0
 eventGroupingSettings:
   aggregationKind: AlertPerResult
-tactics:
-- DefenseEvasion
-- Impact
-relevantTechniques:
-- T1562.001
-- T1490
+tactics: []
+relevantTechniques: []
 query: "Veeam_GetSecurityEvents\n| where instanceId == 28100\n| extend RepositoryName\
   \ =  extract(\"RepositoryName=\\\"(?<RepositoryName>[^\\\"]*)\\\"\", 1, SyslogMessage)\n\
   | project\n    Date = format_datetime(TimeGenerated, 'dd.MM.yyyy HH:mm'),\n    DataSource\
   \ = original_host,\n    EventId = instanceId,\n    [\"User Name\"] = user,\n   \
   \ [\"Object Name\"] = RepositoryName,\n    MessageDetails = Description,\n   Severity\
   \ = SeverityDescription"
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
 customDetails:
   Date: Date