Transcript
All right, looks like we have just about everybody here. So welcome again to today's webinar, Detecting and Protecting Against Threats with Veeam Data Platform 12.3 and 12.2. My name is Nick Paolini. I am an engineer over at Veeam. And today we're really just going to be focusing on, you know, what's new with threats and, you know, malware detection, all that fun stuff. A bit of housekeeping. This will be recorded and will be available, you know, after the webinar is over today. We do have a Q&A section. So please, if you can, try to put all your questions, if you have any, in there so I can see them. It is just me today. I will do my best to answer any questions that do pop up. But I do apologize if I do miss any going around here. So let's go ahead and get started here. To start, it's important to recognize that data is the lifeblood of every business and presents increasingly complex challenges for organizations like yours to manage. As data grows year on year and sprawls across multiple clouds, countless endpoints, and locations, Veeam is tracking two emerging threats to data resilience. The first is vendor lock-in. To keep data resilient, you need the ability to move your data easily to new applications or platforms, especially as the industry tracks aggressive vendor price increases, sending budgets spiraling sometimes. The second is increasing volume and sophistication of ransomware, especially when you consider that 27% of organizations who paid a ransom at the end of the day still could not recover their data. So that's a pretty big number when you look at just, you know, the total amount of people who are getting targeted. And then, you know, even when you think you're doing everything right, you might not even get your data back. So, you know, like I said earlier, attacks are common. 75% of organizations suffered at least one ransomware attack, most of them reporting getting hit more than once. So these threat actors, they're using, you know, a larger number of attacks, techniques, processes, making those indicators of compromise a lot harder to identify, you know, when they do make it into your infrastructure. So, you know, at the end of the day, you do want to make sure you can see those indicators, be ready for them, and, you know, do everything you can to prepare yourself. So this brings us to, you know, what we are going to talk about today. We do have industry-leading threat detection over at Veeam, a lot of new cool stuff with our 12.3 release that came out, I believe it was December 3rd, just about a week ago. So we are going to focus on Recon Scanner from Coveware by Veeam. That is a really cool tool that we're going to dive into, do a little bit of demo with, a little bit of analytics, you know, and AI-powered insights, talk a little bit about the Veeam Incident API, and the Security and Compliance Analyzer that has been around for a little tool. And these are all going to be kind of great things to utilize for your pre-backup. And what I mean by this is you don't always want to wait to find something in one of your backups, because if you find it in your backup, that means it's already in your environment. You know, it may have already compromised something. You don't know what you don't know at the end of the day. So the sooner you can identify these threats, the safer and more protected you can be at the end of the day. During backup, we do have a new tool, the indicator of Compromise Scanner. We'll get into that shortly here. AI-powered inline entropy analysis, another cool feature that was introduced in 12.2. File system activity analysis, and then obviously immutability combined with single-use credentials. That's always a great way to protect your environment. The end of the day, if you have immutable backups, you know, there's always a fail-safe. That data cannot be changed. It's always there. And if you can verify it's clean, you're good to go if you do need to recover. And then when we talk about post-backup and recovery, we do have some new signature-based malware scanning tools. Yara rule scanning, which was introduced in 12.1. We can talk about that a little bit as well. Secure restore, which is another great way to kind of verify that you are restoring actual clean backups, not reintroducing malware into your environment after an attack or maybe just a normal standard recovery. And then orchestrated restore and clean room. We always have Veeam Orchestrator to, you know, almost fully automate that restore process. We're not going to get too much into that today, but it's just a great tool that we always like to mention. And then always there's the Veeam Threat Center, a nice big dashboard right when you log into Veeam One. We'll touch on that a little bit, but it's kind of a great way to get a good look at your environment just in one page there. So most of this will be a demo today. We do have a good bit of kind of integrations and things to cover. So I apologize if I'm not going super in-depth into, you know, every single checkbox and options menu in there, but I will do my best to just kind of show off, you know, what Veeam can integrate with, you know, some cool new features and what we can really do at the end of the day. So let me switch my screen over a little bit here. The first thing I do want to show you guys is going to be Coveware. There we go. That should have changed for everybody here. So just, I guess, a little bit of a preface, you know, what is Coveware? You know, where did it come from? What's it doing? Recon Scanner was built by a new division of Veeam called Coveware. They are a leading incident response firm specializing in cyber extortion cases. So, you know, with this tool, we can now help recover data with a focus on transparency, efficiency, and integrity a lot better than we could before. We're leveraging, you know, the world-class experts with Coveware, patent-pending technology, and extensive experience from just the thousands of cases that they've dealt with over the years. And initially, you know, Recon Scanner, this was just used as a tool to scan after an attack. And it was kind of used to identify, you know, what type of attack got in. How long was it there? What was it doing? But now we can kind of implement that as a proactive assessment approach. So before there's an attack, this way you could see all those early indicators and really get a feel for, you know, what's going on in your environment. So Recon Scanner, it is going to be a very small, lightweight agent that will be running on your Veeam server. So runs in just a couple minutes, gathers all of the information it needs. All that data is encrypted and shipped out to Coveware for analysis. And then you log into this nice little portal we here. You see here, you can see Coveware up top. And it's basically going to compile all of it, organize it, and show you everything that it gathered at the end of the day. So you could see this chart up top. I know it's a little bit messy sometimes with a couple different lines, but you can separate between, you know, critical high, medium, low, kind of whatever type of event you're looking for. But it is a great view because you can see I have a couple of dates where, you know, things are spiking. Where right here, I have 190, you know, medium events that happened. So that might be an indicator of maybe something happened that day or maybe there was a breach. And you can kind of see a couple of spikes going on in there. I do have a good amount of endpoints in our demo lab. But right down here, it'll kind of give you a general timeline. You can see all my scans from 11th, which was earlier today. Going back to the 10th, 9th, 8th, we have this set to basically scan once a day. And then it will separate everything from, you know, critical high, medium, low. So right from here, you know, usually first thing I'm going to be looking at is do I have any critical events in here? I see one right here on my ATLE server. Looks like that was today. I can click right on here on critical, and it's going to show me what it found. So right here, I can already see I have two malware detection events. And, you know, obviously, best case scenario is you find these right away. When, you know, Veeam finds something that it doesn't think it should be there, it's going to alert you right away. This is kind of an easier way to really scan your entire Veeam environment. If you do have multiple servers, multiple, you know, VBR deployments spreading across, you know, whatever it may be. This is going to show you everything that gets scanned. And right here, you know, it's going to show me all of the information, you know, what suspicious files it did find. And then I can even click into this to view it in a timeline. And it's going to show me basically what I was just looking at. But I do have a couple more filters over here. And this shows me, you know, all about the log files, what to look for. So I know, hey, I'm looking at the server. I'm going to look for this log file here, and then I'm going to go take care of whatever happened at the end of the day. And before I kind of dive into that, I know we were just looking at the scans tab up top. This is kind of just the kind of the broad strokes overview. The timeline in here, this is where it's really going to show you everything. You could see me scrolling down. It's just any suspicious event or anything, you know, that could be a potential problem here. I can go in on the left side and really kind of get really granular with what I want to look for. So if I'm looking for maybe a specific attack technique or a MITRE technique that I'm, you know, suspicious may have gotten into my environment. I can, you know, remove a couple that I'm not maybe not too concerned about. Check one, check them all, really kind of hammer that down. And then there's all these different types of events that you can filter through as well. And you can also just look for maybe a specific server that you want to want to scan. And all of these right here where it says, you know, none, low, medium, high, critical. These classifications align with the MITRE ATT&CK framework at the end of the day. That's where they came from. It's not just kind of a, you know, a random assessment of what could be bad, what could be worse. But it really does kind of help you filter these things down to narrow down your search. And the best part about this is really it's going to cut down on that dwell time. Just to expand, you know, dwell time. A lot of times if, you know, a bad actor or a threat actor were to gain access to your environment, maybe, you know, drop a file or a little script, something that shouldn't be there. That's not always activated right away. I mean, that could sit in your environment for maybe a couple of days, a couple of weeks, even a couple months. So being proactive about it is really the best approach because you want to catch anything in your environment that shouldn't be there before it has a chance to do any damage at the end of the day. So just to kind of chat about what else is in here, you can look at a summary report. All of these, I guess, filters here, you know, you can turn them on and off. So I know there are a good bit right here. So at a glance, hard to kind of pick out what's going on at each individual date, but a lot easier to narrow down if, you know, you're looking for maybe just VBR malware detection events, and that's all you want to see. It'll even split things up by what MITRE technique was, you know, suspected of being used. So if you're only looking at maybe remote services or SSH, you can filter everything else out and just look for those events as well. Same thing with hosts. You can narrow it down, look at a couple hosts, one host, all your hosts. And I like these charts with all of them because it does show, you know, these spikes where I have a couple right here. Looks like towards the end of October, that tells me I might have had something suspicious going on, you know, at the end of that month and gives me a lot better of an idea of, you know, where to look and kind of how to narrow down what's going on, especially if you even have a specific date of when a breach may have occurred. And at the bottom, it's just, you know, a nice little chart as well that kind of splits things up between hosts, what type of events were being used. So you can see, you know, here's my central host. There's a lot of browser activity events. Maybe something is going on there. Kind of a better way to see, you know, I guess if there is a predominant attack that is being used on maybe a specific server and really split things up for you. So that is Coveware Recon Scanner in a nutshell. Like I said, it is a really quick and easy to use tool. You could download the Recon Scanner, you know, right from here. But once it's installed and ran on your Veeam server, it will be sending all this data. You can go to the portal, you log in, and then you're going to have this great view of everything compiled for you in your own Coveware portal, essentially. So next thing I do want to talk about here is the Veeam Threat Hunter and, you know, some indicators of compromise. So let me bring my Veeam server up for you here. This is just a little demo server we have set up. It may look familiar to most of you, you know, who are familiar with Veeam here. But with our 12.3 release, we do have some pretty cool new features here. I want to start by, you know, going into our malware detection field here, which is newer with 12.1. You know, you can see I have a couple of restore points that are marked as infected. But if I go into my malware detection settings, those of you who are familiar with our, you know, previous Veeam releases, you may notice that this looks a little bit different here. I'll go through, I want to just kind of briefly touch on all these tabs here. Notifications, that's the same as it's always been. That hasn't changed. Same thing with the incident API. You can still, you know, trigger an ad hoc out-of-band backup if you do have that set up and Veeam receives an alert that something may have been compromised. But let's talk about file detection. So if you have guest file indexing enabled on your backups, this is going to analyze those files and basically give you another tool to look for threats, look for, you know, potential infected backups or indicators of compromise. So this file system activity analysis, this first checkbox, this is going to look for suspicious files or if maybe a block of files was deleted or renamed. And it does that by kind of taking a level set kind of snap of the first backup so it does have something to refer to. So maybe your next backup, there's a very large portion of files that have been deleted or renamed. It's going to flag that as suspicious and Veeam will let you know, hey, you should take a look at this. You can go in here and then, you know, you can add specific extensions, file extensions that you are looking for and you do want to scan for or maybe trusted ones that, you know, should be in your environment and things that you don't want false positives on at the end of the day. This indicators of compromise detection, this is going to be a new feature in 12.3. So this one is really cool. It is going to essentially detect the presence of tools that are commonly used to get into your environment, exfiltrate data, maybe encrypt data, whatever that may be. And if I click in here, this is going to show me all of the indicators that Veeam will be searching for. So any backup that you are running with guest file indexing on, Veeam will also run through and look for any of these here. And you can go through, you know, maybe there's some tools in here that are actually used in your environment for something else or something that you might just not even want to monitor for. You can go through, disable, enable any of these. This is all fully customizable. So it's not really an on-off switch. You can go through and really nail down what you want to look for specifically. I know there's not a whole lot to show with these because, I mean, at the end of the day, I'm showing you two little checkboxes here, but I do like to point that out because it is so easy just to enable these and have them run and scan your environment. And they are very powerful checkboxes at the end of the day. It doesn't require any advanced setup or configuration. You really just go into the settings and say, hey, I want to start looking for indicators of compromise. I'm going to check that box. I'll just leave all this on. Then you're all set. And you can have this updated automatically where Veeam will reach out. It's usually every couple hours, I believe, just to update all those definitions. And we also have everything posted where you can download it and run the update yourself if maybe your VBR server doesn't have internet access. So there are multiple ways to go about that. I don't want to talk about that yet. I want to talk about encryption detection. So another feature that was introduced before 12.3, but still great to mention, what this is going to do is use AI and machine learning to detect previously unencrypted data becoming encrypted while that backup happens. So this is kind of in line while that backup happens. When you enable this, there's a couple different sensitivities, low, normal, extreme with a slider. Down below. So if you're running a backup, kind of like I mentioned before, it will kind of look at the first backup, use that as a baseline. And then the next one that runs, maybe you have a large block of files that are now encrypted. Veeam is going to flag that backup as suspicious just because they were not there before. We do have that slider because obviously sometimes you have machines and data that you are encrypting yourself, you know, for just normal reasons and keeping it safe. So you can adjust that accordingly, maybe drop it a little bit closer to a lower sensitivity if you commonly have data being encrypted and unencrypted. But maybe that's just something you never do and you need to pop it up to extreme. But kind of like I said, it's really just one checkbox to turn it on. And that's it at the end of the day. So another very powerful checkbox. Last thing I kind of want to talk about here in the malware detection settings is signature detection. So before you can see I have the selected bring your own antivirus. This is something we have offered since 12.1, I believe, where you could run maybe a sure backup job or a secure restore and actually scan that backup with your own antivirus software. Maybe that's, you know, Sophos, Windows Defender, whatever it may be. We have, this is still an option. You know, we have the little XML file in the Veeam configuration settings. You can edit it, basically set Veeam to work with almost any AV or endpoint protection software. If it can interface with it through a command line, you can link it up with Veeam. But what is new here is Veeam Threat Hunter. So instead of kind of the bring your own, we are offering our own version built right into Veeam here. So what this is going to do, instead of reaching out to your AV solution, you're going to use Veeam itself to scan those backups just for any malware or, you know, any potential threats in there. And these are updated a few times per day just to keep those definitions, you know, very up to date and accurate. So it's basically another tool where you don't have to rely on a third party vendor to scan your backups with an AV software. You can just click on Veeam Threat Hunter and you're on your way. So I do want to show you a little bit more about that. So I am going to go into a sure backup job here. And we're just going to look at backup verification and content scan only. Let me just add a random job in here so it lets me go through. So this window is going to look, you know, just as it did before. You know, this is, you know, hey, I want to scan these backups. Maybe I have a Yara rule that I want to scan them with. Or this is where you'd go when you wanted to scan them with your own AV solution. So now you could see this little change button here. If I click on that, it's just going to bring me right to this window here. So, you know, when you're setting this up, you can kind of make sure, hey, maybe I already have this set up with Windows Defender, you know, Sophos, Trellix, whatever it is, and it's working great. Perfect. You can leave it how it is. Maybe you didn't have a solution that you could use to kind of leverage this. Now you can just make sure Veeam Threat Hunter is checked, run this sure backup job, and Veeam is going to scan all those backups for you. And I think it's pretty cool because it's really just taking some of that reliance on third parties and using the equation just to make some of these features a lot more widely accessible at the end of the day. So this is for, you know, a sure backup job. If you want to, you know, schedule those scans. Let's say you want to scan a backup once a day, once a week, whatever it may be. This is kind of where you'd set those up. Let me get out of here. And what I also want to show you here is I am going to, let's just say we need to do an entire VM restore here. I'm just going to add this file server job here just so we have something in the window. Let's pretend we're just, you know, changing a location. You know, I saw this backup. You know, it was flagged with a little bug. It was infected. Something happened. And I need to restore an older version just to, you know, make sure we are in a clean environment. I'm going to have these same options, you know, once this gets down to this secure restore tab in the window here. We'll give it a minute here just to load up. And there it is. These same options where I can scan this backup with Veeam Threat Hunter or my own solution and any of our rules. And I can run that scan before it actually is restored. So another great way to make sure you're not reintroducing any malware or any suspicious files or anything like that into your environment when you do need to do a recovery. And, you know, if something is found, you do still have some options. You could just abort, shut it down, or you can let that actually, you know, boot up. But all the network adapters are going to be disabled. So you can kind of go in manually and maybe poke around, do some investigation and see what's there and maybe how it got there at the end of the day. So those are, you know, a couple of the new features and some older features that I really wanted to focus on just with Veeam 12.3 and 12.2. Definitely some very powerful checkboxes, as I like to call them. So next, I know I kind of mentioned some, you know, integrations with, you know, Veeam APIs and all that fun stuff. Let me kick back over to this PowerPoint here. So first one I do want to talk about is our Palo Alto integration. It's going to give you a centralized view of all your security-related activity sent directly from Veeam right into your Palo Alto dashboard. Dashboard, it basically comes, you know, pre-configured, easy to set up, easy to use. And it's going to kind of put all those events in one spot if you are already using your Palo Alto, maybe XOR, SIAM, whatever that may be. So let me bring that up on my screen here. We will go back to my little demo box here, and you can see now I am logged into my Palo Alto with my new Veeam integration. So if I go down to settings here, you can see I do have, you know, a couple of Veeam tools set up in here already. So I'm going to go down to settings here, let me go back to the home screen for you, and what you will notice is, you know, this is my normal dashboard. Being a demo environment, obviously not a whole lot going on in here. In production, obviously there is a lot more to see, but what I do want to point out is this Veeam incident dashboard up top. So once I click into here, this is what I was talking about when I said there is, you know, a pre-configured Veeam dashboard that you are going to get. And this is going to show malware events from your Veeam backup and recovery server, health state of your backup infrastructure, it's going to show any alarms triggered by Veeam One, and kind of compile that all just right into your Palo Alto dashboard at the end of the day. So maybe your security team wants to monitor the Veeam side as well, kind of simplifies everything, condenses it, so you're not bouncing between a couple different dashboards or, you know, a couple different programs themselves, just trying to monitor your environment. So top left here, a little overview of just all incidents. It's going to show, you know, any active incidents as well, and over to the right, this is going to be everything that is reported by Veeam One. So, you know, if any of your Veeam One alarms are getting triggered by, you know, whatever the case may be, that's where you're going to see those as well. Also with these as well, you can see I have, you know, this pesky file server that seems to keep getting infected. I can go into these events, I can investigate, and you're going to have, you know, all the options that you would normally be used to with Palo Alto. So I can go in here, you know, and look at a little bit more finer details. It's going to show me, you know, almost a very similar, if not the same report that I actually was just showing in the recon scanner portal, but shows me, you know, what malware activity was detected, where I could find that log files. And in here, you know, I can go into the war room work plan and evidence board, you know, depending on what type of threat or what type of event. You can take the appropriate action and maybe just carry that all the way through using Palo Alto, where, excuse me, you don't need to, you know, click into your Veeam dashboard and monitor it there as well. So, you know, for people already using Palo Alto or maybe thinking of switching over to XSOAR, just another kind of cool integration that I like to show, because it really shows almost anything and everything from a security standpoint, I want to say, with your Veeam infrastructure. And it's all right there in front of you into a dashboard, just one click away. So while we are talking about integrations, there are a few more that I want to show off here. And Splunk is going to be the next one. I know out of what I'm showing off today, this may be the one that's been around the longest, but definitely another great integration to kind of condense that view of your Veeam environment and, you know, any security events or whatever may be going on. I'm not going to kind of talk too much about this slide. I think this even has a little video on it, but I'm just going to show you everything in a live demo because, well, that's why we're all here at the end of the day. So I will go over to my Splunk dashboard here. I am just logged in. This can be installed directly from Splunk base just to make things easy or from a file if you prefer that way. And you can see I have the Veeam app sitting down right here. So let me click into the Veeam app and then let's go to Veeam data platform monitoring right up top. I know it feels like I'm just showing you a lot of dashboards today. Because I apologize a little bit, I am showing you a lot of dashboards today. But, you know, they all look, I don't want to say they all look similar, but they're all, you know, kind of each different depending on what vendors you like. And they are all going to provide you just great data one click away, you know, maybe with an interface that you already have and you are already used to. So Veeam data platform monitoring up top here, it's gives me a little insight. You know, I have a lot of failed jobs in my demo environment. Might need a little work or investigation here. If that was a production, I'd be a little bit more concerned. But this is really going to show me more kind of on what my Veeam backup environment is looking at. Because you can see this is failed jobs, transferred data, my backup and copy jobs daily report, where I can see what failed, what worked, what gave me a warning. I like this because, you know, I see two big spikes there. Maybe something happened in my environment on those two days, causing a lot of jobs to fail. Kind of helps narrow down some potential issues. Same little chart here with sure backup jobs. And that's kind of what we were just talking about, where you can, you know, schedule those malware and Yara scans if you choose. This is probably one of my favorite sections, just the configuration backups. I know it's very simple, but that's a big part of keeping your Veeam environment safe. Because if your Veeam server has any issues, you need to restore it. You want to make sure you have that configuration backup. So you can see I have one here on my ATL East server. Gave me a warning. That's definitely something I'd want to look into and say, hey, why isn't this job, you know, going through successfully? What's going on? That's definitely a little kind of window down there, but very important to say the least. And just a little bit more information below, you know, agent jobs, file backup jobs, kind of splits it up on job type. Gives you an easy read pie chart of, hey, look, my agent jobs, you know, they're mostly doing great, but these file backup jobs, I have more failed than success. So, you know, not so great. And just a couple more statistics on the bottom and some easy to read charts there. So if we go back up top, we can click on the security events tab as well. And this is where, you know, instead of just telling me backup statistics, this is all going to be focused on security, obviously. So you can see I have about a thousand security events, which that's quite a bit. If I say so myself, a lot of four eyes authorization events. I know that's not a feature I really mentioned before, but if that's enabled and an administrator maybe tries to delete a backup, delete a backup job, you know, kind of something big like that, the other administrators will get an alert and they will actually need to approve that request before it goes through. So kind of another security layer, but maybe if you see this number jump, it's possible someone, you know, maybe gained access or there's just someone in there with some malicious intent at the end of the day. Another security alert chart. I like this one too, just because you can look for those spikes and see this is probably December 2nd. A lot of critical events, so I can say something definitely happened that day. And then this is going to kind of list out, you know, all your latest security events and things that happened in there, and you can click into all these and, you know, find some more details, see what's going on and kind of see what's in there. I do see a question. I know I'm a little bit late on it. Does 12.3 offer the ability to use wildcards in malware detection trusted object settings? Unfortunately, not at this time. I know that has been something. I have seen a lot of chatter about that at the end of the day. So purely speculation, but I wouldn't be surprised if that's something we do see in the future. Great question, though. So with Splunk, not a whole lot left to cover in here. You can run reports, you know, if you want as well. It does come with some built-in reports just with the app. Maybe I'm looking for failed MFA events if someone's trying to gain access or I just want to see all the malware detection events and, you know, use that for my own forensic reasons if I'm digging into an incident here. So that is pretty cool as well. App configuration, nothing really too exciting to see in here. You're really just kind of filtering what it's tracking, what it's looking at, but you can edit all this if, you know, maybe you're getting a ton of events from something that is normal in your environment. You don't want to monitor that at all. You can just kind of remove that event ID and stop monitoring it at the end of the day to clean things up. So moving on here, I'm going to go back to my PowerPoint real quick. And we are going to talk about ServiceNow. So this integration, it has been around for a little while. This is going to be kind of with VeeamOne and ServiceNow. So it's going to give you, you know, another dashboard. I know we've seen quite a few of those already today. But it is going to assist, you know, in kind of auto generating tickets. So maybe there's an alarm that's triggered in VeeamOne that needs to be, you know, assigned and addressed immediately. This can be set up to where when that alarm does get triggered, it's automatically creating a ticket in your ServiceNow account. come in, you know, you can set where it goes, how it comes in, all of that information. So it can be addressed a lot quicker, essentially, at the end of the day than maybe waiting for a backup admin to see an issue and then sending an email or opening up a ticket, sending it off themselves, where that's obviously not always an incident or instant. You don't always see what's going on with your tickets up right away. So with that being said, I'm going to show you a little bit more on how it actually works. So go back to my demo box here. Before we get into the ServiceNow integration, I'm going to open up VeeamOne, which I know some of you may or may not be familiar with. This is going to be kind of our monitoring and analytics tool that can run alongside our Veeam backup and recovery server. Just a kind of a quick overview. I have a little bit of everything in here since it is our demo environment. So, you know, normally you're not going to have a folder, an option for every single piece of Veeam, but I have a ton of different alarms that I can use to monitor specific pieces of my environment. I can monitor my entire Veeam backup and replication environment, maybe my 365 environment that's getting backed up by Veeam, or I can monitor my virtual infrastructure on VMware Hyper-V and really see a lot of cool stuff in there. But what we want to focus on is ServiceNow. So in the main menu, kind of up here on the settings, we're going to take a look at server settings. Just going to kind of show you real quick how this integration works. This is where all of the ServiceNow integration lives at the end of the day. This is kind of the initial setup where you can kind of set that up how you choose. You can add additional fields in here. You see, I don't have any because it's mainly just the demo box. And you can also kind of edit security or severity settings as well to where if it's, you know, an actual error, you're probably going to want that as a high severity ticket or maybe if it's just an informative alarm, not so important or a warning, might not be that important at the end of the day. And then you can always test it when you're done. Just click that button and it'll create and resolve a ticket for you just to let you know it So now that we have that integration set up, what are we actually going to do with it? I'm just going to click on one of these alarms here. Obviously, it's most likely going to be used for some more important alarms, things, maybe a VM's offline or a backup failed, malware is found, you know, whatever the case may be. We'll just use this one for an example here. I'm going to go in and edit this alarm. And this is where you kind of go in, set all of your settings for this But we are going to focus on this action section right here. Clicking the wrong button here. Sorry about that. Not actions, notifications. Beauty of a live demo, you get to watch me click on the wrong box sometimes. So in this notification section, you know, you can set up if you want an email to be sent out, run a script if you want to maybe automate some of these issues. And you can also have it create a service now incident. So once that's added, anytime this alarm is triggered, it's going to create a ticket in service now. And that's really all you need to do to kind of fully set up that integration and whatever the alarm is set as, you know, for the severity level, that's going to carry over to those settings that I previously went over into service now for the severity of that ticket as well. So in VeeamOne, that's really all you need to do. Make sure, you know, VeeamOne is actually integrated with your own service now and then pick and choose what alarms and events you want to create tickets and then you're on your way. So once we have that set up, I will go into service now here. And we go into incidents just to kind of show you what this looks like here. So you can see all of these were from our assignment group VeeamOne. Obviously, we only have Veeam incidents in here since, you know, it is a test. But, you know, if you have a bunch you wanted to filter out whatever that assignment group that you set, it's real easy to kind of filter what came from VeeamOne at the end of the day. So I will go ahead and click into one of these here. Just and you can see right here, this is, you know, no changes for me, no changes from anyone else. Auto creates that ticket. It does have, you know, the impact urgency already filled out. The caller is going to be, you know, whoever you specify during that initial integration. And then it'll give you the description of what's going on. I know this one is pretty basic. It's really just here for kind of testing and to show you how it works. But this job has ended with success, which is obviously good news. Not normally something you're going to want to create a ticket for, more so just to show you how it works. But any, you know, text, if it was saying, hey, we found suspicious malware or potential malware activity, it would show you, you know, what server, where to find that log file and any other corresponding information as well. And what you can do as well is kind of attach these Veeam KBs as well. So when you're actually looking at the ticket, it's going to show you what Veeam recommends as a potential resolution as well. If it is one of those kind of built-in alarms in Veeam 1 that do have those KB knowledge base articles attached, it'll forward those over to service now too. So whoever's handling those tickets, they're already going to have, you know, a nice resource to how to solve that issue already attached to the ticket. They don't have to search for anything or look anything up at the end of the day. And I mean, after that, it's really just, you know, go on with your normal process, how you would normally handle your tickets at the end of the day. So pretty quick and easy, a little bit of legwork, you know, picking and choosing what alarms and settings you want in Veeam 1 to actually trigger tickets. But you can test them as well. You don't have to enable everything at once. But once that's integrated, it's really just kind of a set it and forget it. And Veeam will send all your tickets in automatically for you. So last thing I do want to show you just since we are talking about Veeam 1 and I can't really go through a kind of a security feature demo without chatting about it is our Veeam 1 Threat Center. So once I log in here, I always just like to show this off on any security conversation at the end of the day. This is just the Threat Center in Veeam 1. I say just lightly because there is a lot of really good information here. Obviously, you see a lot of red, a lot of infected restore points, a lot of 0%. You know, all things you don't want to see. You're looking for usually green circles and a lot of green with 90 to 100%. But it is a great overview of everything that Veeam 1 is It's going to show you, you know, all your SLA compliance, any anomalies, any big security risks or events that are happening, you know, if anything's infected. Another great kind of tool where you can just take a quick peek at a dashboard, say, hey, everything's green, everything looks great. I don't have to worry about it today. Or, hey, there's a bunch of red that popped up, you know, that needs my attention right away. So just something I wanted to at least show and mention. I promise that will be the last dashboard that I show everybody today. Let me switch my screen up here. So going back just to kind of sum up a little bit, you know, of everything we've talked about and, you know, different editions, what Veeam has to Foundation edition of Veeam, you know, that is going to be full featured for backup and recovery. We have a kind of some new AI guidance added in here that I didn't really talk about too much and that will come with our AI powered malware detection. When you're looking a little bit further at our advanced edition, that's where you see the indicators of compromise scanning being added, security integrations, you know, Veeam Threat Center analytics, discovery reporting, all those, can't tell if they're blue or purple, but those are going to kind of be your Veeam one checkboxes and kind of give you full access to what I was just showing you with our Threat Center and ServiceNow integration there. And then, you know, we also have our premium edition that is going to bring in recovery orchestrator, which I know we didn't really chat about too much, but our recon scanner is included with premium edition, you know, no charge, just thrown in there along with everything else as well. So just to kind of give you an idea of how all those tools I went over today are split up between our editions here. So with that, you know, 12.3, it is our latest release. Definitely some cool things that I highly recommend you check out. And with that being said, that is all I have for you today. Hope everyone learned something new and have a great rest of your day. Thank you.
