forked from splunk/security_content
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmonitor_successful_backups.yml
More file actions
29 lines (29 loc) · 935 Bytes
/
monitor_successful_backups.yml
File metadata and controls
29 lines (29 loc) · 935 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
name: Monitor Successful Backups
id: b4d0dfb2-2195-4f6e-93a3-48468ed9734e
version: 1
date: '2017-09-12'
author: David Dorsey, Splunk
type: Baseline
datamodel: []
description: This search is intended to give you a feel for how often successful backups
are conducted in your environment. Fluctuations in these numbers will allow you
to determine when you should investigate.
search: '`netbackup` "Disk/Partition backup completed successfully." | bucket _time
span=1d | stats dc(COMPUTERNAME) as count values(COMPUTERNAME) as dest by _time,
MESSAGE'
how_to_implement: To successfully implement this search you must be ingesting your
backup logs.
known_false_positives: none
references: []
tags:
analytic_story:
- Monitor Backup Solution
detections:
- Unsuccessful Netbackup backups
product:
- Splunk Enterprise
- Splunk Enterprise Security
- Splunk Cloud
required_fields:
- _time
security_domain: endpoint