forked from splunk/security_content
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathmonitor_backups.yml
More file actions
37 lines (37 loc) · 1.49 KB
/
monitor_backups.yml
File metadata and controls
37 lines (37 loc) · 1.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
category:
- Best Practices
channel: ESCU
creation_date: '2017-06-15'
description: Address common concerns when monitoring your backup processes. These
searches can help you reduce risks from ransomware, device theft, or denial of physical
access to a host by backing up data on endpoints.
detections:
- detection_id: a34aae96-ccf8-4aaa-952c-3ea21444444f
name: Unsuccessful Netbackup backups
type: splunk
- detection_id: a34aae96-ccf8-4aef-952c-3ea214444440
name: Extended Period Without Successful Netbackup Backups
type: splunk
id: abe807c7-1eb6-4304-ac32-6e7aacdb891d
maintainers:
- company: Splunk
email: davidd@splunk.com
name: David Dorsey
modification_date: '2017-09-12'
name: Monitor Backup Solution
narrative: Having backups is a standard best practice that helps ensure continuity
of business operations. Having mature backup processes can also help you reduce
the risks of many security-related incidents and streamline your response processes.
The detection searches in this Analytic Story will help you identify systems that
have backup failures, as well as systems that have not been backed up for an extended
period of time. The story will also return the notable event history and all of
the backup logs for an endpoint.
original_authors:
- company: Splunk
email: davidd@splunk.com
name: David Dorsey
references:
- https://www.carbonblack.com/2016/03/04/tracking-locky-ransomware-using-carbon-black/
spec_version: 2
usecase: Compliance
version: '1.0'