Analytics Story: Monitor Backup Solution

Date: 2017-09-12 ID: abe807c7-1eb6-4304-ac32-6e7aacdb891d Author: David Dorsey, Splunk Product: Splunk Enterprise Security

Description

Address common concerns when monitoring your backup processes. These searches can help you reduce risks from ransomware, device theft, or denial of physical access to a host by backing up data on endpoints.

Why it matters

Having backups is a standard best practice that helps ensure continuity of business operations. Having mature backup processes can also help you reduce the risks of many security-related incidents and streamline your response processes. The detection searches in this Analytic Story will help you identify systems that have backup failures, as well as systems that have not been backed up for an extended period of time. The story will also return the notable event history and all of the backup logs for an endpoint.

Detections

Name ▲▼	Technique ▲▼	Type ▲▼
Extended Period Without Successful Netbackup Backups	None	Hunting
Unsuccessful Netbackup backups	None	Hunting

Data Sources

Name ▲▼	Platform ▲▼	Sourcetype ▲▼	Source ▲▼

References

https://www.carbonblack.com/2016/03/04/tracking-locky-ransomware-using-carbon-black/

Source: GitHub | Version: 1