Rule Info
Name
Suspicious Veeam Backup Process Creation
Author
Florian Roth
Description
Detects the execution of suspicious Veeam Backup sub processes and PowerShell commands that are often related to exploitation
Date
2024-09-17 00:00:00
Modified
None
Id
650f5c71-e390-4e52-9cf1-4b321248f03c
Tags
attack.execution attack.t1210
Type
Nextron Sigma feed only (private)