Veeam Incident API is an application programming interface provided by Veeam Software, within Veeam Backup & Replication v12.1.
Veeam Incident API makes it easy for external CyberSecurity and Analytics tools (including XDR/NDR/MDR/EDR) to notify the backup server of infections at earlier attack stages, ensuring all restore points created after the corresponding moment in time for the given machine are marked as infected. Furthermore, you can enable Veeam to instantly create an out-of-band restore point of the affected machine, before malware has a chance to do much damage.
Improved Security with Veeam Incident API
The Veeam Incident API is important for organizations using Veeam solutions as it enhances incident management processes and improves security in several ways:
- Streamlined incident management: The API allows organizations to automate incident management created with their third-party application/monitoring system. This streamlines the overall incident response process, enabling faster resolution times and reducing the potential impact of security incidents
- Enhanced alerting capabilities: With the API, organizations can integrate their third-party incidents into their backup infrastructure systems. This enables proactive alerting of security incidents, timely detection of potential issues, and immediate notification to relevant stakeholders — such as backup admins — which in turn allows for quicker response and mitigation
- Integration with existing security workflows and systems: The Veeam Incident API enables seamless integration with other security tools and platforms within an organization’s infrastructure. This integration promotes a holistic and centralized approach to incident response and security management, allowing for better coordination and control
Overall, the Veeam Incident API plays a crucial role in improving security by enabling organizations to streamline incident management, enhance collaboration, automate processes, and integrate with existing security workflows. These capabilities ultimately lead to faster incident resolution, reduced downtime, and improved overall security posture.
Incident Management with Veeam Incident API
The Veeam Incident API does dramatically change Veeam’s security alliance position as it is the entry point for our security alliances to back up related tasks.
Veeam’s security alliance position refers to its collaborations and partnerships with various technology vendors and organizations in the security industry. These alliances are aimed at integrating Veeam’s data protection and management solutions with other security products or services to provide a comprehensive security ecosystem for customers.
While the Veeam Incident API contributes to incident management, it does not impact the overall security alliance position of Veeam. Veeam’s security alliances involve partnerships with other security vendors, where joint solutions are developed, integrations are built, and interoperability is ensured between Veeam and these partner products for the benefit of customers.
Therefore, the Veeam Incident API is a feature that enhances incident management within Veeam solutions, whereas Veeam’s security alliance position relates to its collaborations and partnerships with other security vendors to provide customers with a broader and more integrated security ecosystem.
Use Cases
One common use-case of the Veeam Incident API is integrating Veeam Backup & Replication with an external CyberSecurity and Analytics tools (including XDR/NDR/MDR/EDR).
As an example, with Progress Flowmon:
Additional notes
- Configuration: No configuration in Veeam Backup & Replication is needed for having the Incident API working
- Quick backup: You can run quick backup when Veeam Backup & Replication gets a Veeam Incident API response that triggers a malware detection event. To do this, perform the following steps:
2a. From the main menu, select Malware Detection > Incident API.
2b. Select the Perform a Quick Backup upon receiving an external event check box.