I’m really happy to share with the Veeam Community another Open Source Project “vScan Vulnerability Scanner”
This is an Open-Source project created as a Security scanning tool that integrates with Veeam Backup & Replication to perform vulnerability assessments on backup data without needing a full restore. It leverages Veeam Data Integration API to mount backup content directly to Linux servers and scan them using open-source security tools Trivy and Grype.
Why is this solution created? In the event of a disaster or security incident, when the Veeam Admin or the Security Team needs to recover a server (whether it's the latest or a previous copy), they need to know what vulnerabilities exist in that Veeam Backup.
While Veeam can detect malware, ransomware, IoC, etc, it doesn't detect vulnerabilities. For example, Consider these scenarios: What if a Veeam Admin restores a backup that contains a vulnerable version of OpenSSL? What if they restore an image with vulnerabilities in the CISA KEV catalog?
If the attacker is in the network or from internet, they can exploit these vulnerabilities and execute any persistence tool.
With this solution, Veeam Admins (or Security Admins ;) ) can identify vulnerabilities in their Veeam Backups and implement necessary mitigation measures before restore the server to production or exposing it to the internet.
This is a Desktop Application to be used in the workstation of Veeam Admins or Security Admins.
Features
- Integration with Veeam Data Integration API
- Integration with Security Scanners Trivy / Grype
- Automatic Installation and update of Scanners
- Granular Selection of Backups and Disks to be Analyzed from Veeam Repositories
- Use Linux Server for Scan from VBR Server or use a external Linux Server.
- Dashboard with Vulnerability Trends and Severity Distribution
- Vulnerability list integrated with Nist National Vulnerabilty Database (NVD) and GitHub Advisory Database
- Verification of CVE's with CISA Known Exploited Vulnerabilities Catalog
- Vulnerabilities Status Tracking
- Vulnerabilities Filter By Severity, Status, Package, Server Name, etc.
- Export Vulnerabilities Details in CSV / HTML
- Email Notifications
- Connection Status
How To Use
- Open the Application wit Administrator Rights
- Go to Settings and validate if VBR Console and Powershell Module are installed
- If VBR Console and Powershell mOdule are installed, Enter the VBR Credentials.
- After a successful connection, go to Linux Scanner.
- In Linux Scanners, Select a Linux Scanner (Preferred Proxy) from VBR ane enter the credentials. If you dont want use a Linux from VBR you can enter manually a Linux server to connect.
- Then click in "Test Connection" after a successful test, click in "Save Configuration" and the Connection manager will update the status to Connected.
- If you want configure Email Notification, go to "Notifications" and enter the data, First Test Email, then Save the Config.
- Go to "Scans" Select VBR, in "SEARCH / SELECT Server" select the server to Scan, then Select Restore point, Disck and "Add to Queue" if you want add multiples servers always add to Queue and then clic in "Mount".
- After the mount Operation, you can select the Scanner, Trivy or Grype, then click "START SCAN".
- When the Scan Finalize, the application will show a Summary, you will se 3 options:
- Continue Scanning: This option allows to Scan the machines with the other Scanner, if was selected Trivy, you can rescan with Grype.
- Keep Mounted & View: This option will keep mount the Servers in VBR, then you need manually dismount the servers.
- Unmount & View Results: This option will unmount all the servers from the Linux Scanner and will show the vulnerabilities found.
- In Vulnerabilities you can Filter by multiple options to analyze the vulnerabilities found or export all Vulnerabilities or Grouped.
Download and more information: https://github.com/VeeamHub/veeam-vscan-security
