Download featured YARA rules, browse code samples or contribute your own scripts
Recently active
We’ve updated the Script Library section to include YARA rules. I’ve made a quick video (sorry for the cheesy graphics...) on how to install a YARA rule from this site and perform your first scan!
Welcome to the YARA and Script Library! This area of the community hub will provide community driven scripts and YARA rules, with selected featured items. Veeam Data Platform 23H2 includes Veeam Backup & Replication v12.1 which includes YARA Scanning. This area of the Veeam Community Hub will offer featured YARA rules for use. Custom script troubleshooting is not supported. What's in Scope:Confirming that Veeam Backup & Replication recognized the YARA rule file.What's Out of Scope:Troubleshooting why a custom YARA rule did not function as intended.This area also includes scripts in the Script Library. Generally speaking, scripts are licensed to you by the sample's author and fall under your responsibility and is governed by the Veeam Customer Support Policy. The figure below summarizes the scripting support for PowerShell:Excerpt from KB2183: PowerShell Script Execution Troubleshooting Advice (veeam.com)
Hi, We are thrilled to announce the general availability of AsBuiltReport.Veeam.VBR 1.0.0 — a comprehensive PowerShell module that generates professional as-built documentation reports for Veeam Backup & Replication (VBR) infrastructure. What is AsBuiltReport.Veeam.VBR?AsBuiltReport.Veeam.VBR is a specialized report generator that plugs into the AsBuiltReport framework to automatically document your VBR environment. It produces multi-format reports (HTML, Word, Text) that capture the complete state of your backup infrastructure—from backup jobs and repositories to proxies, tape libraries integration, cloud gateways, and more. Key FeaturesReport Sections — Comprehensive coverage of all VBR components including backup repositories, jobs, proxies, WAN accelerators, tape integration, and cloud connectivity Diagram Types — Visual representations of your infrastructure, including backup-to-repository flows, proxy routing, and tape library topology Flexible InfoLevel Configuration — Contr
Hello Veeam Community! I'm excited to introduce a Python script that I've developed for anonymizing Veeam Backup & Replication logs. Protecting sensitive information in log files is crucial, and this script simplifies the process while maintaining the integrity of your logs. Veeam Log Anonymizer logo Acknowledgments:Before diving into the details, I'd like to express my gratitude:Bertrand: Thank you for the original idea that inspired this script and for your valuable improvement suggestions. Your input was instrumental in making this script more robust and feature-rich. Eric: A big thank you for your unwavering support and encouragement throughout the development process. Your feedback and insights helped shape this tool. Disclaimer:I want to clarify that I'm not a developer by profession, but rather a member of the Veeam community who saw the need for a tool like this. The script has been created out of a passion for data privacy and a desire to contribute to our community.Key Fe
Hello,I could say better late than never, i’m using a script since many years to make my configuration configuration immutable on a linux repos.Even it is now available for object storage and it will probably be immutable in future release, i think it could useful to share it. #!/bin/bash# Define a list of target directoriestarget_directories=("/path/to/your/target_directory1" "/path/to/your/target_directory2")attribute_to_apply=" +i" # The chattr attribute to apply (e.g., immutable)time_to_wait_days=10 # Time to wait in days before removing chattr attributelog_path="/path/to/your/logfile.log" # Replace with your desired log path# Calculate the time to wait in secondstime_to_wait_seconds=$((time_to_wait_days * 24 * 60 * 60))# Log the start timeecho "$(date): Chattr attribute application started for files in ${target_directories[*]}" >> $log_path# Loop through all target directoriesfor target_directory in "${target_directories[@]}"; do # Loop through all files in the target dir
Greetings from Puerto Rico,The AsBuiltReport for Backup for Microsoft 365 has received significant community contributions and now supports documentation for version 8.4. This update represents a major milestone in the ongoing development of this reporting tool.In addition to these enhancements, we updated the diagram to incorporate Veeam's latest infrastructure icons, providing a more modern and visually consistent representation of your backup environment. We also added a new chart to visualize backup repository space utilization, along with improvements to several existing charts, offering better insights into your backup infrastructure performance and resource allocation. I'm grateful for the community's continued support and contributions, which make this tool better every single day! Sample ReportNew Features and changes:## [0.4.0] - 2026-05-20### Added- Add Dependabot support- Support for Veeam Backup for Microsoft 365 v8.4 (upgraded from v8.3) @acgdickie- Support for PowerShell
IntroductionMy Veeam Report v13, maintained and extended by L1nkState, is a modernized PowerShell reporting solution for Veeam Backup & Replication v12 and v13.Originally created by Shawn Masterson and later expanded by the community (notably marcohorstmann), this project transforms raw Veeam data into a clean, structured, and highly configurable HTML report designed for both operational teams and MSP environments. Download:L1nkState/My-Veeam-Report-v.13 Origin and EvolutionThe project has an interesting lifecycle:🧱 Original script: created by Shawn Masterson (pre-2018) 🧑💻 Community revival: modernized by contributors including marcohorstmann 🚀 Current version (v13): adapted and extended by @L1nkState for compatibility with modern Veeam platforms (v12/v13)This evolution reflects a common pattern in infrastructure tooling: community-driven survival and modernization of abandoned but valuable scripts. Key PurposeThe main goal of My Veeam Report v13 is to provide:A single HTML re
With the release of Veeam Backup & Replication v13, backup validation has become even more critical—especially in enterprise environments where data integrity and compliance are non-negotiable. In this context, Veeam-Validator emerges as a practical solution to extend and automate the native Veeam validation capabilities. Download script:L1nkState/Veeam-Validator-: Veeam Backup Validator A PowerShell automation script to validate Veeam backups and optionally send HTML reports via email. Designed for Veeam Backup & Replication v12 and v13, schedulable via Windows Task Scheduler. What is Veeam Backup Validator (Technical Context)The native Veeam Backup Validator is a CLI utility designed to verify backup file integrity without performing a restore. It works by leveraging block-level checksums: during backup creation, hashes are generated for each data block, and later recalculated and compared to detect corruption.From an operational standpoint:Works at file-level (CRC checks) D
While responding to a post, I figured I’d try to see if i could get all of the email accounts tied to jobs in my Veeam environment to assist.This script will also show the attached Copy and Tape jobs, so I’ll try to update it with additional logic time permitting. Either way, It will show if you (or others) have email alerts setup in Veeam jobs. I plan to update if i can have it show Warning, Error, and Success enabled. $emailPattern = '[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}'function Get-EmailsFromObject { param( [Parameter(Mandatory)] $obj, [string]$JobType = "Unknown" ) $json = $obj | ConvertTo-Json -Depth 5 -Compress -ErrorAction SilentlyContinue if ($json) { $matches = ($json | Select-String -Pattern $emailPattern -AllMatches).Matches foreach ($m in $matches) { [PSCustomObject]@{ JobName = $obj.Name JobType = $JobType Email = $m.Value } } }}$allEmai
Repost of topic on the RND forums, but figured to share this here as well: Sharing this tidbit here as there are quite a few topics on how to do session reporting on all job types including the plugin-based Hypervisors (aka PlatformBackups, for example Proxmox, Nutanix, HPE Morpheus, etc)Normally you would pass a CJob object from Get-VBRJob to Get-VBRSession -Job, but regrettably this will currently error with many job types:Get-VBRSession: Cannot bind parameter 'Job'. Cannot convert value "Veeam.Backup.Core.CBackupJob" to type "Veeam.Backup.PowerShell.Infos.VBRJob". Error: "The given key 'VmbApiPolicyTempJob' was not present in the dictionary."However, we can do a little magic trick with Get-VBRSession on the -Type parameter to get all PlatformBackup jobs; Get-VBRSession returns "light" information on the session data, so we will do another magic trick to get full session data from Get-VBRBackupSession, which in turn can be passed to Get-VBRTaskSession for full session reporting with
Not sure how useful this will be for anyone else, but should you need to parse through your logs on all gateway servers for S3 errors returned during Veeam operations with Object Storage, this script is for you.Script requires ripgrep to be installed on the Backup Server: https://github.com/BurntSushi/ripgrep?tab=readme-ov-file#installationIf you cannot install / use chocolately in your environment, download the ripgrep binary appropriate for your OS, and edit the script as noted in comment [2]. What it does:Collect all Object Storage Repsositories Get Ids for all assigned gateways Collect all gateways with Get-VBRServer cmdlet to create array of gateways Iterate over each gateway and do the following: Export logs JUST for that gateway server to the VBR server, uncompressed grep the logs for the relevant S3 error string with ripgrep (rg command) Write all found errors in full to a .log file Pares all found errors and write in human friendly format to CSV Clean up the exported logs,
After switching from TSM to Veeam, I found myself wasting plenty of hours excluding OFF-Line sql databases from backup.Normally it demands that you start SQL Server Management Studio ( witch takes a war ), identify the correct instance and then exclude the ofline databases in each backup job…..However… I’m notorisly lazy and in a bright moment, I turned to Powershell.The resulth is a script telling me if a database is offline and therefore maybe should be excluded or if a database in online and can be included in backup, and best of all… without starting SQL Server Management Studio. The script is eacy to use, gives a nice overview, you can in / exclude a database on a server in less than 20 sec ( depends on how many instances / databases the script have to scan ), you can chose to exclude Logs and diff backup and only have FULL backup if needed, and at last, - it logs every change make by time and username.Script is free to use…regards MACH0NE
Per KB4821, each organization should use a single backup application per Microsoft term's of use and product documentation. This script automates the steps mentioned in the KB article by identifying organizations that are using multiple backup applications and, if desired, will limit each organization to a single backup application.https://github.com/VeeamHub/powershell/tree/master/VB365-KB4821Please note that additional backup applications are not deleted from Entra ID. They are simply removed from Veeam.The output of the script let’s you see all organizations affected including backup application info and backup applications removed (if any):
As a fan of the Veeam Data Integration API, I have been spending time with a related but separate topic: Database Publish (referred to as Data Publishing in the Veeam documentation). The goal was to make backed-up databases available to another system for analysis, without permanently restoring them or affecting production.What is Data Publishing?Data Publishing is a feature in Veeam Backup & Replication that has been available for Microsoft SQL and Oracle for a while and was later extended to PostgreSQL and MongoDB. The mechanics are straightforward: Veeam mounts the backup data read-only, attaches the database files to the target engine, and keeps a write cache for any changes made during the session. When the session ends, the write cache is discarded. The source backup is untouched. The result is a database accessible via standard database protocols. You can connect to it, run queries, inspect schema and data, and then walk away and grab a coffee. No permanent restore, no impac
Special thanks to our dear Veeam Support Team Members Cosmin Ciobanu and Marius Nita for the following trick! Veeam Support is _always_ looking for ways to make everyone’s lives easier.Currently, to generate an HTML report for many sessions at once you need to go to the Session tab in the UI and ctrl / shift + click on desired sessions; not always convenient, and for Transaction Log backup sessions in particular you may have hundreds (if not thousands) of sessions.With Powershell and a bit of prep work, you can do this automagically: Preparatory Step:From a Windows-based backup server, copy the following filesCopyC:\Program Files\Veeam\Backup and Replication\Backup\SessionReport.xsltC:\Program Files\Veeam\Backup and Replication\Backup\SqlSessionReport.xsltto the following path on the machine where you will generate the report with Powershell:Windows:C:\Program Files\PowerShell\7\Linux:/opt/microsoft/powershell/7/Both xslt files should be in the powershell/7 directory. Then run the foll
The project announced here became even bigger. However, the Veeam Data Integration API remains the "main actor", except that many new options have now been added, as "my ideas factory" and feedback on a similar script have been incorporated. Let’s look at what’s NEW.📑 SearchThe host2scan parameter scans a selected restore point of the specified host. The repo2scan parameter can display all hosts with supported restore points in the specified Backup Repository. Then select a host and start the scan. NEW Or with repo2scan and the option all to scan the latest restore point for all found and supported host types in the specified Backup Repository. NEW🔍 Scan & StoreThe scan parameter triggers the malware and LOLBAS detection scan. The store parameter collects the metadata for all relevant binary files (ideal for hash analysis). NEW The yaramode parameter triggers a YARA scan using the stored rule(s). NEW📊 Display NEWThe data is displayed in a wonderful Streamlit Dashboard. In the pi
ProxyPool Swapper for Veeam Backup for M365If you regularly onboard new tenants in Veeam Backup for Microsoft 365, chances are this scenario sounds very familiar.A repository gets assigned to a proxy pool, and at some point you want to move it—quickly and without hassle. A common approach is to use a dedicated onboarding proxy pool for the initial full backups of new tenants, and a separate, permanently assigned pool for ongoing operations. Once those initial backups are complete, only incremental, day-to-day changes remain. These smaller, predictable workloads can then be handled by a proxy pool that’s specifically designed and sized for daily processing.From an architectural perspective, this makes perfect sense. From an operational perspective… it can get a bit tedious.Another use case I frequently run into is the need to quickly access logs for a specific job or repository. To do this, I assign the repository to a local Windows proxy, which gives me easy access to the proxy logs.
Hi,Where do you guys mostly download Yara rules for Veeam from?This GIT looks not maintained for years (files from 2022). https://github.com/YARA-Rules/rules/archive/refs/heads/master.zipI also used those links but I had some troubles when scanning backup.https://github.com/Neo23x0/signature-base/archive/refs/heads/master.ziphttps://yaraify.abuse.ch/yarahub/yaraify-rules.zip
Yesterday, during the VEEAM User Group Germany someone was missing a Maintenance Mode for VEEAM. The main problem was to keep which job was enabled and which was disabled. I wrote a script some times ago which stopped all jobs and disable them but before the state is dumped into a JSON File. On leaving maintenence the JSON-File will be read and required jobs are set to enabled again and failed jobs are triggered to restart. The scripts (and more) can be found on our github repository: https://github.com/claranet/VeeamHub/ Here are these scripts:Enter-Maintenance.ps1param( [switch]$DryRun=$False)Import-Module Veeam.Backup.PowerShellFunction log($message) { $timestamp = Get-Date -Format "yyyy-MM-ss hh:mm:ss" Write-Host "$($timestamp) - $($message)"}if($DryRun) { log "DRY RUN - NOTHING WILL CHANGE" }$_FILE = "$PSScriptRoot/job_states.json"if( [System.IO.File]::Exists($_FILE) ) { log "State File already exists - remove it first!!" pause Exit 1}# Create new, empty state fileNew-Item -
IntroductionThe Veeam Data Platform V13 is now available, and it brings many new features for working with the REST API. With these improvements, it is easier to automate tasks and integrate Veeam into your workflows. Sometimes, it is necessary to check backup data from NAS systems for viruses or similar threats. This helps ensure that the data is safe before being restored or used. Starting with Veeam Backup & Replication 13.0.1, we can trigger an Instant File Share Recovery using the REST API. And why not use a Python script to scan such backup data? There is a Python script for thatThe Python script initiates an Instant File Share Recovery. The backup data is made available to a Windows system, referred to as the mount server. On the Linux server, where the Python script is running, the shared folder gets mounted from the Windows mount server. After mounting, the script scans the data. It reads a configuration file named scan_engines.json, which lists all supported scanning engi
IntroductionMITRE ATT&CK v18, released in October 2025, introduces a major change in detection guidance. Two new objects, Detection Strategies and Analytics, replace the old single-sentence detection notes with structured, behavior-focused logic.In previous versions, detection tips were just short text inside each technique. Detection Strategies describe what behavior to look for, and Analytics show how to detect it on specific platforms. Each Analytic then guides you to relevant Log Sources and Data Components. What This Means for DefendersThis modular structure reflects how attacks develop not as individual warning messages, but as a chain of observable behaviors. Defenders can now track detection logic across different levels, systems, and data sources. The new detection model provides a clearer link between techniques, behaviors, and the necessary telemetry to identify them. Let’s look at the Detection Strategy DET0088 “Backup Software Discovery via CLI, Registry, and Process I
IntroductionBackups are the last line of defense when cyberattacks strike. Veeam users rely on the platform to restore data quickly and reliably in critical situations. However, availability alone is not enough, backups must be trustworthy. To address this challenge, I created a Python script that uses the Veeam Data Integration API and runs the THOR APT Scanner against the presented restore point(s).Who is Nextron, and what is THOR?Nextron Systems specializes in forensic threat detection. Their flagship product, THOR, is widely used by incident response and security teams to uncover attacker tools and traces that traditional solutions may miss. Unlike classic antivirus integrations, THOR is designed to detect webshells, obfuscated scripts, malicious configurations, and backdoors, the kinds of artefacts that advanced attackers often leave behind. In addition, THOR parses system artefacts such as Windows Registry hives or Event Logs with dedicated modules, applying forensic rules that g
Hi, Good evening.I am analyzing different Veeam Backup & Replication instances and I would like take all parameters for every backup job present on every VB&R instances that I am analyzing.I would like to know if is possible launch one powershell script for retrieve these values for example: start time for every schedule job, servers involved, backup modality (full, incremental, reverse incremental, etc) aware setting if exist, etc.Thanks in advance.Best regardsRicardo
WARNING: Exciting content 🕺🏻This blog post has a little bit of everything: A little bit of compliance, a little bit of encryption, a little bit of REST API, and a little bit of V13, like in this song.IntroductionThe EU’s Digital Operational Resilience Act (DORA) requires financial entities to protect their data using robust cryptographic methods. Two key articles, Article 6 (Encryption and Cryptographic Controls) and Article 7 (Cryptographic Key Management), set out what must be done. If you use Veeam for backups, you can meet many of these requirements.DORA - Summary of Relevant Requirements (Articles 6 & 7)DORA requires financial organizations to encrypt backup data at rest and during transfer. Connections within the organization and with external partners must also be protected using encryption. In addition, there must be clear rules for managing cryptographic keys throughout their entire lifecycle, including creation, storage, renewal, backup, and secure destruction. If a key
Im trying to run a powershell script to turn off/on a service on the remote computer. I run Veeam VBR as a local service instead of an AD service account. Is this why my script is failing?Ive tried both of these and using SNMP as an example. Of course they both work interactively from the VBRserverGet-Service -computername RemoteComputer -DisplayName "SNMP Service"| Stop-Serviceinvoke-command -ComputerName RemoteComputer -ScriptBlock {Get-Service -Name "SNMP"| Stop-Service} **********************Windows PowerShell transcript startStart time: 20250807125230Username: WCG\SYSTEMRunAs User: WCG\SYSTEMConfiguration Name: Machine: VBRserver (Microsoft Windows NT 10.0.17763.0)Host Application: powershell.exe -ExecutionPolicy ByPass -Command try {& 'C:\VeeamScripts\freeze-tk.ps1' -ErrorAction Stop } catch { exit 1 } Process ID: 24996PSVersion: 5.1.17763.7553PSEdition: DesktopPSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17763.7553BuildVersion: 10.0.17763.7553CLRVersion: 4.0.30319.4
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.