As promised some 12.1 content…
For the new Test Drive 23h2 V12.1 Hands-ON Lab we wanted to demonstrate the Incident API triggering an automatic backup without wanting to make the lab too large or complicated.
*First we need to enable the feature.
In VBR Console from the Menu Bar. > Malware Detection. > Incident API Tab.
Below is an example PowerShell script for testing.
# Run this once, or read credentials from file
# Big thanks to Egor and Ed for their help with below!
# JB 3/1/2024
# $Cred = Get-Credential
# Change ServerName, UserName and Password
$Url = "https://my-vbr-server.veeamhol.local:9419/api/oauth2/token"
$Body = @{
"grant_type" = "password"
"username" = "jb@veeamhol.local"
"password" = "ILoveVeeam2024!"
}
$body = $body | ConvertTo-Json
$headers = @{
"Content-Type" = "application/json"
"x-api-version" = "1.1-rev1"
}
# Let's get a token to use
$request = Invoke-RestMethod -Method 'POST' -Uri $url -Credential $Cred -Body $body -Headers $headers -SkipCertificateCheck
$token = $request.access_token
# Now we can add token to headers and forget about authentication once and for all
$headers = @{
"Content-Type" = "application/json"
"x-api-version" = "1.1-rev1"
"Authorization" = "bearer $token"
}
# Let's create a new event (provide any information you know about machine - fqdn, ipv4, ipv6, uuid from vCenter PowerCLI or similar)
$Body = @{
"detectionTimeUtc" = "2024-01-02T01:00:07.801Z"
"machine" = @{
"fqdn" = "windowstestserver.veeamhol.local"
"uuid" = "564d10ea-382d-bd89-f734-8c568524bd8a"
}
"details" = "This event is raised from REST API for VeeamHOL"
"severity" = "Infected"
"engine" = "VeeamHOL AV [AntiVirus Name Here eg. Sophos or CrowdStrike]"
}
$body = $body | ConvertTo-Json
Invoke-RestMethod -Method 'POST' -Uri "https://my-vbr-server.veeamhol.local:9419/api/v1/malwareDetection/events" -Headers $headers -Body $body -SkipCertificateCheck
Hope you find this helpful!
I will soon add to this post with Anti-Virus testing and triggering….
