The project announced here became even bigger. However, the Veeam Data Integration API remains the "main actor", except that many new options have now been added, as "my ideas factory" and feedback on a similar script have been incorporated. Let’s look at what’s NEW.

📑 Search

• The host2scan parameter scans a selected restore point of the specified host.
• The repo2scan parameter can display all hosts with supported restore points in the specified Backup Repository. Then select a host and start the scan. NEW
• Or with repo2scan and the option all to scan the latest restore point for all found and supported host types in the specified Backup Repository. NEW

🔍 Scan & Store

• The scan parameter triggers the malware and LOLBAS detection scan.
• The store parameter collects the metadata for all relevant binary files (ideal for hash analysis). NEW
• The yaramode parameter triggers a YARA scan using the stored rule(s). NEW

📊 Display NEW
The data is displayed in a wonderful Streamlit Dashboard. In the picture below, a part of the dashboard with the KPIs of the upcoming version. 
 

👨‍💻 Inject it directly into my terminal

The scripts can be installed via this shell script. It asks for the Veeam Backup & Replication Server, the username and password for the REST API queries, and whether the Streamlit dashboard can be provided via a Docker container. Important: Not everything is documented, but it will be added soon.  More details in the GitHub Repository.

🎬🐷🎤 That’s Not All Folks!

In the next version, restore points from Scale-Out Backup Repositories can also be mounted and scanned. Security-relevant event entries in the Windows event logs are also searched for and saved in the database. And as always: More to come, as the scripts are or will be structured so that much more can be analyzed.

Happy Hunting!
Steve Heart