Veeam Backup & Replication 12.3 - New REST API features & new Python scripts

Veeam Backup & Replication 12.3 – A big release with many new functions. Let me show you some of the exciting new possibilities with REST API. And yes, I have also created some scripts

Scanning Backups & Veeam Threat Hunter

Veeam Backup & Replication offers various methods of scanning backups for malware. The Secure Restore feature allows for malware scanning during recovery, preventing the reintroduction of infected files. The Scan Backup functionality will enable you to check backups for malware on-demand. SureBackup provides the possibility to execute this task on a regular or even continuous basis.

With the introduction of the Veeam Threat Hunter in Veeam Backup & Replication 12.3, the scanning capabilities become even more powerful. Read the Veeam Backup & Replication v12.3 - What’s new document (page 7) describing the Veeam Threat Hunter capabilities.

Don’t forget to select the Veeam Threat Hunter in the Malware Detection Settings.

Scan Backups using REST API

With the latest release of Veeam Backup & Replication 12.3, the scanning of backups can now also be controlled via the REST API. The following script was created with the new “ingredients.” Let’s take a look:

After starting the script, the last ten restore points and their malware status are displayed before the antivirus scan starts. The restore points will be scanned sequentially, starting from the most recent restore point until a malware-free restore point is found. The progress of the initiated job is displayed, and the job result is shown at the end. The script and the documentation can be found on my GitHub Repo.

Veeam Backup for Microsoft Entra ID

With Veeam Backup & Replication 12.3, it is now possible to protect data from Entra ID tenants. In addition to the objects such as users, groups, roles, and more, the Entra ID sign-in and audit logs can be protected. The REST API also allows us to manage the Entra ID backups. For this, I created the VBR Entra ID Search search Python script that enables the use of these functions:

Check if a specific user/group/application exists in the selected restore point
Check if the user/group/application exists in the production (Entra ID tenant)
Compare user properties between a selected restore point and the production and show differences, if there are any.

vbr-entraid-search.py script comparing restore point content and production

The script and description can be found here. I am not yet completely satisfied with the output of the restore point and production differences; maybe someone from the community can give me a tip.

There is even more

The last of my three new scripts will control the Data Integration API via REST API and scan the presented backup data using a powerful scan tool. The script is ready and has been extensively tested. The only missing thing is (the time for) the documentation.

Thoughts & What’s Next?

These scripts are intended to show the new possibilities with the REST API and can be adapted or extended depending on the use case. I chose Python to expand my knowledge and because, combined with Linux, I can be much more creative. The emojis used also express this. Doesn't the output look nicer with them?

Based on the feedback, I might also update the scan script to use YARA rules as I already did using PowerShell.

Stay tuned & Happy Scanning!

Page 1 / 1

The new scanning features are great. Getting in to Threat Hunter now so should be interesting.

Hey @SteveHeart → Is the GitHub link correct?

Hey @Rick Vanover: Corrected. Thanks!

Perfect thanks @SteveHeart → I may or may not have been recording the recap with @Madi.Cristil and noticed it

This is my catch up with what is going on in the Hub day which translates into my things that will be fun to do list, which it seems just continues to grow!! This post another one that is getting pushed to top priority!!!

Comment

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded