Add Veeam data connector - Public Preview#14462
Open
v-hectorarv wants to merge 9 commits into
Open
Conversation
…streams (VeeamAuthorizationEvents, VeeamCovewareFindings,VeeamMalwareEvents,VeeamOneTriggeredAlarms,VeeamSecurityComplianceAnalyzer,VeeamSessions)- Includes DCR, polling configs, table definitions, and parsers- Version 3.0.3
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds a Veeam Codeless Connector Framework (CCF) data connector (public preview) to the Microsoft Sentinel Veeam solution, including new custom tables and ingestion via DCR/DCE, along with version/package updates.
Changes:
- Added CCF connector definition + poller configs and created custom table resources for six Veeam data streams.
- Added a DCR with KQL transforms to map REST payloads into the custom tables.
- Bumped solution versioning and updated package/UI + release notes accordingly.
Reviewed changes
Copilot reviewed 14 out of 16 changed files in this pull request and generated 15 comments.
Show a summary per file
| File | Description |
|---|---|
| Solutions/Veeam/SolutionMetadata.json | Version bump to 3.0.3 to align solution metadata with the new release. |
| Solutions/Veeam/ReleaseNotes.md | Adds a 3.0.3 release-note entry describing the new CCF connector/data streams. |
| Solutions/Veeam/Package/testParameters.json | Adds RG/subscription parameters for package deployment/testing. |
| Solutions/Veeam/Package/createUiDefinition.json | Updates solution description counts + adds UI text blocks for the additional connector. |
| Solutions/Veeam/Data/Solution_Veeam.json | Adds the CCF connector to solution content list; bumps version and adds CCF version field. |
| Solutions/Veeam/Data Connectors/Veeam_CCF/table_VeeamSessions.json | Adds custom Log Analytics table resource for session telemetry. |
| Solutions/Veeam/Data Connectors/Veeam_CCF/table_VeeamSecurityComplianceAnalyzer.json | Adds custom table resource for security/compliance analyzer. |
| Solutions/Veeam/Data Connectors/Veeam_CCF/table_VeeamOneTriggeredAlarms.json | Adds custom table resource for Veeam ONE triggered alarms. |
| Solutions/Veeam/Data Connectors/Veeam_CCF/table_VeeamMalwareEvents.json | Adds custom table resource for malware events. |
| Solutions/Veeam/Data Connectors/Veeam_CCF/table_VeeamCovewareFindings.json | Adds custom table resource for Coveware findings. |
| Solutions/Veeam/Data Connectors/Veeam_CCF/table_VeeamAuthorizationEvents.json | Adds custom table resource for authorization/audit events. |
| Solutions/Veeam/Data Connectors/Veeam_CCF/Veeam_PollerConfig.json | Defines six RestApiPoller configurations for the data connector. |
| Solutions/Veeam/Data Connectors/Veeam_CCF/Veeam_DCR.json | Adds DCR stream declarations + transforms for ingestion into the custom tables. |
| Solutions/Veeam/Data Connectors/Veeam_CCF/Veeam_ConnectorDefinition.json | Adds the CCF connector definition, UI instructions, queries, permissions, and dataTypes. |
Comment on lines
+74
to
+81
| "name": "dataconnectors-link2", | ||
| "type": "Microsoft.Common.TextBlock", | ||
| "options": { | ||
| "link": { | ||
| "label": "Learn more about connecting data sources", | ||
| "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources" | ||
| } | ||
| } |
| "clv2ws1" | ||
| ], | ||
| "outputStream": "Custom-VeeamSessions_CL", | ||
| "transformKql": "source | extend TimeGenerated = iff(isempty(creationTime), now(), todatetime(creationTime)) , VbrHostName = ['vbrHostName'] , SessionType = ['sessionType'] , State = ['state'] , Id = ['id'] , Name = ['name'] , JobId = ['jobId'] , CreationTime = ['creationTime'] , EndTime = ['endTime'] , ProgressPercent = ['progressPercent'] , ResultStatus = tostring(result.result) , ResultMessage = tostring(result.message) , ResultIsCanceled = tobool(result.isCanceled) , VeeamResourceId = ['resourceId'] , ResourceReference = ['resourceReference'] , ParentSessionId = ['parentSessionId'] , PlatformName = ['platformName'] , PlatformId = ['platformId'] , Usn = ['usn'] , Result = tostring(result.result) , Message = tostring(result.message) , IsCanceled = tobool(result.isCanceled) | project TimeGenerated , VbrHostName , SessionType , State , Id , Name , JobId , CreationTime , EndTime , ProgressPercent , ResultStatus , ResultMessage , ResultIsCanceled , VeeamResourceId , ResourceReference , ParentSessionId , PlatformName , PlatformId , Usn , Result , Message , IsCanceled" |
Contributor
|
Hi @v-hectorarv Kindly accept CLA and address the above review comments if required. Thanks! |
TwistedAlex
requested changes
Jun 12, 2026
TwistedAlex
requested changes
Jun 12, 2026
Contributor
|
Hi @v-hectorarv Kindly confirm CLA acceptance by adding a comment on the PR. Thanks! |
Author
|
@microsoft-github-policy-service agree company="Microsoft" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds the Veeam data connector to Microsoft Sentinel using the Codeless Connector Framework (CCF).
Data Streams
Changes
Added CCF connector definition with 6 polling configurations (Malware Events, Security Compliance Analyzer, Authorization Events, Veeam ONE Triggered Alarms, Coveware Findings, Sessions)
Created Data Collection Rules (DCR) for ingestion into custom tables
Implemented and updated parsers for data transformation, including Veeam session resource ID parsing
Updated release notes for version 3.0.3
Generated solution package for deployment (3.0.3)
Testing
Release Stage
This connector is being promoted from Private Preview to Public Preview.
Related Documentation
TSG Wiki: [Link to your wiki page]
Vendor Documentation: https://helpcenter.veeam.com