Sid 1-61192

Rule Documentation
References

Report a false positive

Rule Category

POLICY-OTHER --

Alert Message

POLICY-OTHER Veeam Backup and Replication empty user name login detected

Rule Explanation

This rule looks for authentication attempt to Veeam where no username is specified.

What To Look For

This rule alerts when an anonymous authentication attempt to Veeam is detected.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic: Initial Access

Technique: Default Accounts

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

Additional Links

www.veeam.com/kb4288

Rule Vulnerability

Authentication Bypass

An Authentication Bypass occurs when there is a way to avoid providing user credentials to a system before performing restricted operations on said system.