Created
April 22, 2022 05:17
-
-
Save benyoungnz/8cd961901a5faebd1d9e6f4419dd864d to your computer and use it in GitHub Desktop.
Veeam Data Integration API with Opswat Metadefender Hash Scanning
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add-PSSnapin VeeamPSSnapin -ErrorAction SilentlyContinue | |
#connect to your backup server | |
Connect-VBRServer -Server "YOURBACKUPSERVER" | |
#get this machine (the data processor) ip address | |
$targetServer = (Get-NetIPAddress -AddressFamily IPv4 | Select-Object -First 1).IPAddress | |
$targetServerCreds = Get-VBRCredentials -Name "lab\administrator" | |
#backup job name | |
$jobName = "Fileservers" | |
#job object | |
$job = Get-VBRBackup -Name $jobName | |
#objects in this job | |
$jobObjects = Get-VBRJobObject -Job $jobName | |
#iterate each of the job objects so we can get the latest restore point for each | |
Foreach ($jo in $jobObjects) | |
{ | |
#get latest restore point in this job for this object | |
$restorePoint = $job | Get-VBRRestorePoint -Name *$($jo.Name)* | Sort-Object –Property CreationTime –Descending | Select-Object -First 1 | |
#set some vars for later | |
$restoreObjectName = $restorePoint.VmName | |
Write-Host "Publishing $($restoreObjectName) disks...." | |
#publish the restore point using the data integration api | |
$session = Publish-VBRBackupContent -RestorePoint $restorepoint -TargetServerName $targetServer -TargetServerCredentials $targetServerCreds | |
#write the session to screen | |
$session | |
#now find the volume locations mounted to this machine so we can go do things with the files | |
$volumes = Get-WmiObject win32_volume | Where-Object {$_.name -match "c:\\VeeamFLR\\$($restoreObjectName)" -and $_.label -ne "System Reserved"} | Select-Object Name, FileSystem, Label | |
Write-Host "Volumes:" | |
$volumes | |
$opswatBaseUri = 'https://api.metadefender.com/v4/hash/' | |
$headers = @{} | |
$headers.Add('apikey','xxxxxxxxxxxxxxxx') #you will need a valid opswat api key | |
#iterate each of the volumes mounted for this machine | |
Foreach ($volume in $volumes) | |
{ | |
#get the files/recursive look, filter by images.. you can do what you want here. i.e include all or select files like *.msi. *.exe | |
$files = Get-Childitem -Path $volume.Name -Include *.jpg,*.png,*.gif -File -Recurse -ErrorAction SilentlyContinue | |
#iterate each of the files | |
Foreach ($file in $files) { | |
#do some magic with the files | |
$file | |
$hash = Get-FileHash $file -Algorithm SHA256 | |
#scan result may "error" with hash not found, meaning not known to them, so you could perform a deep scan or have | |
#rules around what and when to scan files, report on hash misses etc. | |
$scanResult = Invoke-WebRequest -Uri $($opswatBaseUri + $hash.Hash) -Headers $headers | |
Write-Output $scanResult.content | |
} | |
} | |
#tear it down | |
Unpublish-VBRBackupContent -Session $session | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment