The following article provides information about the Cyber Recovery Runbooks dashboard.
Overview
This guide explains how to view, manage, and understand the results of recovery plans within the Cyber Resiliency platform.
Access path
From the DCP Console, go to the Global Navigation menu -> Ransomware Recovery. Select the Cyber Recovery tab from the left navigation panel. The Cyber Recovery Dashboard appears.
Overview of Cyber Recovery Plans
The Cyber Recovery dashboard is the central hub for managing data restoration after a security incident or for routine testing. It provides a summary of all existing recovery strategies.
Recovery Plan: a new tool that transforms recovery from a slow, manual process into an automated, threat-aware operation. While traditional disaster recovery is built for power outages or hardware failures, this feature is specifically engineered to defeat modern cyber threats.
Plan Cards: Each box represents a specific plan.
Scheduled Recovery: Runs automatically at set intervals (e.g., Quarterly).
Live Incident Recovery: Triggered manually in response to an active threat.
Key Actions
You can perform the following actions on the Cyber Recovery Plan dashboard:
Create Recovery Plan
Run Recovery option: Manually executes a scheduled recovery plan, initiating a Recovery Job based on your pre-defined snapshot scan criteria. Depending on your configuration, this action also triggers specific secondary processes:
Threat Hunt: Launched automatically if selected as the scan option.
Curated Snapshot: Initiated for OneDrive and SharePoint during Live Incident Recovery (if selected).
Search for a specific recovery plan using the Recovery Plan Name criteria
Use the Filters to sort and list Cyber Recovery Plans based on specific criteria.
Filters | Description |
Resource Type | The type of resource - VMware, Microsoft 365 - Exchange Online, OneDrive, SharePoint. |
Recovery Type | Scheduled or Live Recovery Plan. |
Recovery Status |
|
Plan Status | Active Paused Archived |
Managing Plan Details
When you click on a specific plan, you enter the Details view.
Plan Details tab
The details view varies based on the type of Recovery Plan.
Details: Provides basic plan details such as the name, description, plan type, who created the plan, Plan Status, Testing frequency and start time (For Scheduled Recovery Plan), Run date and time (For Live Recovery Plan)
Execution Details (For Scheduled Recovery Plan): Provides details about the latest date and time of plan execution, next scheduled execution time, and count of execution for the plan.
Snapshot Selection: This defines the point in time the system looks at.
Snapshot Recovery Window: The date range from which a backup was chosen.
Recovery option: The criteria chosen for recovery.
Threat Scan Criteria: Shows if the system is looking for specific malicious files (Hashes) or file types (Extensions) before restoring the data.
[For VMware Only] Post Restore Actions (Recovery Settings section): Actions taken automatically after recovery, such as detaching network cards to prevent the spread of malware or running a post-boot script.
Target Environment: Shows where the data will be restored, including the Destination Hypervisor and Data Source for VMware and Restore Location for Microsoft 365.
Resources tab
Shows exactly what is being protected.
For VMware
Resource Name: Name of the virtual machine (VM).
vCenters/ESXi Hosts: The technical location where the data lives.
Guest OS Credentials: A green key icon indicates that the system has the necessary permissions to access and recover that specific machine.
Size: The backed up data size for the resource.
For OneDrive and Exchange Online
Resource Name: Name of the resource. User Name for OneDrive and Exchange Online.
Email: The unique email address of the user.
Profile: The profile details to which the user belongs.
Size: The backed up data size for the resource.
For SharePoint
Resource Name: Name of the resource. Site Title for SharePoint.
Site URL: The unique URL for the SharePoint site.
Site Type: The type of SharePoint site
Backup Profile: The type of backup profile for the SharePoint site.
Size: The backed up data size for the resource.
Recovery Report tab
Once a recovery plan finishes, the system generates a Recovery Report. This report confirms whether your data is safe and accessible. The key metrics include:
Recovery Status: Shows if the overall job was Completed, Cancelled, or Failed.
Total Recovery Time: The actual time taken to complete the entire restoration.
Average RTO: Recovery Time Objective - how fast the system recovered on average.
Recovery Job Status: The count of recovery jobs based on the status of the recovery job.
Resource List: A detailed table at the bottom lists every individual resource, its specific start/end time, recovered snapshots list, recovery status/job ID, and the size of the snapshot data recovered.
Checking Individual Plan Details
For VMware
If you click on a Job ID (a blue number like 248 or 253), a pop-up window appears with technical specifics for that one event.
Restore Scan Details: If a restore scan was performed during recovery, the status will be listed here.
Post-Restore Actions: This shows the security measures taken after recovery, such as:
Network Card: Whether the machine was reconnected to the internet (Detached means it is isolated for safety).
Delete Malicious Files: Confirms if the system automatically cleaned up any threats found.
For Microsoft 365
If you click on a Recovery Status/Job ID (a blue number like 248 or 253), a pop-up window appears with technical specifics for that one event. On the Job Details pop up, click on Restore Job ID to view the workload specific job details page.
Key Actions
You can perform the following actions on these tabs:
Download Report for offline investigation and audit purposes.
More options (Three blue dots) to Pause or Archive a Scheduled Recovery Plan.
Use the Filters to sort and view details based on specific criteria such as Resource Type, Recovery Type, Recovery Status, Plan Status.
Recovery Plan editing restrictions based on the Recovery Plan Status
Plan Status | Editable Fields | Non-Editable Fields |
Running Threat Hunt | All fields except the following: | * Plan Name * Plan Schedule * Snapshot Selection Criteria / Threat Hunt Configuration * Resources
|
Running | None | All fields |