Alerts indicate an exception situation or notify about a potential issue in your environment that needs attention. The notifications are displayed on the Alerts page. Alerts are sorted based on their date.
You must configure alerts so that Druva Cloud Administrators receive email notifications when an alert is generated.
About Alerts
The following table lists various Ransomware Recovery alerts and what they mean.
Alert Category | Alert Type | Indicates... |
Unusual Data Activity | Unusual Data Activity | Unusual data activity on an endpoint or a server.
Severity: Critical
Action required: Go to Ransomware Recovery, and quarantine the resource (endpoint or server) mentioned in the alert. |
Unusual Data Activity | Unusual Data Activity - Scan Failure - Only for VMware | Unusual data activity scan failed on VMware. Severity: Warning Action required: View the alert for the scan failure reason and take appropriate action to ensure smooth UDA scan for VMware resources. You can also access this alert via Events API. |
Security Insights | Data Access Alert - New Location | A Druva administrator or an inSync Client user has restored or downloaded data from Druva Cloud.
Severity: Critical Action required: View the alert details to ensure that the data was not accessed from an undesired location. If you feel something is wrong, reset the password of the administrator or inSync Client user. ❗ Important The alert is generated only if no data has been accessed from that IP address in the past 30 days. |
Security Insights | Admin Login Event - New Location | A Druva administrator has logged into the console from a new IP address.
Severity: Warning Action required: View the alert details to ensure that the login was not made from an undesired location. If you feel something is wrong, reset the password of the administrator. ❗ Important The alert is generated only if no login activity has been observed from that IP address in the past 30 days. |
Malicious Files Found | Malicious Files Found | Malicious files are found on an endpoint or a server.
Severity: Warning Action required: Go to Ransomware Recovery, and quarantine the resource (endpoint or server) mentioned in the alert. |
View alerts
To view the Ransomware Recovery alerts
On the Security Events Console menu bar, click the bell icon to view the list of alerts.
Newly generated alerts are highlighted to help you understand that you have not viewed those alerts.Select an alert and click View Details to see detailed information about that alert.
Alert Details
The following table provides details about the alerts:
Field | Description |
Summary |
|
Alert Type | Type of alert. For example: Data Access Alert - New Location |
Alert Category | Category to which the alert belongs. For example: Unusual Data Activity, Security Insights, Malicious File Scan, and so on. |
Severity | Severity of the alert- Critical, Warning. |
Generated On | Date and time in UTC when the alert was generated. |
Details |
|
Resource Name | Name of the resource for which alert was generated. For Endpoints - Devices For NAS - Backup sets For File Server - File Backupsets |
Affected Snapshot | Details of the impacted snapshot |
Anomaly Type | Type of anomaly detected for the affected snapshot. It can be either of the following:
|
New Files | Number of new files created in case of creation anomaly. |
Deleted Files | Number of deleted files in case of deletion anomaly. |
Updated Files | Number of updated files in case of modification anomaly. |
Encrypted Files | Number of encrypted files in case of encryption anomaly. |
Resource Parent Name | Parent to which the impacted resource is associated. For Endpoints - Users For NAS - NAS Devices For File Server - Registered Server |
Encryption Reason | Details of encryption- entropy or matching malicious file extension detected. |