The Unusual file activity dashboard in the Command Center displays information about such anomalous file activity on active client computers and in backup jobs. This panel provides a single location for identifying this activity, and allows you to act on potential threats with quick and safe recovery options, as follows:
-
View file path information for the file anomalies and track anomaly trending information
-
Recover the most recent good versions of files
-
Recover the entire client computer as a virtual machine
Commvault bases its file anomaly thresholds on historical activity and machine-learning algorithms, which separate false positives from typical activity on the file system.
You can configure the alerts when anomalous activities are detected. For more information, see File Activity Anomaly Alert.
Note
-
File anomalies that are older than 7 days are pruned automatically.
-
When a file system is installed on a VSA client that has backup anomaly enabled, then the backup that has the latest anomalous job will be listed on the dashboard.
The Unusual file activity dashboard also displays anomalies in the file types of backed up files on Windows clients computers. The anomaly is displayed when there is a mismatch in the file type of the file and the file extension. To enable anomaly check on file types, add the DetectMimeType additional setting with value 1 on the client computer.
Where to Access the Panel
You can view the Unusual file activity dashboard in the Command Center. For more information, see Viewing the Unusual File Activity Panel in the Command Center.
Note
To view the Unusual file activity dashboard, both the client and the CommServe computer need to be at Feature Release 11.23 or later.
Who Can View the Panel
The Unusual file activity dashboard for file and backup job anomalies is available to tenant administrators as well as to users who have the necessary permissions on the client computer with the anomaly.
What Is Monitored
-
Windows clients that have the file system package installed can be monitored for unusual activity on the file systems and in backup jobs.
-
Linux clients can be monitored for unusual activity in backup jobs.
-
Network shares can be monitored for unusual activity in backup jobs.
-
Virtual machine and non-file system clients can be monitored if the file system package is installed in restore-only mode.
-
Virtual machines with file indexing enabled can be monitored for unusual activity in backup jobs.
-
Backup jobs that utilize V2 indexing are monitored for any mismatch in the file type and file extension of the backed up files.
What You Can View in the Dashboard
The following tables include descriptions for all the columns in each tab in the Unusual file activity dashboard.
"All" Tab
|
Column |
Description |
|---|---|
|
Name |
The client computer. When you click the client computer, the following detailed reports are available:
You can use the reports to analyze the statistics. |
|
File anomaly type |
The type of anomalous activity, such as the following:
|
|
Detected time |
The time when the anomaly was detected. |
|
Server type |
The type of server identified. |
|
File Count |
Number of files detected with the anomaly. |
|
Tags |
Audit tags that you can use to record actions. |
|
Actions |
Click the action button
|
for a client, and then select one of the following options:"File Activity" Tab
|
Column |
Description |
|---|---|
|
Name |
The client computer. When you click the client computer, the following detailed reports are available: You can use the reports to analyze the statistics. |
|
File anomaly type |
The type of anomalous file activity, such as the following:
|
|
Detected time |
The time when the anomaly was detected. |
|
Server type |
The type of server identified. |
|
Created files |
The number of files that were created at the detected time. |
|
Renamed files |
The number of files that were renamed at the detected time. |
|
Deleted files |
The number of files that were deleted at the detected time. |
|
Modified files |
The number of files that were modified at the detected time. |
|
Tags |
Audit tags that you can use to record actions. |
|
Actions |
Click the action button
|
"File Type" Tab
|
Column |
Description |
|---|---|
|
Name |
The client computer. When you click the client computer, the following detailed reports are available: You can use the reports to analyze the statistics. |
|
File anomaly type |
File type |
|
Detected time |
The time when the anomaly was detected. |
|
Server type |
The type of server identified. |
|
File Count |
Number of files detected with the anomaly. |
|
Tags |
Audit tags that you can use to record actions. |
|
Actions |
Click the action button
|
"File Extension" Tab
|
Column |
Description |
|---|---|
|
Name |
The client computer. When you click the client computer, the following detailed reports are available:
You can use the reports to analyze the statistics. |
|
File anomaly type |
File extension |
|
Detected time |
The time when the anomaly was detected. |
|
Server type |
File system. |
|
File Count |
Number of files detected with the anomaly. |
|
Tags |
Audit tags that you can use to record actions. |
|
Actions |
Click the action button
|
"Partner Integration" Tab
|
Column |
Description |
|---|---|
|
Name |
The client computer. When you click the client computer, the following detailed report is available: You can use the reports to analyze the statistics. |
|
File anomaly type |
Partner integration |
|
Source |
The partner that discovered the anomaly (either DarkTrace or Netskope CTE). |
|
Detected time |
The time when the anomaly was detected. |
|
Anomaly Count |
Number of anomalies detected. |
|
Server type |
File system. |
|
Tags |
Audit tags that you can use to record actions. |
|
Actions |
Click the action button
|