The File activity tab in the Threat Indicators dashboard lists virtual machines with backup job anomalies.
Clicking a VM opens the File Activity Report, which allows you to analyze the statistics for that VM.
You can monitor file activity anomalies for virtual machine backups without installing file system agents within the VM guest.
Note
The virtual machines to be monitored must have file indexing enabled. For more information, see Enabling File Indexing for Virtual Machines.
File Activity Tab
The table in the File activity tab is comprised of the following columns:
|
Column |
Description |
|---|---|
|
Name |
The virtual machine. When you click the VM, the the File Activity Report appears (see below), which allows you to analyze the statistics for that VM. |
|
Indicators |
The type of anomalous file activity, as follows:
|
|
Detected time |
The time when the anomaly was detected. |
|
Server type |
The type of server identified. |
|
Created files |
The number of files that were created at the detected time. |
|
Renamed files |
The number of files that were renamed at the detected time. |
|
Deleted files |
The number of files that were deleted at the detected time. |
|
Modified files |
The number of files that were modified at the detected time. |
|
Tags |
Audit tags that you can use to record actions. |
|
Actions |
Click the action button
|
, and then select one of the following options:File Activity Report
Click a VM name in the table in the File Activity tab to open the File Activity Report for VM backup job anomalies.
The report is divided into the following sections: File Activity chart and Unusual File Activity table.
File Activity Chart
The File Activity chart displays the distribution of the number of files in a backup job based on unusual behavior that is observed in creation, modification, and deletion operations.
Note
In the chart, System threshold serves as an indicator as to why jobs have been identified as anomalous. The system establishes the threshold by analyzing patterns from past backup jobs.
The following image is an example of the File activity chart for VM backup job anomalies:
Unusual File Activity Table
The following image is an example of the Unusual File Activity table for VM backup job anomalies:
The Unusual File Activity table is comprised of detailed information about the size of affected backup job files in the VM, categorized into three tabs: Created, Modified, and Deleted.
Created Tab
The Created tab shows files that have been created and subsequently backed up in the anomalous job. The following table includes descriptions for all columns in the Created tab of the Unusual File Activity table for backup job anomalies.
|
Column |
Description |
|---|---|
|
File Name |
Name of the file that has the anomaly. |
|
Path |
The path to the folder that contains the files that are affected by the anomalous activity. |
|
Size |
The size of the file that has been backed up. |
Modified Tab
The Modified tab shows files that have been modified and subsequently backed up in the anomalous job. The following table includes descriptions for all the columns in the Modified tab of the Unusual File Activity table for backup job anomalies.
|
Column |
Description |
|---|---|
|
File Name |
Name of the file that has the anomaly. |
|
Path |
The path to the folder that contains the files that are affected by the anomalous activity. |
|
Size |
The size of the file that has been backed up. |
|
Modified time |
The time when the file was modified. |
Deleted Tab
The Deleted tab shows files that have been deleted prior to the anomalous backup job. The following table includes descriptions for all the columns in the Deleted tab of the Unusual File Activity table for backup job anomalies.
|
Column |
Description |
|---|---|
|
File Name |
Name of the file that has the anomaly. |
|
Path |
The path to the folder that contains the files that are affected by the anomalous activity. |
|
Size |
The size of the file that has been deleted. |