Threat Analysis Report for File System

The Threat Analysis Report summarizes the list of files containing anomalies on the latest backup jobs that have been file indexed. You can use this report to track different versions of a document to see if the file has been modified drastically. Modifications may occur if the file is encrypted or corrupted by malware attacks.

Note

Configure "File anomaly alert" with event code 69:52 to recieve alerts after every threat analysis job.

For more information about Threat Analysis, see Threat Analysis for File System.

Procedure

  1. From the navigation pane in the Command Center, click Monitoring > Threat Indicators.

    The Threat Indicators dashboard appears.

  2. Click the Threat analysis tab.

    A list appears, showing clients and subclients that contain infected files.

  3. To view the report, click the name of the client or subclient for which you want to view the report.

    The report appears.

Report Description

The Threat Analysis Report is divided into the following sections: Threat Analysis charts and File Information table.

Note

To remove the client that has unusual file activity from the client list, click Clear anomaly in the upper right corner of the Threat Analysis Report.

Threat Analysis Charts

The Threat Analysis charts display the infected files in the selected client for a specified time range.

The following images are examples of the threat analysis charts:

Threat Indicators Report for Threat Analysis (1)

Threat Indicators Report for Threat Analysis (2)

File Information Table

Click a recovery point in the Threats Detected chart to populate the File Information table.

The following image is an example of the File Information table:

Threat Indicators Table for Threat Analysis

The following table includes descriptions for all the columns in the File Information table for Threat Analysis.

Column

Description

Path

The path to the folder that contains the backed up file.

Threat name

The name of the threat,

Backup job id

The ID of the backup job that backed up that file,

Backup job time

The time at which the backup was performed,

Loading...