> Software > Threat Analysis > Virtual Machines > Performing Threat Analysis for Virtual Machines > Performing On-Demand Threat Analysis

Scheduling Threat Analysis with Full VM Restore Using a Workflow

The Virtual Machine Threat Analysis Scan workflow enables you to perform out-of-place restores of virtual machines (VMs) to VMware or vCloud Director, and then scan the restored VMs for potential malware. Any detected threats are reported as anomalies on the Threat Indicators dashboard.

When you execute the workflow, the software:

  • Scans all VMs in a specified server group, or scan only VMs that were not previously scanned or where previous scans were incomplete.

  • Automatically deletes restored VMs after the threat scan is complete.

  • Performs incremental scans.

Before You Begin

  1. Download the Virtual Machine Threat Analysis Scan workflow from the Commvault Store.

  2. Import and deploy the workflow into your CommCell environment.

Note

Only CommCell administrators or users with the required administrative permissions can access, create, or edit workflows via Developer Tools > Workflows. For details, see Creating and Managing Workflows.

Procedure

  1. Configure server groups:

    • One for the VMs to be scanned.

    • One for the threat scan server that will perform the restore and scan.

    For instructions, see Adding a Server Group by Using Manual Association.

  2. Run the Workflow:

    • Navigate to the Workflows page and launch the Virtual Machine Threat Analysis Scan workflow.

    • In the Select the source VM and restore option dialog box, provide the following information:

      Field Description
      Client group for VM to be scanned Select the server group that contains the source VMs.
      Client group for access nodes Select the server group containing threat scan server.
      Destination hypervisor client Select the VMware hypervisor client for restore.
      Destination ESX host Enter the ESX host name or IP address for VM restore.
      destDataStore Enter the name of the datastore where the VM will be restored.
      Rescan all VMs in the group (Optional) Enable this option to scan all VMs, regardless of previous scan status.
      Which Copy to Use Select the storage copy to be used for the scan. By default, the Auxiliary copy is selected. This field is used when scheduling a restore-based threat analysis scan.

  3. Click OK to initiate the restore and scanning operation.

×

Loading...