commvault.com commvault.com
Solved

File Activity Anomaly Alert

S
Rank
Userlevel 2
Badge +12

Hey all,

 

i have an question regarding File Activity Anomaly Alert. 

 

Did the software learn about anormal events ? 

 

In my case we have an exchange mail archive server and there are weekly tasks which exports and imports mails. 

 

Also we have an windows file archive server which archives files ( not with commvault ) 

 

So during the jobs we had million of file changes. 

 

Is there any option that commvault knows about. 

 

What do you think is the best case for this servers ?

 

And one more question :) 

 

Is there actuyll an better way to find out where the anormaly activy was found as descriped here: https://ma.commvault.com/Article/Details/49297 ?

icon

Best answer by Mike Struening RETIRED 5 July 2022, 17:29

View original

7 replies

Mike Struening RETIRED
Rank
Userlevel 7
Badge +23

Hi @SSchmidt , thanks for the post!

On the backend, there’s an algorithm that determines what file appears anomalous, though it’s internal, nothing public.

  That KB article does a great job in explaining how to investigate the results.

Tagging in @DMCVault for awareness.

https://www.linkedin.com/in/michael-struening
S
Rank
Userlevel 2
Badge +12

Hey Mike,

 

do you know if there is any report which show the pathes or is the way still the same like in the KB ? 

 

Because in a small envirmoment i get 4 - 9 mails per day with this alert when i hafe to do this research for each alert happy birthday :) 

Mike Struening RETIRED
Rank
Userlevel 7
Badge +23

The only report is the one on the store:

https://cloud.commvault.com/webconsole/softwarestore/#!/135/665/12996

Otherwise, I would follow the KB‘s advice.

https://www.linkedin.com/in/michael-struening
S
Rank
Userlevel 2
Badge +12

Hi,

 

is there any possibilty to exclude an path from the File Activity Anomaly Alert ?

Mike Struening RETIRED
Rank
Userlevel 7
Badge +23

Yes you can!

As per the main doc:

 

Note: You can use the sAnomalyFilters additional setting to skip a path from anomaly monitoring. However, note that this additional setting does not recognize paths that include special characters (for example, the character "é"). If a special character is present in a path, you cannot use the sAnomalyFilters additional setting to skip it from anomaly monitoring.

https://www.linkedin.com/in/michael-struening
H
Rank
Badge +3

Hi,

sAnomalyFilters add. settings I want to filter the following path using. However, since the SAP_RSPO_CF_LDDA33.clf part is constantly changing, Add. I wrote D:\usr\sap\BWP\D00\work\ in the value part of the Settings setting, but it didn't do any filtering. Could I be doing something wrong?

D:\usr\sap\BWP\D00\work\SAP_RSPO_CF_LDDA33.clf

 

Regards.

Hamza
Mike Struening RETIRED
Rank
Userlevel 7
Badge +23

Drop the last \.  Sometimes the filters/content definitions are REALLLLLY sensitive.

https://www.linkedin.com/in/michael-struening

Reply


Terms & ConditionsCookie settings