Solved

File Activity Anomaly Alert

Forum|Forum|3 years ago
August 23, 2022
10 replies
405 views

barbaros
Novice

Hİ,

Our security team want to follow file activity anomaly alert on Commvault side.We configured SNMPV3,and they are watching on Arcsight. And they want to configure this in the real time on test server.How can we configure on test server ?

Is there anybody can advise?

Regards

Best answer by Scott Moseman

@Scott Moseman , @Onno van den Berg How can I create scripts to generate this? ıf ı managed to create this will be alert still coming?

These are scripts which I have used in labs to create a large amount of files to trigger the anomaly alert. You will only get the alert once if the anomaly happens once. It will exist in the Unusual File Anomaly dashboard where you can review the details and clear the alert.

Linux Clients

$ cat create.sh
#!/usr/bin/bash
for i in {000000..100000}
do
echo QWERTY > "file${i}.txt"
done

Windows Clients

> type create.bat
@ECHO ON
for /L %%i in (1,1,100000) do fsutil file createnew file%%i.tmp 4096

Thanks,
Scott

+22

Onno van den Berg
Community All Star
Forum|Forum|3 years ago
August 23, 2022

You will have to configure it via the Commcell console. There is a default alert named "File Activity Anomaly Alert”". You can copy it or alter the existing one and configure SNMP.

barbaros
Author
Novice
Forum|Forum|3 years ago
August 24, 2022

Hi Onno,

Thanks for your reply. Actually, I want to ask how can I alert from the client. I created text document on the Media Server. Then I deleted. The mail didn't come us.

Regards,

+22

Mike Struening
Vaulter
Forum|Forum|3 years ago
August 24, 2022

@barbaros , the conditions of what the anomaly alert triggers from is internal information, though I’ll add @DMCVault to see if he has a test you can use.

https://www.linkedin.com/in/michael-struening

+22

Onno van den Berg
Community All Star
Forum|Forum|3 years ago
August 24, 2022

So basically you are looking for a tool that can simulate a pattern which triggers the file activity anomaly alert?

+22

Scott Moseman
Vaulter
Forum|Forum|3 years ago
August 24, 2022

So basically you are looking for a tool that can simulate a pattern which triggers the file activity anomaly alert?

Scripts to generate a large number of files are easy to create, if the above statement is true and you’re trying to create a File Anomaly alert manually to test the process?

Thanks,
Scott

Commvault Enterprise Success

+22

Onno van den Berg
Community All Star
Forum|Forum|3 years ago
August 25, 2022

@Scott Moseman sure this is fairly easy to created but I'm not sure if this will trigger the alert, but you can always give it a shot.

barbaros
Author
Novice
Forum|Forum|3 years ago
August 25, 2022

Hi,

@Scott Moseman , @Onno van den Berg How can I create scripts to generate this? ıf ı managed to create this will be alert still coming?

Regards,

+22

Scott Moseman
Vaulter
Answer
Forum|Forum|3 years ago
August 25, 2022

@Scott Moseman , @Onno van den Berg How can I create scripts to generate this? ıf ı managed to create this will be alert still coming?

Commvault Enterprise Success

barbaros
Author
Novice
Forum|Forum|3 years ago
August 26, 2022

Thanks everyone.

Surendra Nadh Arla
Vaulter
Forum|Forum|2 years ago
January 19, 2023

Is there a way that we can send in individual alerts of a clients those have morethan 2000 files modified or created or deleted or renamed?

Arla

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded