Hi
Ransomware protection on Hyperscale:
Any improvements on the monitoring part , so False positives are avoided. ?
Alerts monitoring detect intrusion test, but all sorts of sosreport , dbusd and smartd events are triggered in the audit.log on the Hyperscale MA’s and makes monitoring setup full of false positives.
.
I have been guided by commvault to avoid the dbusd entries with this REGEX to enter in the monitoring setup:
denied.*cvstorage_t(?!.*\bdbus\b.*)|denied.*cvbackup_t(?!.*\bdbus\b.*)
.
But I still struggle to REGEX the sosreport entries out , any suggestions ?
.
Regards, Martin Rønde Andersen , using https://regex101.com/ as companion.