Hello all,
I would like add some antiransomware practices to my Commcell.
I’ve read
and
https://documentation.commvault.com/commvault/v11_sp20/article?p=7879_1.htm
My first need is to monitor a specific client computer group: honeypot and file activity anomalies alerts.
For now i’ve set a file activity alert, though comcell console:
- Went in home / alert
- For keeping original one untouched, as reference, i’ve added a new one, with same parameters: category operation / type event viewer events, selected the wanted client computer group, alert criteria on event code equals to “7:211|7:212|7:293”, mail notification, no token criteria, selected user to notify, and finish
From documentation:
File activities on the client computer are checked every 5 minutes and any abnormal activity is reported to the administrator by an alert and event. For the first 7 days, the client computer is monitored and analyzed for day to day activity. After 7 days, a base line of file activities is established and alerts and events are sent to the administrator when a large number of abnormal file activities are detected.
Up to 30 days of file activities are maintained in a database (Folderwatcher.db) on the client computer for use by the monitoring algorithm.
===
At this point i don’t know what is checked, especially the honeypot feature, as i don’t have explicit configuration for this?
Has someone xp on that?
Thanks in advance community!
Regards.