Skip to main content
commvault.com commvault.com
Solved

File Activity Anomaly Alert

S
Commvault Certified Expert
Forum|alt.badge.img+13
  • SSchmidtCommvault Certified Expert
  • Commvault Certified Expert
  • 93 replies

Hey all,

 

i have an question regarding File Activity Anomaly Alert. 

 

Did the software learn about anormal events ? 

 

In my case we have an exchange mail archive server and there are weekly tasks which exports and imports mails. 

 

Also we have an windows file archive server which archives files ( not with commvault ) 

 

So during the jobs we had million of file changes. 

 

Is there any option that commvault knows about. 

 

What do you think is the best case for this servers ?

 

And one more question :) 

 

Is there actuyll an better way to find out where the anormaly activy was found as descriped here: https://ma.commvault.com/Article/Details/49297 ?

Best answer by Mike Struening RETIRED

The only report is the one on the store:

https://cloud.commvault.com/webconsole/softwarestore/#!/135/665/12996

Otherwise, I would follow the KB‘s advice.

View original
Did this answer your question?

7 replies

Mike Struening
Vaulter
Forum|alt.badge.img+23

Hi @SSchmidt , thanks for the post!

On the backend, there’s an algorithm that determines what file appears anomalous, though it’s internal, nothing public.

  That KB article does a great job in explaining how to investigate the results.

Tagging in @DMCVault for awareness.

https://www.linkedin.com/in/michael-struening
S
Commvault Certified Expert
Forum|alt.badge.img+13
  • SSchmidtCommvault Certified Expert
  • Author
  • Commvault Certified Expert
  • 93 replies
  • July 5, 2022

Hey Mike,

 

do you know if there is any report which show the pathes or is the way still the same like in the KB ? 

 

Because in a small envirmoment i get 4 - 9 mails per day with this alert when i hafe to do this research for each alert happy birthday :) 

Mike Struening
Vaulter
Forum|alt.badge.img+23

The only report is the one on the store:

https://cloud.commvault.com/webconsole/softwarestore/#!/135/665/12996

Otherwise, I would follow the KB‘s advice.

https://www.linkedin.com/in/michael-struening
S
Commvault Certified Expert
Forum|alt.badge.img+13
  • SSchmidtCommvault Certified Expert
  • Author
  • Commvault Certified Expert
  • 93 replies
  • October 17, 2022

Hi,

 

is there any possibilty to exclude an path from the File Activity Anomaly Alert ?

Mike Struening
Vaulter
Forum|alt.badge.img+23

Yes you can!

As per the main doc:

 

Note: You can use the sAnomalyFilters additional setting to skip a path from anomaly monitoring. However, note that this additional setting does not recognize paths that include special characters (for example, the character "é"). If a special character is present in a path, you cannot use the sAnomalyFilters additional setting to skip it from anomaly monitoring.

https://www.linkedin.com/in/michael-struening
H
Bit
Forum|alt.badge.img+3

Hi,

sAnomalyFilters add. settings I want to filter the following path using. However, since the SAP_RSPO_CF_LDDA33.clf part is constantly changing, Add. I wrote D:\usr\sap\BWP\D00\work\ in the value part of the Settings setting, but it didn't do any filtering. Could I be doing something wrong?

D:\usr\sap\BWP\D00\work\SAP_RSPO_CF_LDDA33.clf

 

Regards.

Hamza
Mike Struening
Vaulter
Forum|alt.badge.img+23

Drop the last \.  Sometimes the filters/content definitions are REALLLLLY sensitive.

https://www.linkedin.com/in/michael-struening

Reply


Most helpful members this week

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings