Skip to main content
Solved

File Activity Anomaly Alert


Forum|alt.badge.img+13
  • Commvault Certified Expert
  • 93 replies

Hey all,

 

i have an question regarding File Activity Anomaly Alert. 

 

Did the software learn about anormal events ? 

 

In my case we have an exchange mail archive server and there are weekly tasks which exports and imports mails. 

 

Also we have an windows file archive server which archives files ( not with commvault ) 

 

So during the jobs we had million of file changes. 

 

Is there any option that commvault knows about. 

 

What do you think is the best case for this servers ?

 

And one more question :) 

 

Is there actuyll an better way to find out where the anormaly activy was found as descriped here: https://ma.commvault.com/Article/Details/49297 ?

Best answer by Mike Struening RETIRED

The only report is the one on the store:

https://cloud.commvault.com/webconsole/softwarestore/#!/135/665/12996

Otherwise, I would follow the KB‘s advice.

View original
Did this answer your question?

7 replies

Mike Struening
Vaulter
Forum|alt.badge.img+23

Hi @SSchmidt , thanks for the post!

On the backend, there’s an algorithm that determines what file appears anomalous, though it’s internal, nothing public.

  That KB article does a great job in explaining how to investigate the results.

Tagging in @DMCVault for awareness.


Forum|alt.badge.img+13
  • Author
  • Commvault Certified Expert
  • 93 replies
  • July 5, 2022

Hey Mike,

 

do you know if there is any report which show the pathes or is the way still the same like in the KB ? 

 

Because in a small envirmoment i get 4 - 9 mails per day with this alert when i hafe to do this research for each alert happy birthday :) 


Mike Struening
Vaulter
Forum|alt.badge.img+23

The only report is the one on the store:

https://cloud.commvault.com/webconsole/softwarestore/#!/135/665/12996

Otherwise, I would follow the KB‘s advice.


Forum|alt.badge.img+13
  • Author
  • Commvault Certified Expert
  • 93 replies
  • October 17, 2022

Hi,

 

is there any possibilty to exclude an path from the File Activity Anomaly Alert ?


Mike Struening
Vaulter
Forum|alt.badge.img+23

Yes you can!

As per the main doc:

 

Note: You can use the sAnomalyFilters additional setting to skip a path from anomaly monitoring. However, note that this additional setting does not recognize paths that include special characters (for example, the character "é"). If a special character is present in a path, you cannot use the sAnomalyFilters additional setting to skip it from anomaly monitoring.


Forum|alt.badge.img+3

Hi,

sAnomalyFilters add. settings I want to filter the following path using. However, since the SAP_RSPO_CF_LDDA33.clf part is constantly changing, Add. I wrote D:\usr\sap\BWP\D00\work\ in the value part of the Settings setting, but it didn't do any filtering. Could I be doing something wrong?

D:\usr\sap\BWP\D00\work\SAP_RSPO_CF_LDDA33.clf

 

Regards.


Mike Struening
Vaulter
Forum|alt.badge.img+23

Drop the last \.  Sometimes the filters/content definitions are REALLLLLY sensitive.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings