Skip to main content
Alerts Overview
Updated over 6 months ago

Alerts indicate an exception situation or notify about a potential issue in your environment that needs attention. The notifications are displayed on the Alerts page. Alerts are sorted based on their date.

You must configure alerts so that Druva Cloud Administrators receive email notifications when an alert is generated.

About Alerts

The following table lists various Ransomware Recovery alerts and what they mean.

Alert Category

Alert Type

Indicates...

Unusual Data Activity

Unusual Data Activity

Unusual data activity on an endpoint or a server.

Severity: Critical

Action required: Go to Ransomware Recovery, and quarantine the resource (endpoint or server) mentioned in the alert.

Unusual Data Activity

Unusual Data Activity - Scan Failure - Only for VMware

Unusual data activity scan failed on VMware.

Severity: Warning

Action required: View the alert for the scan failure reason and take appropriate action to ensure smooth UDA scan for VMware resources.

You can also access this alert via Events API.

Security Insights

Data Access Alert - New Location

A Druva administrator or an inSync Client user has restored or downloaded data from Druva Cloud.

Severity: Critical

Action required: View the alert details to ensure that the data was not accessed from an undesired location. If you feel something is wrong, reset the password of the administrator or inSync Client user.


โ— Important

The alert is generated only if no data has been accessed from that IP address in the past 30 days.


Security Insights

Admin Login Event - New Location

A Druva administrator has logged into the console from a new IP address.

Severity: Warning

Action required: View the alert details to ensure that the login was not made from an undesired location. If you feel something is wrong, reset the password of the administrator.


โ— Important

The alert is generated only if no login activity has been observed from that IP address in the past 30 days.

Malicious Files Found

Malicious Files Found

Malicious files are found on an endpoint or a server.

Severity: Warning

Action required: Go to Ransomware Recovery, and quarantine the resource (endpoint or server) mentioned in the alert.

View alerts

To view the Ransomware Recovery alerts

  1. On the Security Events Console menu bar, click the bell icon to view the list of alerts.
    Newly generated alerts are highlighted to help you understand that you have not viewed those alerts.

  2. Select an alert and click View Details to see detailed information about that alert.

Alert Details

The following table provides details about the alerts:

Field

Description

Summary

Alert Type

Type of alert. For example: Data Access Alert - New Location

Alert Category

Category to which the alert belongs. For example: Unusual Data Activity, Security Insights, Malicious File Scan, and so on.

Severity

Severity of the alert- Critical, Warning.

Generated On

Date and time in UTC when the alert was generated.

Details

Resource Name

Name of the resource for which alert was generated.

For Endpoints - Devices

For NAS - Backup sets

For File Server - File Backupsets

Affected Snapshot

Details of the impacted snapshot

Anomaly Type

Type of anomaly detected for the affected snapshot. It can be either of the following:

  • Creation

  • Deletion

  • Modification

  • Encryption

New Files

Number of new files created in case of creation anomaly.

Deleted Files

Number of deleted files in case of deletion anomaly.

Updated Files

Number of updated files in case of modification anomaly.

Encrypted Files

Number of encrypted files in case of encryption anomaly.

Resource Parent Name

Parent to which the impacted resource is associated.

For Endpoints - Users

For NAS - NAS Devices

For File Server - Registered Server

Encryption Reason

Details of encryption- entropy or matching malicious file extension detected.

Did this answer your question?