Skip to main content
All CollectionsCyber ResilienceRansomware Recovery
Quarantine Bay
Quarantine Bay
Updated over 4 months ago

Overview

The risk of a cybersecurity failure is no longer limited to the reputation of a company, or something to be borne by its customers, but is an existential risk to the company itself. Ransomware extorts the business with the one universal thing all businesses value – their own data. Needless to say, you need to be well prepared for this danger.

In case of an infection, to quarantine is to isolate the infected parts in order to contain the infection and not allow it to spread. To this effect, Ransomware Recovery enables you to quarantine infected snapshots on the impacted resources, which helps safeguard your system from further infection by barring users or administrators from downloading or restoring data to other resources.

Know your Quarantine Bay Dashboard

Overview

This page displays the information about the quarantined resources: Endpoints, Microsoft 365 (OneDrive and SharePoint), Google Workspace (Google Drive and Shared Drive), File Backupsets (File Servers and NAS Share), and Virtual Machines (VMware).

Access path

Click the Global Navigation Panel and select Cyber Resilience > Ransomware Recovery > Quarantine Bay. The Quarantine Bay page is displayed.

Q_bay_listing_March21.png

The following table lists the details on the Quarantine Bay dashboard page.

Field

Description

Last Updated

The date and time when the details of the page were last updated.

Quarantined Resources: A summary of total quarantined resources and the count of resource types for each workload (Endpoints. Microsoft 365, and so on)

πŸ“ Note
​ Total quarantined resources count displayed here may not match the count of quarantined resources displayed besides quarantine ranges.

A summary of total quarantined resources and the count of resource types for each workload (Endpoints. Microsoft 365, and so on).

Total Resources

The total number of all quarantined resources: Endpoints, Microsoft 365, Google Workspace, File Backupsets, Virtual Machines.

πŸ“ Note:

  • For Microsoft 365: Only OneDrive and SharePoint resources are supported.

  • For Google Workspace: Only Google Drive and Shared Drive are supported.

Endpoints

The total number of quarantined Endpoints devices. Click on the count to view the details of each.

File Backup Sets (Servers - File Server/NAS devices)

The total number of quarantined servers (File Server/NAS devices). Click on the count to view the details of each.

Virtual Machines

The total number of quarantined virtual machines (VMware). Click on the count to view the details of each.

Microsoft 365 (OneDrive and SharePoint)

The total number of quarantined Microsoft 365 resources. Click on the count to view the details of each.

Google Workspace (Google Drive and Shared Drive)

The total number of quarantined Microsoft 365 resources. Click on the count to view the details of each.

Resource Name

The name of the resource. Click on the resource name to view its details. For more information, see Resource Details.

Resource Type

The type of the data sources:

  • User's Data Sources - Endpoints, OneDrive, and Google Drive

  • SaaS Org Apps - Shared Drive and Sharepoint Site

  • Files - File Server, NAS, and

  • Virtual Machines - VMware

Quarantine Ranges

The defined time range for a resource to remain in a quarantine state.

If there are more than one, all the quarantine ranges are displayed.

πŸ“ Note
​ If the end date is not defined, only the details of the Start time (Onwards) are displayed.

Action

Button

Description

Manage Range

Allows you to add, update and delete the quarantine range (Start and End Time) for your resources. You can add, update, and delete multiple quarantine ranges as needed.

Create Curated Snapshot

Allows you to create Curated Snapshot for a resource.

❗ Important:

Currently, Curated Snapshot is supported only for Endpoints, Servers (File Server and NAS devices), Microsoft 365 (OneDrive and SharePoint).

Remove from Quarantine Bay

Allows you to remove all the specified or defined quarantine ranges for that resource from the quarantine state.

Add Resources

Allows you to find and add resources to the quarantine state. You can use any one of the following ways:

  • Find Resources: Search and add resources based on Resource Type.

  • Import CSV: Quarantine resources in bulk using CSV.

Filters for Quarantine Range tab

Qbay_filters.png

Use the filter to narrow down the search and listing of quarantined resources: Endpoints, Microsoft 365, Google Workspace, File Backupsets, and Virtual Machines.

Field

Description

Impacted Date Range

The start and end date when the resource got impacted by the Ransomware attack.

Resource Type

The type of data source - Microsoft 365 (OneDrive and SharePoint), Google Workspace (Google Drive and Shared Drive), File Backupsets (File Servers and NAS Share), and Virtual Machines (VMware)

Action

Button

Description

Apply

Applies the filter and displays results based on filters applied.

Reset

To cancel the filters applied.

You also have an option to search using Resource Name.

Resource Details

Click on the resource name to view its details.

Details tab

The following table provides information on the Resource Name Details page.

Field

Description

Summary section

Resource Name

Name of the resource.

Resource Type

Type of the resource. Endpoint. File Server, and so on.

  • User Name (Only for Endpoints)

  • Resource Platform (Only for Endpoints)

  • Profile details for OneDrive

  • Account URL for Shared Drive

  • Workload Name (For File Server and NAS)

  • Organization (For File Server and NAS)

  • Site Type and Site URL for SharePoint

The fields listed in the left column appear based on the selection of Resource Type.

Added to Quarantine Bay

The date and time the resource was first added to the quarantine state.

Last Updated on

The date and time when the quarantine resource was last modified for the selected resource.

Quarantine Ranges

Displays all the quarantine ranges created for the selected resource.

Data Activity Trend section

Details of the Unusual Data Activity for the selected resource for the defined quarantine range. For more information, see Unusual Data Activity.

Threat Hunt details

Threat Hunt details for VMware resources if Threat Hunting is enabled for the resources.

Snapshots tab

The following table provides information on the Snapshots page.

Field

Description

Snapshots

Name of the snapshot.

Snapshot Size

Size of the snapshot.

Unusual Data Activity Status (Wherever supported and applicable)

Unusual Data Activity trend for the selected quarantined ranges.

Quarantine Type

Manual or auto

πŸ“ Note
​ Auto quarantine type is displayed only for VMware resources when quarantine is enabled from Threat Hunt UI.

Action on Snapshots tab

Button

Description

Delete Snapshot

To delete a snapshot.

Download Logs

To download logs in CSV format for further investigation.

Filters for Snapshots tab

Use the filter to narrow down the search and listing of impacted snapshots for specific date range and Unusual Data Activity statuses.

Field

Description

Snapshots between Date Range

The start and end date when the snapshot was impacted by the ransomware attack.

Quarantine Type

Select the Auto option checkbox to filter and view auto-quarantined snapshots via Threat Hunt.

Select the Manual option checkbox to filter and view manually quarantined snapshots.

Unusual Data Activity Status

Select the checkbox to view the snapshots for which unusual data activity was identified.

πŸ“ Note: This filter option is not displayed for Google Workspace resources.

Action

Button

Description

Apply

Applies the filter and displays results based on filters applied.

Reset

To cancel the filters applied.

Next steps

Related Articles
Overview page for Ransomware Recovery
Curated Snapshots
Quarantine for Servers
Support matrix and prerequisites for Rollback Actions
Unusual Data Activity
Did this answer your question?