English

Alerts

Contributors netapp-alavoie Download PDF of this page

The Cloud Secure Alerts page shows a timeline of recent attacks and/or warnings and allows you to view details for each issue.

Alerts list

Alert

The Alert list displays a graph showing the total number of Potential Attacks and/or Warnings that have been raised in the selected time range, followed by a list of the attacks and/or warnings that occurred in that time range. You can change the time range by adjusting the start time and end time sliders in the graph.

The following is displayed for each alert:

Potential Attacks:

  • The Potential Attack type (for example, Ransomware)

  • The date and time the potential attack was Detected

  • The Status of the alert:

    • New (this is the default for new alerts)

    • In Progress

    • Resolved

    • Dismissed

      An administrator can change the status of the alert and add a note to assist with investigation.

      Change Alert Status

  • The User whose behavior triggered the alert

  • Evidence of the attack (for example, a large number of files was encrypted)

  • The Action Taken (for example, a snapshot was taken)

Warnings:

  • The Abnormal Behavior that triggered the warning

  • The date and time the behavior was Detected

  • The Status of the alert:

    • New (this is the default for new alerts)

    • In Progress

    • Resolved

    • Dismissed

      An administrator can change the status of the alert and add a note to assist with investigation.

  • The User whose behavior triggered the alert

  • A description of the Change (for example, an abnormal increase in file access)

  • The Action Taken

Filter Options

You can filter Alerts by the following:

  • The Status of the alert

  • Specific text in the Note

  • The type of Attacks/Warnings

  • The User whose actions triggered the alert/warning

The Alert Details page

You can click an alert link on the Alerts list page to open a detail page for the alert. Alert details may vary according to the type of attack or alert. For example, a Ransomware Attack detail page may show the following information:

Summary section:

  • Attack type (in this example, Ransomware) and Alert ID (assigned by Cloud Secure)

  • Date and Time the attack was detected

  • Action Taken (for example, an automatic snapshot was taken. Time of snapshot is shown immediately below the summary section))

  • Status (New, In Progress, etc.)

Attack Results section:

  • Counts of Affected Volumes and Files

  • An accompanying summary of the detection

  • A graph showing file activity during the attack

This section shows details about the user involved in the potential attack, including a graph of Top Activity for the user.

Alerts page showing potential ransomware attack:
Ransomware Alert Example

Detail page for potential ransomware attack:
Ransomware Detail Page Example

Take a Snapshot Action

Cloud Secure protects your data by automatically taking a snapshot when malicious activity is detected, ensuring that your data is safely backed up.

You can define automated response policies that take a snapshot when ransomware attack or other abnormal user activity is detected.
You can also take a snapshot manually from the alert page.

Automatic Snapshot taken:
Alert Action Screen

Manual Snapshot:
Alert Action Screen

Alert Notifications

Email notifications of alerts are sent to an alert recipient list for every action on the alert. To configure alert recipients, click on Admin > Notifications and enter an email addresses for each recipient.