Analyze a point-in-time (PIT) copy by using the
CyberSense in the
Cyber Recovery vault.
Prerequisites
A policy must create the PIT copy to analyze.
NOTE: The
CyberSense is only supported as a component of the
Cyber Recovery solution in the
Cyber Recovery vault; it is not supported on the production system.
About this task
A
CyberSense license is based on TB capacity. If you:
Exceed the licensed capacity, the analysis is completed and the
Cyber Recovery software provides an alert. Until you update the licensed capacity, you receive the alert every time you run an Analyze operation. There is a 90-day grace period for you to increase the licensed capacity.
Do not increase the licensed capacity after 90 days, the Analyze operation status is
Partial Success and the
Cyber Recovery software indicates that security analytics were not generated because the license is invalid.
Let the license expire, the Analyze operation fails. The
Cyber Recovery software indicates that there is a missing or invalid license.
Steps
Select
Policies from the
Main Menu.
On the
Policies content pane, click
Copies to display the list of existing copies.
You cannot run an analysis concurrently on a copy of the same policy. Otherwise, the
Cyber Recovery software displays an informational message and does not create a job. When the initial job is completed, run the analysis on the copy. You can run concurrent analyses on copies of different policies.
Select the copy to analyze, and click
Analyze.
If the CyberSense host has not been added to the
Cyber Recovery vault, the
Analyze button is disabled. If you do not have a valid CyberSense license, the
Analyze button is enabled, but the job fails.
From the
Application Host list box, select the application nickname for the
CyberSense.
Use the slider next to
Advanced Options to set more options.
Optionally, select a content format from the drop-down menu.
Choose from:
Filesystem—For backups performed without backup software and by using NFS, CIFS, BoostFS, and so on
Databases—For database client-direct backups to the
DD system using DD Boost for Enterprise Applications, DD Boost for Microsoft Applications, and so on
Backup—For backups performed by using backup applications such as
PowerProtect Data Manager and so on.
This information is included as part of the CyberSense report for informational purposes.
Optionally, if the CyberSense host is a CyberSense version earlier than 8.2, select the network storage interface through which the CyberSense feature connects to storage.
If the CyberSense host is running version 8.2 or later, this option is not displayed.
Optionally, enter text files and directories on which you want the Analyze action to run.
Either:
Type the file and directory names, each on a separate line.
Click
Choose File to select the files and directories that are on the host on which the
Cyber Recovery UI is running. Files must be text (.txt) files. This option overwrites the content in the text box with the content in the file.
Optionally, enter text files and directories that you want the Analyze action to ignore.
Either:
Type the file and directory names, each on a separate line.
Click
Choose File to select the files and directories that are on the host on which the
Cyber Recovery UI is running. Files must be text (.txt) files. This option overwrites the content in the text box with the content in the file.
Click
Apply.
An informational message indicates that an analyze job is started and the
Last Analysis column shows
Analysis in Progress. To view the job's progress, click the link in the informational message or click
Jobs > Protection Jobs > Running from the
Main Menu.
If the analysis indicates possible malware or other anomalies, the
Cyber Recovery software generates an alert, the job status is displayed as
Complete w/Exceptions, and the last analysis status for the copy is displayed as
Suspicious. Otherwise, the job status is displayed as
Successful.
NOTE: If you started an Analyze action on a copy, and then start a Secure Copy Analyze action on the copy, the Sync, Copy, and Lock actions complete successfully. However, if the original Analyze action has not completed, the Analyze step of the Secure Copy Analyze action fails. Wait until the original Analyze action has completed and then run the Analyze action on the new copy manually or just let the next job run.
Optionally, cancel a running analysis, otherwise go to the next step:
Click
Jobs > Protection Jobs from the
Main Menu.
Click the
Running tab.
Click the radio button for the running Analyze job, click
Cancel, and confirm the request.
An informational message indicates that the job will be canceled and the job status shows as
Canceling. The
Status pane on the dashboard status also shows the job status and progress percentage. The
Cyber Recovery software generates an event for the cancel request.
When the job is canceled, you can immediately start another Analyze job.
The
Cyber Recovery software generates an event for the cancel request. When the job is canceled, you can immediately start another Analyze job.
NOTE: The job stops after approximately 10 minutes, however, it might take longer.
When the analysis is complete, return to the list of copies under
Policies > Copies
to view the copy details.
The
Last Analysis column shows the results as
Suspicious,
Good, or
Partial. The
Details pane for the copy includes an Analysis Details section. If you run an Analyze operation using CyberSense version 8.0 or later, and the result is
Suspicious, the
Details pane provides a link to the analyze dashboard on the CyberSense host.
If you canceled an analysis job that is in progress or the analysis skips any files, the
Last Analysis column shows the result as
Partial and the job status is
Canceled. An email message and the logs indicate that the analysis job was partially successful.
If the analysis detects an anomaly, the
Last Analysis column shows the result as
Suspicious and the job status is
Failed. An alert notifies you about the anomalies. Acknowledge the alert, otherwise the report for the next analysis includes the anomaly along with any new anomalies.
If an Analyze job fails, the
Cyber Recovery software generates an alert.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\