Analyze a point-in-time (PIT) copy by using the
CyberSense feature in the
Cyber Recovery vault.
Prerequisites
A policy must create the PIT copy to analyze.
NOTE The
CyberSense feature is only supported as a component of the
Cyber Recovery solution in the
Cyber Recovery vault; it is not supported on the production system.
About this task
A
CyberSense feature license is based on TB capacity. If you:
Exceed the licensed capacity, the analysis is completed and the
Cyber Recovery software provides an alert. Until you update the licensed capacity, you receive the alert every time you run an Analyze operation. There is a 90-day grace period for you to increase the licensed capacity.
Do not increase the licensed capacity after 90 days, the Analyze operation status is
Partial Success and the
Cyber Recovery software indicates that security analytics were not generated because the license is invalid.
Let the license expire, the Analyze operation fails. The
Cyber Recovery software indicates that there is a missing or invalid license.
Steps
Select
Policies from the
Main Menu.
On the
Policies content pane, click
Copies to display the list of existing copies.
You cannot run an analysis concurrently on a copy of the same policy. Otherwise, the
Cyber Recovery software displays an informational message and does not create a job. When the initial job is completed, run the analysis on the copy. You can run concurrent analyses on copies of different policies.
Select the copy to analyze, and click
Analyze.
If you do not have a valid license for the
CyberSense feature, the
Analyze button is disabled.
From the
Application Host list box, select the application nickname for the
CyberSense feature.
Use the slider next to
Advance Options to enable you to set more options.
Optionally, select a content format from the drop-down menu.
Choose from
Filesystem,
Databases, or
Backup. This option is for informational purposes only.
Optionally, select the network storage interface through which the CyberSense feature connects to storage.
Optionally, enter text files and directories on which you want the Analyze action to run.
Either:
Type the file and directory names, each on a separate line.
Click
Choose File to select the files and directories that are on the host on which the
Cyber Recovery UI is running. Files must be text (.txt) files. This option overwrites the content in the text box with the content in the file.
Optionally, enter text files and directories that you want the Analyze action to ignore.
Either:
Type the file and directory names, each on a separate line.
Click
Choose File to select the files and directories that are on the host on which the
Cyber Recovery UI is running. Files must be text (.txt) files. This option overwrites the content in the text box with the content in the file.
Click
Apply.
The policy starts a job that you can view on the
Jobs page. If the analysis indicates possible malware or other anomalies, the
Cyber Recovery software generates an alert and the job status is listed as
Critical. Otherwise, the job status is listed as
Success.
On the
Copies page, the
Last Analysis column of the copy being analyzed shows
Analysis in Progress.
Optionally, cancel a running analysis, otherwise go to the next step:
Select
Jobs from the
Main Menu.
Select the running Analyze job.
Click
Cancel Job.
The
Cyber Recovery software generates an alert for the cancel request. When the job is canceled, you can immediately start another Analyze job.
When the analysis is complete, return to the list of copies under
Policies > Copies
and click in the copy's row.
The
Last Analysis column shows the results as
Suspicious,
Good, or
Partial.
If you canceled an analysis job that is in progress or the analysis skips any files, the
Last Analysis column shows the result as
Partial and the job status is
Canceled. An email message and the logs indicate that the analysis job was partially successful.
If the analysis detects an anomaly, the
Last Analysis column shows the result as
Suspicious and the job status is
Critical. An alert notifies you about the anomalies. Acknowledge the alert, otherwise the report for the next analysis includes the anomaly along with any new anomalies.
If an Analyze job fails, the
Cyber Recovery software generates an alert.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\