Skip to main content

How can we help you?

Druva Documentation

Alerts Overview

Alerts indicate an exception situation or notify about a potential issue in your environment that needs attention. The notifications are displayed on the Alerts page. Alerts are sorted based on their date. 

You must configure alerts so that Druva Cloud Administrators receive email notifications when an alert is generated. 

About Alerts

The following table lists various Ransomware Recovery alerts and what they mean.

Alert Category Alert type Indicates...

Unusual Data Activity

Unusual Data Activity

Unusual data activity on an endpoint or a server.

Severity: Critical

Action required: Go to Ransomware Recovery, and quarantine the resource (endpoint or server) mentioned in the alert. 

Unusual Data Activity Unusual Data Activity - Scan Failure - Only for VMware

Unusual data activity scan failed on VMware.

Severity: Warning

Action required: View the alert for the scan failure reason and take appropriate action to ensure smooth UDA scan for VMware resources.

You can also access this alert via Events API.

Security Insights

Data Access Alert - New Location

A Druva administrator or an inSync Client user has restored or downloaded data from Druva Cloud.

Severity: Critical

Action required: View the alert details to ensure that the data was not accessed from an undesired location. If you feel something is wrong, reset the password of the administrator or inSync Client user.

 The alert is generated only if no data has been accessed from that IP address in the past 30 days.

Admin Login Event - New Location

A Druva administrator has logged into the console from a new IP address.

Severity: Warning

Action required: View the alert details to ensure that the login was not made from an undesired location. If you feel something is wrong, reset the password of the administrator.

 The alert is generated only if no login activity has been observed from that IP address in the past 30 days.

Malicious Files Found Malicious Files Found

Malicious files are found on an endpoint or a server.

Severity: Warning

Action required: Go to Ransomware Recovery, and quarantine the resource (endpoint or server) mentioned in the alert. 

View alerts

To view the Ransomware Recovery alerts

  1. On the  Security Events Console menu bar, click the clipboard_e7d749e327a28903bc2eb18201a7ff692.png icon to view the list of alerts.
    Newly generated alerts are highlighted to help you understand that you have not viewed those alerts. 
  2. Select an alert and click View Details to see detailed information about that alert.