Skip to main content



How can we help you?


Druva Documentation

Unusual Data Activity Alerts Report

The Unusual Data Activity report is available with the Unusual Data Activity feature which requires the Security Posture and Observability license.

What information does this report provide

The Unusual Data Activity Alerts report provides a consolidated view of all the Unusual Data Activity alerts generated within a specified period for snapshots of different resource types configured for backup in your environment.

This report is available for the following resource types

  • Endpoints
  • NAS
  • File Server
  • VMware
  • OneDrive
  • SharePoint

How does the report help

With this report, you can proactively identify data anomalies for creation, modification, encryption, and deletion actions for each resource type. With this information available well in time, you can get a consolidated view of the UDA alerts generated within a specific period for each resource type and take corrective actions.

You can leverage this report to: 

  • Get a view of total, active, and resolved alerts for creation, modification, encryption, and deletion actions for each resource type
  • Get a detailed view of the resource name and the impacted snapshot for which the alerts are generated

To access the report

You need to be a Druva Cloud Administrator. 

Go to Druva Cloud Platform Console Global Navigation > Reports > Cyber Resilience > Unusual Data Activity Alerts Report.

Using the report

Note: By default, the period selection for the report is last 30 days from the current date. For example, if today is March 31, 2024, the report displays data from March 1 upto March 30, 2024.

The data in the reports is synced periodically. The report shows the Data last updated details.

The Unusual Data Activity Alerts report comprises the following section: 

Filters to get a report with more granular data

Filters Description
Resource Type Select the resource type whose UDA alerts you want to view. 
Alert Type Select the type of alert you want to view - Creation, Modification, Deletion, and Encryption.

Summary view

Field Description
Total Alerts Total number of UDA alerts (active and resolved) for the selected filter.
Active Alerts Total number of active alerts for the selected filter.
Resolved Alerts Total number of alerts resolved for the selected filter.
Alert Status Distribution View of number of alerts based on the status for the selected filter.

Alert details

The details are displayed based on the selection of resource type in the filter.

Field Description
Resource Name

Name of the resource for which the alert is generated.

Device details for Endpoints

Backupset details for File Server and NAS

User Name (For Endpoints and OneDrive only) Name of the user
Snapshot Affected Details of the impacted snapshot
Alert Type Type of alert - Creation, Modification, Deletion, and Encryption.

Related actions

To leverage the report, you can perform the following actions:

Action Description
Subscribe to report

You can schedule and subscribe to receive reports over email as a CSV file or a PDF. A subscription can be created for other members of the organizations too.

NoteBy default, the timestamp of the data fetched in the report follow the UTC time zone.

Email the report You can email the report in CSV or PDF format on demand to other recipients. 
Download widget data  You can download the widget data in CSV or PDF format.
Add Filters to get a report with more granular data Global filter: You can create a global filter, page filter, or panel filter to fetch details based on your requirements.

Related topics

Unusual Data Activity

  • Was this article helpful?