Unusual Data Activity Alerts Report
The Unusual Data Activity report is available with the Unusual Data Activity feature which requires the Security Posture and Observability license.
What information does this report provide
The Unusual Data Activity Alerts report provides a consolidated view of all the Unusual Data Activity alerts generated within a specified period for snapshots of different resource types configured for backup in your environment.
This report is available for the following resource types
- Endpoints
- NAS
- File Server
- VMware
- OneDrive
- SharePoint
How does the report help
With this report, you can proactively identify data anomalies for creation, modification, encryption, and deletion actions for each resource type. With this information available well in time, you can get a consolidated view of the UDA alerts generated within a specific period for each resource type and take corrective actions.
You can leverage this report to:
- Get a view of total, active, and resolved alerts for creation, modification, encryption, and deletion actions for each resource type
- Get a detailed view of the resource name and the impacted snapshot for which the alerts are generated
To access the report
You need to be a Druva Cloud Administrator.
Go to Druva Cloud Platform Console Global Navigation > Reports > Cyber Resilience > Unusual Data Activity Alerts Report.
Using the report
Note: By default, the period selection for the report is last 30 days from the current date. For example, if today is March 31, 2024, the report displays data from March 1 upto March 30, 2024.
The data in the reports is synced periodically. The report shows the Data last updated details.
The Unusual Data Activity Alerts report comprises the following section:
Filters to get a report with more granular data
| Filters | Description |
|---|---|
| Resource Type | Select the resource type whose UDA alerts you want to view. |
| Alert Type | Select the type of alert you want to view - Creation, Modification, Deletion, and Encryption. |
Summary view
| Field | Description |
|---|---|
| Total Alerts | Total number of UDA alerts (active and resolved) for the selected filter. |
| Active Alerts | Total number of active alerts for the selected filter. |
| Resolved Alerts | Total number of alerts resolved for the selected filter. |
| Alert Status Distribution | View of number of alerts based on the status for the selected filter. |
Alert details
The details are displayed based on the selection of resource type in the filter.
| Field | Description |
|---|---|
| Resource Name |
Name of the resource for which the alert is generated. Device details for Endpoints Backupset details for File Server and NAS |
| User Name (For Endpoints and OneDrive only) | Name of the user |
| Snapshot Affected | Details of the impacted snapshot |
| Alert Type | Type of alert - Creation, Modification, Deletion, and Encryption. |
Related actions
To leverage the report, you can perform the following actions:
| Action | Description |
|---|---|
| Subscribe to report |
You can schedule and subscribe to receive reports over email as a CSV file or a PDF. A subscription can be created for other members of the organizations too.
|
| Email the report | You can email the report in CSV or PDF format on demand to other recipients. |
| Download widget data | You can download the widget data in CSV or PDF format. |
| Add Filters to get a report with more granular data | Global filter: You can create a global filter, page filter, or panel filter to fetch details based on your requirements. |
Related topics
Unusual Data Activity