Skip to main content

How can we help you?

Druva Documentation

Unusual Data Activity Report

License editions: To understand the applicable license editions, see Plans & Pricing.

The unusual data activity report lists the devices and Cloud App accounts for which inSync detects anomalous behavior. Typically, a device is flagged and listed in this report if some of the following trends were observed for files and folders configured for backup on the device:

  • Large number of files deleted
  • Large number of files added
  • Unwarranted modification of files
  • Suspicious encryption of files (inSync checks if a minimum of 100 files are encrypted)

Following fields describe the report:

Field Description
User Name Name of the user. 
Data Sources Data Source name on which unusual data activity was detected. 
Affected Snapshot Date and time of the snapshot in which inSync detected unusual data activity. 
Last Known Good Snapshot

Date and time of the snapshot that was created before unusual data activity was detected. inSync uses 33 snapshots to generate a trend. If, in the 34th snapshot inSync detects an anomaly, 33rd snapshot is the last known good snapshot. If inSync detects an anomaly in the 46th snapshot, 45th snapshot is the last known good snapshot. 

Date and time format of the snapshot is: MMM DD YYYY HH:MM. 

Anomaly Detected

Description of the anomaly. 

If a single type of anomaly is detected (either files were deleted, modified, added, or encrypted), you can see one of the following messages in the Anomaly Detected field:

  • Large number of deleted files
  • Large number of updated files
  • Large number of new files
  • Encrypted files found

If multiple anomalies are detected, the detected anomalies are listed as comma separated values. For example, if multiple files were added and deleted, you can see the message as New FilesDeleted Files.  If all the anomalies are detected, the value of the Anomaly Detected field is New files, Updated files, Deleted Files, Encrypted Files

The number of deleted, updated, and new files is the actual number of files deleted, updated, and created in the snapshot. For the number of encrypted files, inSync checks if there are a minimum of 100 or more encrypted files.

New files Lists the number of new files created in the affected snapshot.
Deleted files Lists the number of files deleted in the affected snapshot. 
Modified files Lists the number of files for which the content has changed in the affected snapshot. 
Encrypted files detected Lists the number of encrypted files detected in the affected snapshot. 


Related Topic:

Unusual Data Activity 

  • Was this article helpful?