Administration Guides
If Critical:
Home

If Critical:

  1. The security event will have a lockout applied immediately since it is a critical detection.
  2. Recovery: Reimage machine or other recovery procedures that your policies require.  Determine which files to be recovered on the PowerScale by selecting the files option on the security event.  From this screen, you can download a CSV file of trigger files AND files from the last 1 hour of activity.
  3. Restore User Access:  After it has been determined it is safe to restore access to the user.  The actions menu can be used to remove the user account lockout for all cluster shares to which that user had access.  Using the Actions menu restore user access. (See Security Event Action State Descriptions section below). Click here for instructions
  4. The security event will now be in Restored state and can be archived to the Event History tab.  Using the actions menu submit a Mark As Recovered action (See Security Event Action State Descriptions section below).
  5. If you need to flag as false-positive see instructions here on Flag As False Positive.
  6. Done.

 

© Superna LLC