In the event of attack on the system, after taking backup from that system we can correlate the attack with the backup metadata.
So with such scenarios with come up with the list of backup metadata attributes which we can use to identify any deviation in the normal trend.
Let’s us take below example to explain the detection logic. In this example data for 3 variables Image size, Number of files and Deduplication rate has been plotted. The data has been Standardized to make it in the same scale.
So based on this explanation lets see how NetBackup detects the Anomaly in the backup job.
Good one - but is there a way to post these anomalies on OpsCenter? So far I did not touch NB IT Analytics so can't tell if its there. For sure it is not in Opscenter in 22.214.171.124 version. Having a lot NBU domain is it hard to visit their webUI on daily basis just to check if there was anomaly or not... also its a pity it is disabled by default (I am speaking about 9.1 NBU family we are not yet ready for 10).
Version 10.0 is the last release of NetBackup OpsCenter. Please see https://www.veritas.com/support/en_US/article.100052742 for details on the transition to NetBackup IT Analytics.