Viewing and Handling Ransomware Protection Events
After ransomware protection is enabled, if a ransomware attack event occurs on the server, the event will be recorded and displayed in the ransomware event list. You can handle the events based on your service requirements.
Prerequisites
You have enabled HSS premium, WTP, or container edition.
Constraints
- Ransomware backup only supports Huawei Cloud servers.
- After ransomware protection is enabled, you need to handle ransomware alarms and fix the vulnerabilities in your systems and middleware in a timely manner.
Procedure
- Log in to the management console.
- In the upper left corner of the page, select a region, click
, and choose Security & Compliance > HSS.
- Choose
.
If your servers are managed by enterprise projects, you can select the target enterprise project to view or operate the asset and detection information.
- Click the Events tab and check events.
- After confirming the severity of an event, click Handle in the Operation column of the target event to handle the event. For details about the processing modes, see Table 1.
You can also select multiple events and click Batch Handle above the list to handle events in batches.
Table 1 Alarm handling methods Marked As
Description
Ignore
Ignore the current alarm. Any new alarms of the same type will still be reported by HSS.
Isolate and kill
If a program is isolated and killed, it will be terminated immediately and no longer able to perform read or write operations. Isolated source files of programs or processes are displayed on the Isolated Files slide-out panel and cannot harm your servers.
You can click Isolated Files on the upper right corner to check the files. For details, see Managing Isolated Files.
NOTE:When a program is isolated and killed, the process of the program is terminated immediately. To avoid impact on services, check the detection result, and cancel the isolation of or unignore misreported malicious programs (if any).
Mark as handled
When manually handle an event, you can add remarks to record the details about the event.
Add to alarm whitelist
Add false alarmed items to the login whitelist.
HSS will no longer report alarm on the whitelisted items. A whitelisted alarm will not trigger alarms.
You can click Add Rule and configure file paths in alarm masking rules. HSS will not report the alarms matching these rules.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot