Understanding Cloud Workload Protection for Storage Events and Alerts on Azure and AWS
Article ID: 151145
Updated On:
Products
Issue/Introduction
This document covers the basic details of events published by Symantec Cloud Workload Protection for Storage on Microsoft Azure and Amazon AWS, which are listed on the "Events and Alerts" page.
Resolution
Events
|
Event Title |
Event ID |
Description |
|
File Detection
|
8031 |
File Detection events report the detection and resolution Scan Event is associated with detection event by scan_uid |
|
File Response |
8046 |
File Response events report file actions taken in response Possible Actions supported For Azure are :-
|
|
Event Type |
Category ID |
Description |
|
Anti-Malware |
Security |
Threat detection events report threats that are detected |
Policy Violation |
Security |
Non malware detection's like unscannable files and other |
Key Parameters from Event Schema
|
Category |
Parameters |
Description |
|
Overview |
||
|
Event ID |
The system assigned unique identifier of an event occurrence. |
|
|
Event |
File Response : File Detection events report the detection File Detection : File Response events report file actions |
|
|
Event Summary |
Sample Messages > Malware 'WM.Npad.EE' detected > File 'addonemore/testp/npad95-1.dot' was deleted |
|
|
|
Severity |
The severity of the event. [0] Unknown - The event severity is not known. [1] Informational - Purely informational. No action needed. [2] Warning - The user decides if action is needed. [3] Minor - Action is required but the situation is not serious at this time. [4] Major - Action is required immediately. [5] Critical - Action is required immediately and the scope is broad. [6] Fatal - An error occurred but it is too late to take remedial action. |
|
|
Type |
The reason for the detection.
|
Instance Details |
||
Event Source |
The name of the source asset which generated event. For Azure Platform it is Storage Account. |
|
|
Source Resource Group |
The name of the source asset resource group. |
|
|
Source Region Group |
The region to which the source asset belongs. |
|
|
Source Cloud Platform |
The cloud platform to which the source instance belongs. |
|
|
Scan Type |
NRTS or Scheduled The scan type. [1] NRTS- the scan was initiated [2] SCHEDULED- the scan was started based on scheduler. |
|
|
Event File Details |
||
|
File Name |
The name of the file that originated or caused the event. For e.g. for Azure Platform azperfdata/10viruses/test.rar |
|
|
File Size |
The size of the file in Bytes |
|
|
Threat Details |
Threat Type |
The threat type as reported by the detection engine. [1] Malware [2] Behavioral [3] Potentially Unwanted Applications [4] Exploit (PEP) [5] Heuristic [6] Security Risk |
|
Threat Name |
The threat name as reported by the detection engine. |
|
|
Other Details |
||
|
Content Version |
The version of the virus definition files that are used by |
|
|
Component |
The human-readable name of the part of the data object where |
Alerts
|
Event Type |
Event Name |
Parameter |
|
AntiMalware Detection |
Storage Antimalware Detection |
Asset Name File Name Policy Name Source Cloud Platform Source Region Time Of Day File Size Severity Code |
|
Storage Antimalware Response |
Asset Name File Name Policy Name Source Cloud Platform Source Region Time Of Day File Size Severity Code |
|
|
Policy Violation
|
Storage Container Violation |
Asset Name File Name Policy Name Source Cloud Platform Source Region Time Of Day File Size Severity Code |
|
Storage Unscannable File |
Asset Name File Name Policy Name Source Cloud Platform Source Region Time Of Day File Size Severity Code |
Feedback
