Camp Rubrik: Data Security Foundations
  • Camp Rubrik: Data Security Foundations
    • Lab environment
    • Welcome to Zaffre
      • Tools you will be leveraging
      • SLA driven policy engine
      • Role Based Access Control (RBAC)
      • In-place Recovery Plans
    • Identify and Recover from an attack
      • The attack
        • Navigate the two storefronts
        • Ransom note
      • Anomaly Detection
        • Accessing Anomaly Detection
        • Visibility into the attack
        • Investigations page
        • Determining blast radius
        • Instant file recovery
      • Threat Hunting
        • Identifying the entry point of an adversary
        • Building a threat hunt
        • Monitoring a threat hunt in progress
        • Review a completed hunt
      • Sensitive Data Monitoring
        • Accessing Sensitive Data Monitoring
        • Visibility into sensitive data
        • Cyber incident response
        • Business as usual
        • Policies
        • Analyzers
        • Custom analyzers & policies
        • Reporting
      • All Clear To Recover
      • Cyber Recovery
        • Accessing Cyber Recovery
        • Forensic Analysis
        • Recovery Plans
        • In-Place recovery
      • Data Security Command Center
        • Accessing Data Security Command Center
        • Platform Security
        • Anomaly Detection
        • Data Security Posture
        • Data Protection and Recovery
        • Multi-factor Authentication (MFA) with Time-based One-Time Passwords (TOTP)
      • Conclusion
Powered by GitBook
On this page
Export as PDF
  1. Camp Rubrik: Data Security Foundations
  2. Identify and Recover from an attack
  3. Threat Hunting

Monitoring a threat hunt in progress

PreviousBuilding a threat huntNextReview a completed hunt

Note that this page is optional - if you are short on time, please feel free to move on to the next page, where we explore the results of a threat hunt that is already completed.

At this stage, the definitions of the Threat Hunt are pushed down from the Rubrik control plane, down to the CDM cluster. The Rubrik control plane has no access to the data in the backups, and so the scan is executed on the appliance on-premises (or in the cloud, if using Cloud Cluster).

You can monitor the progress of the threat hunt in the Events tab in Data Protection.

  • From the app-tray in the top-right of the interface, launch Data Protection

  • Click on the Events tab and then to Events Logs

  • In the filter field, Select "Rubrik-Demo1" (A) from the Clusters section and select Threat Hunt (B) from the Event Type section.

  • It may take a minute or two for the hunt details (C) to appear, as they are first composed on Rubrik, then pushed down to the cluster for execution

After a few minutes (dependent on the parameters that you specified for the hunt), you should see the hunt move to Completed status. You can then move back to the Threat Hunt interface to explore the findings of the hunt.

Monitor the progress of the Threat Hunt