[gpfsug-discuss] Ransom attacks
Henrik Morsing
henrik at morsing.cc
Fri May 28 08:15:37 BST 2021
On Thu, May 27, 2021 at 03:20:08PM +0000, Anderson Ferreira Nobre wrote:
> Henrik,
>
> One way would integrate Scale with QRadar. If I'm not wrong, you can
> configure QRadar to take a snapshot when it detects there's an attack
> happening. The details you can take from here:
> [1]https://www.redbooks.ibm.com/redpapers/pdfs/redp5560.pdf
> [2]https://www.youtube.com/watch?v=Zyw84dvoFR8
>
Hi,
Looking at the video (not read the document yet) I'm not sure QRadar is advanced enough to detect someone encrypting a storage pool from the SP server. It's a single file pretty much access 24x7, but I will look into it further, thanks.
Regards,
Henrik
More information about the gpfsug-discuss
mailing list