[gpfsug-discuss] Ransom attacks

Henrik Morsing henrik at morsing.cc
Fri May 28 08:15:37 BST 2021

On Thu, May 27, 2021 at 03:20:08PM +0000, Anderson Ferreira Nobre wrote:
>   Henrik,
>   One way would integrate Scale with QRadar. If I'm not wrong, you can
>   configure QRadar to take a snapshot when it detects there's an attack
>   happening. The details you can take from here:
>   [1]https://www.redbooks.ibm.com/redpapers/pdfs/redp5560.pdf
>   [2]https://www.youtube.com/watch?v=Zyw84dvoFR8


Looking at the video (not read the document yet) I'm not sure QRadar is advanced enough to detect someone encrypting a storage pool from the SP server. It's a single file pretty much access 24x7, but I will look into it further, thanks.


More information about the gpfsug-discuss mailing list