Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Backup anomaly detection
  7. View anomalies
NetBackup™ Security and Encryption Guide

View anomalies

NetBackup can now detect anomalies in backup metadata. It can detect any unusual job data in the data backup flow. For example, it can detect a file count or a file size that is different than the usual count or size.

See About backup anomaly detection.

Note:

An anomalies count of 0 indicates there are no anomalies generated or that the anomaly detection services are not running.

To view anomalies

  1. Sign in to the NetBackup web UI.
  2. On the left, select Detection and reporting > Anomaly detection.

    The following columns are displayed:

    • Job ID - Job ID of the job for which the anomaly is detected

    • Client name - Name of the NetBackup client where the anomaly is detected

    • Policy type - The policy type of the associated backup job

    • Count - The number of anomalies that are detected for this job

    • Score - Severity of the anomaly. The score is higher if the severity of the anomaly is more.

    • Anomaly severity - Severity of the anomalies that are notified for this job

    • Anomaly summary - Summary of the anomalies that are notified for this job

    • Received - Date when the anomaly is notified

    • Review status - Indicates whether the detected anomaly is reported as a false positive, an actual anomaly, or it can be ignored.

    • Policy name - The policy name of the associated backup job

    • Schedule name - The schedule name of the associated backup job

    • Schedule type - The schedule type of the associated backup job

  3. Expand a row to see the details of the selected anomaly.

    For each anomaly record, the current value of that feature and its actual range based on the past data are displayed.

    Consider the following example:

    An anomaly of the image size feature is displayed as 100MB (Usual 350MB, 450MB). This information implies that the current image size that is reported as anomaly is 100 MB. However, the usual image size range is 350 MB - 450 MB that is derived from the analysis of past data. Because of the significant difference between the current images size and usual image size range, NetBackup notifies it as an anomaly.

  4. You can perform the following actions on the anomaly record:

    • Click Mark as ignore when you can ignore the anomaly condition.

      The Review status of the anomaly record appears as Ignore.

    • Click Confirm as anomaly when you want to take some action on the anomaly condition.

      The Review status of the anomaly record appears as Anomaly.

    • Click Report as false positive if the anomaly is a false positive. Similar anomalies are not shown in the future.

      The Review status of the anomaly record appears as False positive.

Feedback

Was this page helpful?
Previous

Configure anomaly detection settings

Next

Anomaly configuration to enable automatic scanning

Feedback

Was this page helpful?