Skip to main content
Version: 4.2.0 🚧

Recovery Manager

Introduction​

Cyber Recovery Manager enables targeted recovery of files affected during a ransomware event. After a user is locked out by Ransomware Defender, the system tracks all activity related to that user—including file modifications, deletions, and renames—and presents this data for review.

Recovery Manager uses this activity to help you identify which files were impacted and restore them to a known-good state. Rather than performing a full rollback, it allows selective recovery of affected items, helping to reduce downtime and preserve unaffected data.

This section explains how to access Recovery Manager, explore affected file activity, and initiate recovery jobs through the UI.

Use Recovery Manager​

Log in to Superna Eyeglass and open Ransomware Defender.

Ransomware Defender Icon

In the Events section, two menu items are displayed: Active Events and Event History.

Active Events

Recovery Manager can be accessed in both Active Events and Event History. However, the Recovery Manager information will expire after a week if the events are in Event History.

Active Events​

In the Active Events menu, the user can see the list of active events and information about them.

To manage the Event, click on the following icon in the Action column.

Icon

The Action modal window will show the Event Action History. To recover this action, click on the Cyber Recovery Manager.

Manage Event

Cyber Recovery Manager​

File Activity

Tree View​

All the files from the cluster will be displayed in the Tree View area.

Filters​

In the Filters area, user can filter events by:

  • Cluster. Select the cluster from the dropdown list.
  • Path. Copy and paste the event path to do that or select the path from the tree to automatically filter on that path, then click the Search on Path button.
  • Recovered Status. Select the desired status, and events in the All File Activity table will be filtered by status. Note: It is impossible to recover the event with UNRECOVERABLE status. Unrecoverable files don’t have snapshots.

Statistics​

In the statistics area, information on events is displayed.

All File Activity for the user​

The file activity is displayed on the bottom panel for a particular user.

To see how this file path has been modified, click on the + button.

Select the event and press the Restore button. On the Warning window, click No.

Warning

Job Submitted

After submitting the Cyber Recovery Job, click the View Running Jobs button below to monitor the job’s progress.

Event History​

All events will be displayed in the Event History menu. The events shown in the Event History will expire after a week by default, but the value can be changed in the ECA settings.

Limitations​

  1. Only the default tenant is supported.

  2. The ACLS are not restored to the exact state they were before.