Module 6 - PPDM end to end workflow | Scribe

    Module 6 - PPDM end to end workflow

        NetWorker end to end workflow

        information ordinal icon
        This lesson will allow you to practice Cyber Recovery and CyberSense with PPDM file-system backups. It covers everything from protecting files, replicating them to the vault and analyzing them with CyberSense, and then simulating a malware attack, analysis of the attacked data and gathering information about the attack using the CyberSense UI.
        1
        In this module you will run PPDM end-to-end workflow which includes: \-Run a fresh backup of **client.demo.local (/data)** using production PPDM \-Create a Cyber Recovery Policy \-Secure Copy Analyze the data using Cyber Recovery and CyberSense \-Run [infect.sh](http://infect.sh) script to infect the data in the **/data** directory on **client.demo.local** \-Run another backup of the infected data on **client.demo.local (/data)** using production PPDM \-Secure Copy Analyze the data using Cyber Recovery and CyberSense

        Recovery Sandbox cleaning from previous module

        2
        In case this lab session was used for the PPDM Automated Recovery module, you need to delete the existing **PPDM Recovery Sandbox** first:
        3
        In the Cyber Recovery UI, navigate to **Recovery --> Recovery Sandboxes**, select the PPDM sandbox and click **Cleanup**
        4

        Files to protect and the infection script

        5
        Login to the production client **client.demo.local** using RoyalTS SSH application. The **infect.sh** script copies PDF files to **/data** and then simulates a malware attack on these files. To run the script type **./infect.sh**
        6
        There are 3 options to infect the data: 1. Attack Profile 1 - Strong Encryption w/No Filename/Extension Change 2. Attack Profile 4 - Strong Encryption w/Known Ransomware Extension 3. Attack Profile 6 - Strong Encryption w/Obfuscated File Extension
        7
        Select the infection type. Use arrow keys and select the infection using spacebar on the keyboard: RYUK - Attack Profile 4\ Maze - Attack Profile 6\ REvil - Attack Profile 6\ DMALocker - Attack Profile 1
        8
        Hit Enter after selecting the Infection Type. In this case, we selected **DMALocker** which is **Attack Profile 1 (Strong Encryption with same file name and extension)** Good data will be copied from /root/pdf to **/data** directory. Hit Enter
        9
        The Good data is now copied to **/data**. You will run the following operations: \ \ -Run a new backup of client.demo.local using production PPDM\ -Secure Copy Analyze the data using Cyber Recovery when the backup is completed

        Create a backup

        10
        Login to the PPDM-Prod UI using the following credentials: **Username:** admin \ **Password:** Password123!
        11
        Navigate to **Protection --> Protection Policies** to review the **Linux-FS** Policy configured for filesystem **client client.demo.local** and start the on-demand backup by clicking **Protect Now**. Proceed with the default options and click **Next** on all the screens, followed by **Protect Now**
        12
        Wait until the **Protection Job** completes successfully.

        Create a PPDM DR backup

        13
        Create a PPDM DR backup which is also required to be synced along with client backups using Cyber Recovery. Navigate to **System Settings --> Disaster Recovery**
        14
        Navigate to **Manage Backups** and click **Backup Now**