Skip to main content
NetApp Knowledge Base

Search

  • Filter results by:
    • View attachments
    Searching in
    About 16 results
    • What does warning alert "Abnormal activity, change in data access rate by user" mean?
      https://kb.netapp.com/Cloud/BlueXP/DII/What_does_warning_alert_Abnormal_activity_change_in_data_access_rate_by_user_mean
      Applies to Data Infrastructure Insights (DII) (formerly Cloud Insights) Storage Workload Security Warning as below is detected when the Workload Security detects Abnormal Behavior that the user access...Applies to Data Infrastructure Insights (DII) (formerly Cloud Insights) Storage Workload Security Warning as below is detected when the Workload Security detects Abnormal Behavior that the user access rate is changed. Warning Alert: Abnormal activity, change in data access rate by user '<USERNAME>' Alert detail can be found in Workload Security > Alerts. Note: Alert threshold varies depending on user and its activity. It is not disclosed or configurable for security reasons.
    • NSS Accounts disappear from User Management in Cloud Insights
      https://kb.netapp.com/Cloud/BlueXP/DII/NSS_Accounts_disappear_from_User_Management_in_Cloud_Insights
      Applies to NetApp Cloud Insights Issue NetApp Support Site (NSS) accounts disappear from the list displayed Admin -> User Management in Cloud Insights WebUI
    • Can Storage Workload Security attack detection exclude specific paths or user?
      https://kb.netapp.com/Cloud/BlueXP/DII/Can_Storage_Workload_Security_attack_detection_exclude_specific_paths_or_user
      Applies to Data Infrastructure Insights (DII) Storage Workload Security Answer No, DII Storage Workload Security attack detection (Ransomware Attack or Data Destruction - File Deletion) cannot exclude...Applies to Data Infrastructure Insights (DII) Storage Workload Security Answer No, DII Storage Workload Security attack detection (Ransomware Attack or Data Destruction - File Deletion) cannot exclude specific paths or users. Additional Information additionalInformation_text
    • What is the unit of machine learning for DII Workload Security?
      https://kb.netapp.com/Cloud/BlueXP/DII/What_is_the_unit_of_machine_learning_for_DII_Workload_Security
      Applies to Data Infrastructure Insights (DII) Storage Workload Security Answer Machine learning for DII Workload Security is done on a per-user basis. Note: Therefore, machine learning cannot suppress...Applies to Data Infrastructure Insights (DII) Storage Workload Security Answer Machine learning for DII Workload Security is done on a per-user basis. Note: Therefore, machine learning cannot suppress the first detection of each user. Additional Information additionalInformation_text
    • Block User Access does not work with error "Reason vserver svm name not found"
      https://kb.netapp.com/Cloud/BlueXP/DII/Block_User_Access_does_not_work_with_error_Reason_vserver_svm_name_not_found
      Applies to Cloud Insights Storage Workload Security Issue When attack is detected or Block User button is pressed, Block User Access fails with error: SID to DomainName transformation failed. Reason v...Applies to Cloud Insights Storage Workload Security Issue When attack is detected or Block User button is pressed, Block User Access fails with error: SID to DomainName transformation failed. Reason vserver svm name not found
    • Can Data Collectors and User Directory Collectors be migrated to another Agent?
      https://kb.netapp.com/Cloud/BlueXP/DII/Can_Data_Collectors_and_User_Directory_Collectors_be_migrated_to_another_Agent
      Applies to Cloud Insights Storage Workload Security Replacing Workload Security Agent server Answer No, delete them on the old Agent server then create new ones on the new Agent server. Additional Inf...Applies to Cloud Insights Storage Workload Security Replacing Workload Security Agent server Answer No, delete them on the old Agent server then create new ones on the new Agent server. Additional Information Configuring an Active Directory (AD) User Directory Collector Configuring an LDAP Directory Server Collector Configuring the ONTAP SVM Data Collector
    • What network failure prevents Audit data from being sent to DII server?
      https://kb.netapp.com/Cloud/BlueXP/DII/What_network_failure_prevents_Audit_data_from_being_sent_to_DII_server
      If there is a continuous network failure that meets the following conditions, audit data is lost instead of being sent to DII server: When SVM tries to send audit data, if there is no response from SW...If there is a continuous network failure that meets the following conditions, audit data is lost instead of being sent to DII server: When SVM tries to send audit data, if there is no response from SWS data collector for 60 seconds, a timeout occurs. In scenarios where a data collector is connected to more than one node for SVM audit data, the data collector will not trigger a disconnected state unless all nodes become disconnected.
    • Can Ghostscript be removed from DII Storage Workload Security agent server?
      https://kb.netapp.com/Cloud/BlueXP/DII/Can_Ghostscript_be_removed_from_DII_Storage_Workload_Security_agent_server
      Applies to Data Infrastructure Insights (DII) Storage Workload Security Ghostscript is installed on Storage Workload Security agent server Answer Yes, Ghostscript can be removed from DII Storage Workl...Applies to Data Infrastructure Insights (DII) Storage Workload Security Ghostscript is installed on Storage Workload Security agent server Answer Yes, Ghostscript can be removed from DII Storage Workload Security agent server because the agent does not use it. Additional Information additionalInformation_text
    • Critical Health Alert of Workload Security is sent after short network maintenance
      https://kb.netapp.com/Cloud/BlueXP/DII/Critical_Health_Alert_of_Workload_Security_is_sent_after_short_network_maintenance
      Performing network maintenance that causes Storage Workload Security Agent server to be unable to connect to the internet for a few minutes After the network maintenance is completed, an alert email f...Performing network maintenance that causes Storage Workload Security Agent server to be unable to connect to the internet for a few minutes After the network maintenance is completed, an alert email from accounts@service.cloudinsights.netapp.com is sent out several minutes later subject: Critical Health Alert: Storage Workload Security Data Collector '<SVM>' is disconnected Failed to determine the health of the collector within 2 retries, try restarting the collector again(Error Code: AGENT008)
    • Enabling MAV prevents Workload Security Block User Access
      https://kb.netapp.com/Cloud/BlueXP/DII/Enabling_MAV_prevents_Workload_Security_Block_User_Access
      Applies to Cloud Insights Storage Workload Security ONTAP 9 Multi-admin verification (MAV) rules include Operation: set with Query: -privilege diagnostic Issue When attack is detected or Block User bu...Applies to Cloud Insights Storage Workload Security ONTAP 9 Multi-admin verification (MAV) rules include Operation: set with Query: -privilege diagnostic Issue When attack is detected or Block User button is pressed, Block User Access fails with error: SID translate failed. Reason:255:Error: command failed: The security multi-admin-verify request (index x)requires approval.Error: "access-check" is not a recognized command
    • DII Storage Workload Security agent is intermittently in "Not Connected" status
      https://kb.netapp.com/Cloud/BlueXP/DII/DII_Storage_Workload_Security_agent_is_intermittently_in_Not_Connected_status
      Applies to Data Infrastructure Insights (DII) Storage Workload Security Issue After automatically upgrading, Agents on Collectors screen in DII WebUI shows Status of agent as Not Connected intermitten...Applies to Data Infrastructure Insights (DII) Storage Workload Security Issue After automatically upgrading, Agents on Collectors screen in DII WebUI shows Status of agent as Not Connected intermittently Status of data collector on Data Collectors on Collectors screen toggles between Running and Stopped