High Entropy data detection cannot trigger arw.analytics.high.entropy event
Applies to
ONTAP 9
Issue
High Entropy data detection cannot trigger arw.analytics.high.entropy event but only ARP snapshots are generated.
::> security anti-ransomware volume workload-behavior show -vserver svm1 -volume vol1
Vserver : svm1
Volume : vol1
File Extensions Observed : crt, pdf, docx, key, rpm,
XML, 7z, zip, txt, docm, pem,
reg, exe, conf, gz, jks,
html, csr, p12, ppk, 2, msi,
dat
Number of File Extensions Observed : 23
Historical Statistics
High Entropy Data Write Percentage : -
High Entropy Data Write Peak Rate (KB/Minute) : -
File Create Peak Rate (per Minute) : 5
File Delete Peak Rate (per Minute) : -
File Rename Peak Rate (per Minute) : -
Surge Observed
Surge Timeline : 11/2/2023 07:29:35
High Entropy Data Write Percentage : 100
High Entropy Data Write Peak Rate (KB/Minute) : 5120
File Create Peak Rate (per Minute) : -
File Delete Peak Rate (per Minute) : -
File Rename Peak Rate (per Minute) : -
Newly Observed File Extensions : -
Number of Newly Observed File Extensions : -
::> event log show -message-name arw.analytics.high.entropy
There are no entries matching your query.
::> security anti-ransomware volume attack-detection-parameters show -vserver svm1 -volume vol3
Vserver Name : svm1
Volume Name : vol3
Is Detection Based on High Entropy Data Rate? : true
Is Detection Based on Never Seen before File Extension? : true
Is Detection Based on File Create Rate? : true
Is Detection Based on File Rename Rate? : true
Is Detection Based on File Delete Rate? : true
Is Detection Relaxing Popular File Extensions? : true
High Entropy Data Surge Notify Percentage : 100
File Create Rate Surge Notify Percentage : 100
File Rename Rate Surge Notify Percentage : 100
File Delete Rate Surge Notify Percentage : 100
Never Seen before File Extensions Count Notify Threshold : 20
Never Seen before File Extensions Duration in Hour : 24