Security anti-ransomware volume attack generate-report output

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 724

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core

Last Updated:

Applies to

ONTAP version 9.10.1 or later
Anti-ransomware or Autonomous Ransomware Protection (ARP) or Anti_Ransomware or ARW

Answer

When generating a report for security anti-ransomware volume attack generate-report it will display a list of files that are suspected to be potential ransomware.
The report is run with the command

Cluster_CLI::> security anti-ransomware volume attack generate-report -volume <affected volume> -dest-path <data SVM>:<shared volume hosted by the data SVM>/

Example output:

Report "report_file_vs1vol1_30-03-2021_16-11-38" available at path "vs1:vol1/".

The file will be of a format as shown, with no actual column header names:

(File sequence) (Time and date of report) (File Name) (Report Indicator) 1 "7/30/2024 15:33:36" /file.5856 1 2 "7/30/2024 15:33:36" /file.5857 2 3 "7/30/2024 15:33:36" /file.5858 1 4 "7/30/2024 15:33:36" /file.5862 1 5 "7/30/2024 15:33:36" /file.5864 2

The Report Indicator resolves to:

1 - that indicates: 'File extension type: An extension that does not conform to the normal extension type'.

2 - that indicates: 'Entropy: an evaluation of the randomness of data in a file'.

Any files in the report would then need to be examined for integrity from the corresponding host.

Additional Information

Note: A 0 byte file will be created if there is nothing to report.