Why areĀ callhome.arw.activity.seen EMS/ASUP alert notifications not generated?
Applies to
- ONTAP 9
- Anti-ransomware Protection (ARP)
Answer
- The snapshot creation is silent to the end user when Attack Probability is low, and no alert notification is generated.
- When 20 or more files are found with this unknown file extension, then it is assumed as an attack.
- The attack probability will change from low to moderate and
callhome.arw.activity.seen
EMS/ASUP alert notification will be generated.
cluster2::*> event log show -message-name *arw*
Time Node Severity Event
------------------- ---------------- ------------- ---------------------------
12/20/2022 11:27:55 cluster2-01 ALERT callhome.arw.activity.seen: Call-home message for Vol1 (UUID: c437827d-8062-11ed-9f93-005056a0d3a0) svm1 (UUID: 4574c5fe-8916-11ec-b931-005056a0d3a0)