ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security anti-ransomware volume attack clear-suspect

    Clear suspect record

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    The anti-ransomware volume attack clear-suspect command removes the specified files from suspect files report. When no optional parameters are provided, the suspect report file is cleared.

    Parameters

    -vserver <vserver name> - Vserver Name

    This parameter specifies the Vserver on which the volume is located.

    -volume <volume name> - Volume Name

    This parameter specifies the name of the volume on which anti-ransomware feature is enabled.

    { [-sequence-number <integer>] - Sequence Number

    This optionally specifies the sequence number of the suspect file obtained from genrated report.

    { [-extensions <text>,…​] - File Extensions

    This optionally specifies the extensions of ransomware attacked files that needs to be cleared from attack report.

    | [-start-time <MM/DD/YYYY HH:MM:SS>] - Start Time

    This optionally specifies the lower bound of the time to clear a suspect record. Any suspect record with time greater than or equal to start-time is cleared.

    [-end-time <MM/DD/YYYY HH:MM:SS>] - End Time }

    This optionally specifies upper bound of the time to clear a suspect record. Any suspect record with time less than or equal to end-time is cleared.

    -false-positive {true|false} - False Positive?

    This indicates whether the suspect record of specific extensions, time range, and so on, are to be considered a false positive.

    Examples

    The folowing example shows a sample output for clearing all the suspects observed with timestamp in the start-time and end-time range, and with given extension.

    clus1::> security anti-ransomware volume attack clear-suspect -volume testvol -start-time "4/14/2021 04:16:48" -end-time "4/14/2021 06:16:50"
    5 suspect records cleared.
    
    The following examples shows output when given sequence-number is not present.
    clus1::*> security anti-ransomware volume attack clear-suspect -volume testvol -sequence-number 1000
    
    Error: command failed: No suspect records found.
    Top of Page