ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security anti-ransomware volume workload-behavior show

    Display information about the volume’s workload-behavior learnt by the analytics algorithm

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    This security anti-ransomware volume workload-behavior show displays the workload characteristics observed during anti-ransomware monitoring.

    Parameters

    { [-fields <fieldname>,…​]

    If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

    | [-instance ] }

    If you specify the -instance parameter, the command displays detailed information about all fields.

    -vserver <Vserver Name> - Vserver Name

    This parameter specifies the Vserver of the anti-ransomware enabled volume.

    -volume <volume name> - Volume Name

    This parameter specifies the anti-ransomware enabled volume for which the workload behavior details are displayed.

    [-file-extensions-included <text>,…​] - List of File Extensions Observed

    This parameter displays the list of file extensions observed during anti-ransomware monitoring.

    [-total-file-extensions-included <integer>] - Number of File Extensions Observed

    This parameter displays the number of file extensions observed during anti-ransomware monitoring.

    [-high-entropy-data-write-peak-percent <integer>] - High Entropy Data Write Peak Percentage

    This parameter displays the peak historical high entropy data write percentage of the incoming data.

    [-high-entropy-data-write-peak-rate <integer>] - High Entropy Data Write Peak Rate (KB/minute)

    This parameter displays the peak historical high entropy data write rate.

    [-file-create-peak-rate <integer>] - File Create Peak Rate per Minute

    This parameter displays the peak historical rate of file create operations in the volume.

    [-file-rename-peak-rate <integer>] - File Rename Peak Rate per Minute

    This parameter displays the peak historical rate of file rename operations in the volume.

    [-file-delete-peak-rate <integer>] - File Delete Peak Rate per Minute

    This parameter displays the peak historical rate of file delete operations in the volume.

    [-surge-timeline <MM/DD/YYYY HH:MM:SS>] - Surge Timeline

    This parameter displays the timeline where a surge was observed in the workload characteristics compared to the historically learnt characteristics.

    [-surge-high-entropy-data-write-peak-percent <integer>] - High Entropy Data Write Percentage During Surge

    This parameter displays the peak percentage value of high entropy data write in the incoming data when the surge was observed.

    [-surge-high-entropy-data-write-peak-rate <integer>] - High Entropy Data-write Peak Rate Surge (KB/minute)

    This parameter displays the peak rate of high entropy data write when the surge was observed.

    [-surge-file-create-peak-rate <integer>] - File Create Peak Rate (per Minute) During Surge

    This parameter displays the surge in the peak rate of file create operations.

    [-surge-file-delete-peak-rate <integer>] - File Delete Peak Rate (per Minute) During Surge

    This parameter displays the surge in the peak rate of file delete operations.

    [-surge-file-rename-peak-rate <integer>] - File Rename Peak Rate (per Minute) During Surge

    This parameter displays the surge in the peak rate of file rename operations.

    [-attack-file-extensions-observed <text>,…​] - File Extensions Observed During Attack

    This parameter displays the list of file types observed during a suspected ransomware attack.

    [-attack-file-extensions-observed-counts <integer>,…​] - Number of File Extensions Observed During Attack

    This parameter displays the count of various file types observed during a suspected ransomware attack.

    Examples

    The following example shows sample output for this command:

    cluster1::> security anti-ransomware volume workload-behavior show -vserver vs1 -volume vol1
                           Vserver                  : vs1
                           Volume                   : vol1
                           File Extensions Observed : .ext1, .ext2, .ext3
                 Number of File Extensions Observed : 3
    Historical Statstics
      High Entropy Data Write Percentage            : 50
      High Entropy Data Write Peak Rate (KB/Minute) : 50
      File Create Peak Rate (per Minute)            : 100
      File Delete Peak Rate (per Minute)            : 100
      File Rename Peak Rate (per Minute)            : 100
    Surge Observed
      Surge Timeline                                : 1/1/2022 01:01:01
      High Entropy Data Write Percentage            : 200
      High Entropy Data Write Peak Rate (KB/Minute) : 200
      File Create Peak Rate (per Minute)            : 200
      File Delete Peak Rate (per Minute)            : 200
      File Rename Peak Rate (per Minute)            : 200
      Newly Observed File Extensions                : .uk1,.uk2,.uk3
      Number of Newly Observed File Extensions      : 1, 2, 3
    Top of Page