CONAP-245206：即使将扩展名的误报标记为true、工作负载行为中也会显示新观察到的文件扩展名

最后更新
另存为PDF

Views:

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core

Last Updated:

问题描述

在ARW攻击之后、通过将受影响的扩展标记为误报来执行清除可疑项：

::> security anti-ransomware volume attack clear-suspect -vserver SVM1 -volume vol1 -false-positive true -extensions testlog, pdf, tmp

但是、即使在这之后、工作负载行为输出的"新观察到的文件扩展名"部分也会报告这些扩展名：

::> security anti-ransomware volume workload-behavior show -vserver SVM1 -volume vol1
                     Vserver: SVM1
                      Volume: vol1
             File Extensions Observed: CSV, xlsx, tmp, dll, pdf,
                          pptx, JPG, cache, cs,
                          VR, xd$, TP, vr, LS, xdw, tx,
                          DLL, xlsm, editorconfig, in,
                          ev, tp, zip, #dw, jpg, dwg,
                          VD, sv, JBI
        Number of File Extensions Observed: 465

Historical Statistics
        High Entropy Data Write Percentage: 98
  High Entropy Data Write Peak Rate (KB/Minute): 27192
        File Create Peak Rate (per Minute): 1567
        File Delete Peak Rate (per Minute): 1793
        File Rename Peak Rate (per Minute): 18

Surge Observed
                  Surge Timeline: -
        High Entropy Data Write Percentage: -
  High Entropy Data Write Peak Rate (KB/Minute): -
        File Create Peak Rate (per Minute): -
        File Delete Peak Rate (per Minute): -
        File Rename Peak Rate (per Minute): -
          Newly Observed File Extensions: {color:#ff8b00}testlog, pdf, tmp{color}
     Number of Newly Observed File Extensions: 1, 5, 7