CONTAP-438357：在没有 ARW 攻击的卷上发现新文件扩展名

最后更新
另存为PDF

Views:: 1

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: CORE

Last Updated:

问题描述

工作负载行为输出中的“新观察到的文件扩展名”下报告了一些文件扩展名：

::> security anti-ransomware volume workload-behavior show -vserver SVM1 -volume vol_01
                     Vserver: SVM1
                      Volume: vol_01
             File Extensions Observed: pdf, rtf, txt, tmp, jpg,
                          wfs, xlsx, JPG, lms, wav,
                          pptx, xls, xml
        Number of File Extensions Observed: 23
 Historical Statistics
        High Entropy Data Write Percentage: 98
  High Entropy Data Write Peak Rate (KB/Minute): 340936
        File Create Peak Rate (per Minute): 128
        File Delete Peak Rate (per Minute): 294
        File Rename Peak Rate (per Minute): 10
 Surge Observed
                  Surge Timeline: -
        High Entropy Data Write Percentage: -
  High Entropy Data Write Peak Rate (KB/Minute): -
        File Create Peak Rate (per Minute): -
        File Delete Peak Rate (per Minute): -
        File Rename Peak Rate (per Minute): -
          Newly Observed File Extensions: abc, xyz, pqr
     Number of Newly Observed File Extensions: 310, 72, 238

然而，没有针对该卷的攻击报告：

USNAZCNO::> security anti-ransomware volume show -vserver SVM1 -volume vol_01
    Vserver Name: SVM1
    Volume Name: vol_01
       State: enabled
Dry Run Start Time: -
Attack Probability: none
  Attack Timeline: -
 Number of Attacks: -

这些扩展即使被标记为误报也不会被清除：

::> security anti-ransomware volume attack clear-suspect -vserver SVM1 -volume vol_01 -false-positive true -extensions abc, xyz, pqr