跳转到主内容

何时为 'callhome.arw.activity.seen' 生成 EMS/ASUP 警报通知?

  1. 最后更新
  2. 另存为PDF
Views:
55
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

适用于

  • ONTAP 9
  • 反勒索软件防护 (ARP)

问题解答

  • 当攻击概率较低时,快照创建对最终用户是静默的,不会生成警报通知。
  • 当找到 20 个或更多具有此未知文件扩展名的文件时,则将其视为攻击。
  • 攻击概率将从低变为中等,然后 callhome.arw.activity.seen EMS/ASUP 警报通知将被生成。
cluster2::*> event log show -message-name *arw*
Time         Node       Severity    Event
------------------- ---------------- ------------- ---------------------------
12/20/2022 11:27:55 cluster2-01    ALERT     callhome.arw.activity.seen: Call-home message for Vol1 (UUID: c437827d-8062-11ed-9f93-005056a0d3a0) svm1 (UUID: 4574c5fe-8916-11ec-b931-005056a0d3a0)
  • 因此,它没有相应的 arw.analytics 事件。

追加信息

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.