Skip to main content
BlueXP ransomware protection

View workload health at a glance using the Dashboard

Contributors amgrissino
PDFs

The BlueXP ransomware protection Dashboard provides at-a-glance information about the protection health of your workloads. You can quickly determine workloads that are at risk or protected, identify workloads impacted by an incident or in recovery, and gauge the extent of protection by looking at how much storage is protected or at risk.

You can also use the Dashboard to review and act on protection recommendations, access global settings, download reports, and access this technical documentation.

Review workload health using the Dashboard

Steps

  1. From the BlueXP left navigation, select Protection > Ransomware protection.

    After discovery, the Dashboard shows you the health of workload data protection.

    Dashboard page

  2. From the Dashboard, you can view and do any of the following in each of the panes:

    • Workload data protection: Click View all to see all workloads that are at risk or protected on the Protection page. Workloads are at risk when protection levels don’t match a protection policy. Refer to Protect workloads.

    • Alerts and workload data recovery: Click View all to see active incidents that have impacted your workload, are ready for recovery after incidents are neutralized, or are in recovery. Refer to Respond to a detected alert.

      An incident is categorized in one of the following states:

      • Impacted (shows on Alerts page)

      • Ready for recovery (shows on Recovery page)

      • Recovering (shows on Recovery page)

      • Recovery failed (shows on Recovery page)

      • Recovered (shows on Recovery page)

    • Recommended actions: To increase protection, review each recommendation and click Review and fix.

      Refer to Review protection recommendations on the Dashboard or Protect workloads.

      Any recommendations that were added since you last visited the Dashboard are indicated with “New” for at least 24 hours. Actions are listed in priority order with the most important at the top. You can review and act on each one or dismiss it.

      The total number of actions does not include dismissed actions.

    • Workload data: Monitor changes in protection coverage over the last 7 days.

    • Workload backups: Monitor changes in workload backups created by the service that failed or completed successfully in the last 7 days.

Review protection recommendations on the Dashboard

BlueXP ransomware protection assesses the protection on your workloads and recommends actions to improve that protection.

You can review a recommendation and act on it, which changes the recommendation status to Complete. Or, if you want to act on it later, you can dismiss it. Dismissing an action moves the recommendation to a list of dismissed actions, which you can review later.

Here is a sampling of the recommendations that the service offers.

Recommendation Description How to resolve

Add a ransomware protection policy

The workload is currently not protected.

Assign a policy to the workload.
Refer to Protect workloads against ransomware attacks.

Configure backup destinations

The workload does not currently have any backup destinations.

Add backup destinations to this workload to protect it.
Refer to Configure protection settings.

Edit workload name

Your workloads are using default names.

Give your workload a descriptive name.
Refer to Manage workloads.

Enable threat detection

Send data to a security and event management system (SIEM) for threat analysis and detection.

Enter SIEM/XDR server details to enable threat detection.
Refer to Configure protection settings.
Refer to Configure protection settings.

Enable workload-consistent protection for applications or VMware

These workloads are not managed by SnapCenter Software or SnapCenter Plug-in for VMware vSphere.

To have them managed by SnapCenter, enable workload-consistent protection.
Refer to Protect workload against ransomware attacks.

Make a policy stronger.

Some workloads might not have enough protection. Strengthen protection on workloads with a policy.

Increase retention, add backups, enforce immutable backups, block suspicious file extensions, enable detection on secondary storage and more.
Refer to Protect workloads against ransomware attacks.

Protect critical or highly important application workloads against ransomware.

The Protect page displays critical or highly important (based on the Priority level assigned) application workloads that are not protected.

Assign a policy to these workloads.
Refer to Protect workloads against ransomware attacks.

Protect critical or highly important file share workloads against ransomware.

The Protection page displays critical or highly important workloads of the type File Share or Datastore that are not protected.

Assign a policy to each of the workloads.
Refer to Protect workloads against ransomware attacks.

Review new alerts

New alerts exist.

Review the new alerts.
Refer to Respond to a detected ransomware alert.
Steps

  1. From the BlueXP left navigation, select Protection > Ransomware protection.

  2. From the Recommended actions pane, select a recommendation and select Review and fix.

  3. To dismiss the action until later, select Dismiss.

    The recommendation clears from the To Do list and appears on the Dismissed list.

    Tip You can later change a dismissed item to a To Do item. When you mark an item completed or you change a dismissed item to a To Do action, the Total actions increases by 1.

  4. To review information on how to act on the recommendations, select the information icon.

Download CSV files

You can download CSV files that show details of protection, alerts, and recovery.

You can download CSV files from any of the main menu options:

  • Dashboard: Contains all summary information for all workloads.

  • Protection: Contains the status and details of all workloads, including the total number protected and at risk.

  • Alerts: Includes the status and details of all alerts, including the total number of alerts and automated Snapshots.

  • Recovery: Includes the status and details of all workloads that need to be restored, including the total number of workloads marked "Restore needed", "In progress," "Restore failed" and "Successfully restored."

If you download CSV files from the Protection, Alerts, or Recovery page, only the data on that page is included in the CSV file.

The CSV files include data for all workloads on all BlueXP working environments.

Steps

  1. From the BlueXP left navigation, select Protection > Ransomware protection.

    Dashboard page

  2. From the Dashboard or other page, select the Refresh Refresh option option in the upper right to refresh the data that will appear in the files.

  3. Do one of the following:

    • From the Dashboard or other page, select the Download Download option option.

    • From the BlueXP ransomware protection menu, select Reports.

  4. If you selected the Reports option, select one of the preconfigured named files and select Download (CSV).

Access technical documentation

You can access the technical documentation from docs.netapp.com or from inside the BlueXP ransomware protection service.

Steps

  1. From the BlueXP left navigation, select Protection > Ransomware protection.

  2. From the Dashboard, select the vertical Actions Vertical Actions option option.

  3. Select What's new to view details in the Release Notes or Documentation to view the BlueXP ransomware protection documentation Home page.