Release notes
Modify options for automatic Snapshot copies
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
Beginning with ONTAP 9.11.1, you can use the CLI to control the retention settings for Autonomous Ransomware Protection (ARP) Snapshot copies that are automatically generated in response to suspected ransomware attacks.
You can only modify ARP Snapshots options on a node SVM.
-
To show all current ARP Snapshot copy settings, enter:
vserver options -vserver svm_name arw*
The vserver optionscommand is a hidden command. To view the man page, enterman vserver optionsat the ONTAP CLI. -
To show selected current ARP Snapshot copy settings, enter:
vserver options -vserver svm_name -option-name arw_setting_name -
To modify ARP Snapshot copy settings, enter:
vserver options -vserver svm_name -option-name arw_setting_name -option-value arw_setting_valueThe following settings are modifiable:
ARW setting Description arw.snap.max.count
Specifies the maximum number of ARP Snapshot copies that can exist in a volume at any given time. Older copies are deleted to ensure that the total number of ARP Snapshot copies are within this specified limit.
arw.snap.create.interval.hours
Specifies the interval in hours between ARP Snapshot copies. A new Snapshot copy is be created when an attack is suspected, and the copy created previously is older than this specified interval.
arw.snap.normal.retain.interval.hours
Specifies the duration in hours for which an ARP Snapshot copy is retained. When an ARP Snapshot copy becomes this old, any other ARP Snapshot copy created before the latest copy to reach this age is deleted. No ARP Snapshot copy can be older than this duration.
arw.snap.max.retain.interval.days
Specifies the maximum duration in days for which an ARP Snapshot copy can be retained. Any ARP Snapshot copy older than this duration will be deleted if there is no attack reported on the volume.
+
The maximum retention interval for ARP Snapshot copies is ignored if a moderate threat is detected. The ARP Snapshot copy created in response to the threat is retained until you have responded to the threat. Marking a threat as a false positive delete the ARP Snapshot copies on the volume. arw.snap.create.interval.hours.post.max.count
Specifies the interval in hours between ARP Snapshot copies when the volume already contains the maximum number of ARP Snapshot copies. When the maximum number is reached, an ARP Snapshot copy is deleted to make room for a new copy. The new ARP Snapshot copy creation speed can be reduced to retain the older copy using this option. If the volume already contains maximum number of ARP Snapshot copies, then this interval specified in this option is used for next ARP Snapshot copy creation, instead of arw.snap.create.interval.hours.
arw.surge.snap.interval.days
Specifies the interval in days between ARP surge Snapshot copies. ONTAP creates an ARP Snapshot surge copy when there's a surge in IO traffic and the last created ARP Snapshot copy is older than this specified interval. This option also specifies retention period in day for an ARP surge Snapshot.