arw.analytics events
arw.analytics.ext.report
- Severity
-
NOTICE
- Description
-
This message occurs when anti-ransomware analytics generates or updates the "suspicious file extensions" report for a volume.
- Corrective Action
-
(None).
- Syslog Message
-
Anti-ransomware file extension analytics has found %s across high entropy data on the volume "%s" in Vserver "%s". Report location: %s.
- Parameters
-
fileExtension (STRING): Previously unseen file extension or suspicious file extension
volumeName (STRING): Name of the volume.
vserverName (STRING): Name of the Vserver.
fileExtensionReport (STRING): Link to report run after file extension analysis.
arw.analytics.high.entropy
- Severity
-
ERROR
- Description
-
This message occurs when the number of high entropy data log messages (pertaining to ransomware detection and analysis) that were generated for a volume cross the predefined threshold.
- Corrective Action
-
To correct this issue: 1) Restore data from the last Snapshot copy that were saved before high entropy data was detected. 2) Refer to the anti-ransomware documentation to learn how to implement ransomware protection and mitigation strategies.
- Syslog Message
-
A large amount of high entropy data was found on volume "%s" in Vserver "%s".
- Parameters
-
volumeName (STRING): Name of the volume.
vserverName (STRING): Name of the Vserver.
arw.analytics.probability
- Severity
-
ERROR
- Description
-
This message occurs when an anti-ransomware attack probability has changed from "low" to "high" on a volume.
- Corrective Action
-
To correct this issue: 1) Restore to the last safe Snapshot copy before attack probabilty became high. 2) Refer to the anti-ransomware documentation to diagnose further and take remedial measures.
- Syslog Message
-
Anti-ransomware attack probability changed from low to high on volume "%s" in Vserver "%s".
- Parameters
-
volumeName (STRING): Name of the volume.
vserverName (STRING): Name of the Vserver.
arw.analytics.report
- Severity
-
NOTICE
- Description
-
This message occurs when an anti-ransomware analytics report is generated or updated for a volume.
- Corrective Action
-
(None).
- Syslog Message
-
Anti-ransomware analytics report has been generated for volume %s of Vserver %s. The report is available at %s.
- Parameters
-
volumeName (STRING): Name of the volume.
vserverName (STRING): Name of the Vserver.
report_path (STRING): Path to anti-ransomware report.
arw.analytics.suspects
- Severity
-
ERROR
- Description
-
This message occurs when a list of suspects generated by anti-ransomware analytics grows to a point where further investigation is needed.
- Corrective Action
-
(None).
- Syslog Message
-
Anti-ransomware analytics on volume "%s" in Vserver "%s" has outstanding suspect files.
- Parameters
-
volumeName (STRING): Name of the volume.
vserverName (STRING): Name of the Vserver.