Monitor workload health using the NetAPp Ransomware Resilience Dashboard
Suggest changes
PDFs
The NetApp Ransomware Resilience Dashboard provides at-a-glance information about the protection health of your workloads. You can quickly determine workloads that are at risk or protected, identify workloads impacted by an incident or in recovery, and gauge the extent of protection by looking at how much storage is protected or at risk.
Use the Dashboard to review protection suggestions, change settings, download reports, and view documentation.
Required Console role
To perform this task, you need the Organization admin, Folder or project admin, Ransomware Resilience admin, or Ransomware Resilience viewer role. Learn about Ransomware Resilience roles for NetApp Console.
Review workload health using the Dashboard
-
After the Console discovers your workloads, the Ransomware Resilience dashboard displays workload data protection health.
-
From the Dashboard, you can do the following actions in each of the panes:
-
Workload data protection: Select View all to see all workloads that are at risk or protected on the Protection page. Workloads are at risk when protection levels don't match a protection policy. Refer to Protect workloads.
Select the "i" tooltip to see tips on this data. To increase the workload limit, select Increase workload limit inside this i note. Selecting this takes you to the Console Support page where you can create a case ticket. -
Alerts and workload data recovery: Select View all to see active incidents that have impacted your workload, are ready for recovery after incidents are neutralized, or are in recovery. Refer to Respond to a detected alert.
-
An incident is categorized in one of the following states:
-
New
-
Dismissed
-
Dismissing
-
Resolved
-
-
An alert can have one of the following statuses:
-
New
-
Inactive
-
-
A workload can have one of the following restore statuses:
-
Restore needed
-
In progress
-
Restored
-
Failed
-
-
-
Recommended actions: To increase protection, review each recommendation then select Review and fix.
Ransomware Resilience displays new recommendations since your last visit to the Dashboard with the "New" tag for 24 hours. Actions appear in priority order, with the most important at the top. Review, act on, or dismiss each recommendation.
The total number of actions does not include actions you dismissed.
-
Workload data: Monitor changes in protection coverage over the last 7 days.
-
Workload backups: Monitor changes in workload backups created by Ransomware Resilience that failed or completed successfully in the last 7 days.
-
Review protection recommendations on the Dashboard
Ransomware Resilience assesses the protection on your workloads and recommends actions to improve that protection.
You can review a recommendation and act on it, which changes the recommendation status to Complete. Or, if you want to act on it later, you can dismiss it. Dismissing an action moves the recommendation to a list of dismissed actions, which you can review later.
Here is a sampling of the recommendations that Ransomware Resilience offers.
| Recommendation | Description | How to resolve |
|---|---|---|
Add a ransomware protection policy. |
The workload is currently not protected. |
Assign a policy to the workload. |
Connect to SIEM for threat reporting. |
Send data to a security and event management system (SIEM) for threat analysis and detection. |
Enter SIEM/XDR server details to enable threat detection. |
Enable workload-consistent protection for applications or VMware. |
These workloads are not managed by SnapCenter Software or SnapCenter Plug-in for VMware vSphere. |
To have them managed by SnapCenter, enable workload-consistent protection. |
Improve security posture for system |
NetApp Digital Advisor has identified at least one high or critical security risk. |
Review all security risks in NetApp Digital Advisor. |
Make a policy stronger. |
Some workloads might not have enough protection. Strengthen protection on workloads with a policy. |
Increase retention, add backups, enforce immutable backups, block suspicious file extensions, enable detection on secondary storage and more. |
Prepare <backup provider> as a backup destination to back up your workload data. |
The workload does not currently have any backup destinations. |
Add backup destinations to this workload to protect it. |
Protect critical or highly important application workloads against ransomware. |
The Protect page displays critical or highly important (based on the Priority level assigned) application workloads that are not protected. |
Assign a policy to these workloads. |
Protect critical or highly important file share workloads against ransomware. |
The Protection page displays critical or highly important workloads of the type File Share or Datastore that are not protected. |
Assign a policy to each of the workloads. |
Register available SnapCenter plugin for VMware vSphere (SCV) with the Console |
A VM workload is not protected. |
Assign VM-consistent protection to the VM workload by enabling the SnapCenter Plugin for VMware vSphere. |
Register available SnapCenter Server with the Console |
An application is not protected. |
Assign application-consistent protection to the workload by enabling SnapCenter Server. |
Review new alerts. |
New alerts exist. |
Review the new alerts. |
-
From the Recommended actions pane in Ransomware Resilience, select a recommendation then Review and fix.
-
To dismiss the action until later, select Dismiss.
The recommendation clears from the To Do list and appears on the Dismissed list.
You can later change a dismissed item to a To Do item. When you mark an item completed or you change a dismissed item to a To Do action, the Total actions increases by 1. -
To review information on how to act on the recommendations, select the information icon.
Export protection data to CSV files
You can export data and download CSV files that show details of protection, alerts, and recovery.
You can download CSV files from any of the main menu options:
-
Protection: Contains the status and details of all workloads, including the total number of workloads that Ransomware Resilience marks as protected or at risk.
-
Alerts: Includes the status and details of all alerts, including the total number of alerts and automated snapshots.
-
Recovery: Includes the status and details of all workloads that need to be restored, including the total number of workloads that Ransomware Resilience marks as "Restore needed", "In progress," "Restore failed," and "Successfully restored."
Downloading a CSV file from a page includes only that page's data.
The CSV files include data for all workloads on all Console systems.
-
From Ransomware Resilience dashboard, select the Refresh
option in the upper right to refresh the data that will appear in the files. -
Do one of the following:
-
From the page, select the Download
option. -
From the Ransomware Resilience menu, select Reports.
-
-
If you selected the Reports option, select one of the preconfigured named files then select Download (CSV) or Download (JSON).
Access technical documentation
You can access Ransomware Resilience technical documentation from docs.netapp.com or from inside Ransomware Resilience.
-
From the Ransomware Resilience dashboard, select the vertical Actions
option. -
Select one of these options:
-
What's new to view information about the features in the current or previous releases in the Release Notes.
-
Documentation to view the Ransomware Resilience documentation Home page and this documentation.
-