Skip to main content
NetApp Ransomware Resilience

Monitor workload health using the NetAPp Ransomware Resilience Dashboard

Contributors amgrissino netapp-ahibbard

The NetApp Ransomware Resilience Dashboard provides at-a-glance information about the protection health of your workloads. You can quickly determine workloads that are at risk or protected, identify workloads impacted by an incident or in recovery, and gauge the extent of protection by looking at how much storage is protected or at risk.

Use the Dashboard to review protection suggestions, change settings, download reports, and view documentation.

Required Console role
To perform this task, you need the Organization admin, Folder or project admin, Ransomware Resilience admin, or Ransomware Resilience viewer role. Learn about BlueXP access roles for all services.

Review workload health using the Dashboard

Steps
  1. After the Console discovers your workloads, the Ransomware Resilience dashboard displays workload data protection health.

    Dashboard page

  2. From the Dashboard, you can do the following actions in each of the panes:

    • Workload data protection: Select View all to see all workloads that are at risk or protected on the Protection page. Workloads are at risk when protection levels don't match a protection policy. Refer to Protect workloads.

      Tip Select the "i" tooltip to see tips on this data. To increase the workload limit, select Increase workload limit inside this i note. Selecting this takes you to the Console Support page where you can create a case ticket.
    • Alerts and workload data recovery: Select View all to see active incidents that have impacted your workload, are ready for recovery after incidents are neutralized, or are in recovery. Refer to Respond to a detected alert.

      • An incident is categorized in one of the following states:

        • New

        • Dismissed

        • Dismissing

        • Resolved

      • An alert can have one of the following statuses:

        • New

        • Inactive

      • A workload can have one of the following restore statuses:

        • Restore needed

        • In progress

        • Restored

        • Failed

    • Recommended actions: To increase protection, review each recommendation then select Review and fix.

      Ransomware Resilience displays new recommendations since your last visit to the Dashboard with the "New" tag for 24 hours. Actions appear in priority order, with the most important at the top. Review, act on, or dismiss each recommendation.

      The total number of actions does not include actions you dismissed.

    • Workload data: Monitor changes in protection coverage over the last 7 days.

    • Workload backups: Monitor changes in workload backups created by Ransomware Resilience that failed or completed successfully in the last 7 days.

Review protection recommendations on the Dashboard

Ransomware Resilience assesses the protection on your workloads and recommends actions to improve that protection.

You can review a recommendation and act on it, which changes the recommendation status to Complete. Or, if you want to act on it later, you can dismiss it. Dismissing an action moves the recommendation to a list of dismissed actions, which you can review later.

Here is a sampling of the recommendations that Ransomware Resilience offers.

Recommendation Description How to resolve

Add a ransomware protection policy.

The workload is currently not protected.

Assign a policy to the workload.
Refer to Protect workloads against ransomware attacks.

Connect to SIEM for threat reporting.

Send data to a security and event management system (SIEM) for threat analysis and detection.

Enter SIEM/XDR server details to enable threat detection.
Refer to Configure protection settings.

Enable workload-consistent protection for applications or VMware.

These workloads are not managed by SnapCenter Software or SnapCenter Plug-in for VMware vSphere.

To have them managed by SnapCenter, enable workload-consistent protection.
Refer to Protect workload against ransomware attacks.

Improve security posture for system

NetApp Digital Advisor has identified at least one high or critical security risk.

Review all security risks in NetApp Digital Advisor.
Refer to Digital Advisor documentation.

Make a policy stronger.

Some workloads might not have enough protection. Strengthen protection on workloads with a policy.

Increase retention, add backups, enforce immutable backups, block suspicious file extensions, enable detection on secondary storage and more.
Refer to Protect workloads against ransomware attacks.

Prepare <backup provider> as a backup destination to back up your workload data.

The workload does not currently have any backup destinations.

Add backup destinations to this workload to protect it.
Refer to Configure protection settings.

Protect critical or highly important application workloads against ransomware.

The Protect page displays critical or highly important (based on the Priority level assigned) application workloads that are not protected.

Assign a policy to these workloads.
Refer to Protect workloads against ransomware attacks.

Protect critical or highly important file share workloads against ransomware.

The Protection page displays critical or highly important workloads of the type File Share or Datastore that are not protected.

Assign a policy to each of the workloads.
Refer to Protect workloads against ransomware attacks.

Register available SnapCenter plugin for VMware vSphere (SCV) with the Console

A VM workload is not protected.

Assign VM-consistent protection to the VM workload by enabling the SnapCenter Plugin for VMware vSphere.
Refer to Protect workloads against ransomware attacks.

Register available SnapCenter Server with the Console

An application is not protected.

Assign application-consistent protection to the workload by enabling SnapCenter Server.
Refer to Protect workloads against ransomware attacks.

Review new alerts.

New alerts exist.

Review the new alerts.
Refer to Respond to a detected ransomware alert.

Steps
  1. From the Recommended actions pane in Ransomware Resilience, select a recommendation then Review and fix.

  2. To dismiss the action until later, select Dismiss.

    The recommendation clears from the To Do list and appears on the Dismissed list.

    Tip You can later change a dismissed item to a To Do item. When you mark an item completed or you change a dismissed item to a To Do action, the Total actions increases by 1.
  3. To review information on how to act on the recommendations, select the information icon.

Export protection data to CSV files

You can export data and download CSV files that show details of protection, alerts, and recovery.

You can download CSV files from any of the main menu options:

  • Protection: Contains the status and details of all workloads, including the total number of workloads that Ransomware Resilience marks as protected or at risk.

  • Alerts: Includes the status and details of all alerts, including the total number of alerts and automated snapshots.

  • Recovery: Includes the status and details of all workloads that need to be restored, including the total number of workloads that Ransomware Resilience marks as "Restore needed", "In progress," "Restore failed," and "Successfully restored."

Downloading a CSV file from a page includes only that page's data.

The CSV files include data for all workloads on all Console systems.

Steps
  1. From Ransomware Resilience dashboard, select the Refresh Refresh option option in the upper right to refresh the data that will appear in the files.

  2. Do one of the following:

    • From the page, select the Download Download option option.

    • From the Ransomware Resilience menu, select Reports.

  3. If you selected the Reports option, select one of the preconfigured named files then select Download (CSV) or Download (JSON).

Access technical documentation

You can access Ransomware Resilience technical documentation from docs.netapp.com or from inside Ransomware Resilience.

Steps
  1. From the Ransomware Resilience dashboard, select the vertical Actions Vertical Actions option option.

  2. Select one of these options:

    • What's new to view information about the features in the current or previous releases in the Release Notes.

    • Documentation to view the Ransomware Resilience documentation Home page and this documentation.