Skip to main content
ONTAP commands
A newer release of this product is available.

security anti-ransomware volume workload-behavior show

Suggest changes
PDFs

Display information about the volume's workload-behavior learnt by the analytics algorithm

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This security anti-ransomware volume workload-behavior show displays the workload characteristics observed during anti-ransomware monitoring.

Parameters

{ [-fields <fieldname>,…​]

If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

| [-instance ] }

If you specify the -instance parameter, the command displays detailed information about all fields.

-vserver <Vserver Name> - Vserver Name

This parameter specifies the Vserver of the anti-ransomware enabled volume.

-volume <volume name> - Volume Name

This parameter specifies the anti-ransomware enabled volume for which the workload behavior details are displayed.

[-file-extensions-included <text>,…​] - List of File Extensions Observed

This parameter displays the list of file extensions observed during anti-ransomware monitoring.

[-total-file-extensions-included <integer>] - Number of File Extensions Observed

This parameter displays the number of file extensions observed during anti-ransomware monitoring.

[-high-entropy-data-write-peak-percent <integer>] - High Entropy Data Write Peak Percentage

This parameter displays the peak historical high entropy data write percentage of the incoming data.

[-high-entropy-data-write-peak-rate <integer>] - High Entropy Data Write Peak Rate (KB/minute)

This parameter displays the peak historical high entropy data write rate.

[-file-create-peak-rate <integer>] - File Create Peak Rate per Minute

This parameter displays the peak historical rate of file create operations in the volume.

[-file-rename-peak-rate <integer>] - File Rename Peak Rate per Minute

This parameter displays the peak historical rate of file rename operations in the volume.

[-file-delete-peak-rate <integer>] - File Delete Peak Rate per Minute

This parameter displays the peak historical rate of file delete operations in the volume.

[-surge-timeline <MM/DD/YYYY HH:MM:SS>] - Surge Timeline

This parameter displays the timeline where a surge was observed in the workload characteristics compared to the historically learnt characteristics.

[-surge-high-entropy-data-write-peak-percent <integer>] - High Entropy Data Write Percentage During Surge

This parameter displays the peak percentage value of high entropy data write in the incoming data when the surge was observed.

[-surge-high-entropy-data-write-peak-rate <integer>] - High Entropy Data-write Peak Rate Surge (KB/minute)

This parameter displays the peak rate of high entropy data write when the surge was observed.

[-surge-file-create-peak-rate <integer>] - File Create Peak Rate (per Minute) During Surge

This parameter displays the surge in the peak rate of file create operations.

[-surge-file-delete-peak-rate <integer>] - File Delete Peak Rate (per Minute) During Surge

This parameter displays the surge in the peak rate of file delete operations.

[-surge-file-rename-peak-rate <integer>] - File Rename Peak Rate (per Minute) During Surge

This parameter displays the surge in the peak rate of file rename operations.

[-attack-file-extensions-observed <text>,…​] - File Extensions Observed During Attack

This parameter displays the list of file types observed during a suspected ransomware attack.

[-attack-file-extensions-observed-counts <integer>,…​] - Number of File Extensions Observed During Attack

This parameter displays the count of various file types observed during a suspected ransomware attack.

Examples

The following example shows sample output for this command:

cluster1::> security anti-ransomware volume workload-behavior show -vserver vs1 -volume vol1
                                         Vserver: vs1
                                          Volume: vol1
                        File Extensions Observed: .ext1, .ext2, .ext3
              Number of File Extensions Observed: 3
Historical Statstics
              High Entropy Data Write Percentage: 50
   High Entropy Data Write Peak Rate (KB/Minute): 50
              File Create Peak Rate (per Minute): 100
              File Delete Peak Rate (per Minute): 100
              File Rename Peak Rate (per Minute): 100
Surge Observed
                                  Surge Timeline: 1/1/2022 01:01:01
              High Entropy Data Write Percentage: 200
   High Entropy Data Write Peak Rate (KB/Minute): 200
              File Create Peak Rate (per Minute): 200
              File Delete Peak Rate (per Minute): 200
              File Rename Peak Rate (per Minute): 200
                  Newly Observed File Extensions: .uk1,.uk2,.uk3
        Number of Newly Observed File Extensions: 1, 2, 3