security anti-ransomware volume attack clear-suspect
Clear suspect record
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The anti-ransomware volume attack clear-suspect
command removes the specified files from suspect files report. When no optional parameters are provided, the suspect report file is cleared. If the attack is marked as a true positive, by setting the false-positive
parameter to false
, the snapshot is retained for 7 days. If marked as a false positive, by setting the false-positive
parameter to true
, the snapshot is retained for 24 hours.
Parameters
-vserver <vserver name>
- Vserver Name-
This parameter specifies the Vserver on which the volume is located.
-volume <volume name>
- Volume Name-
This parameter specifies the name of the volume on which anti-ransomware feature is enabled.
- {
[-sequence-number <integer>]
- Sequence Number -
This optionally specifies the sequence number of the suspect file obtained from generated report.
- |
[-extensions <text>,…]
- File Extensions -
This optionally specifies the extensions of ransomware attacked files that needs to be cleared from attack report.
- |
[-start-time <MM/DD/YYYY HH:MM:SS>]
- Start Time -
This optionally specifies the lower bound of the time to clear a suspect record. Any suspect record with time greater than or equal to start-time is cleared.
[-end-time <MM/DD/YYYY HH:MM:SS>]
- End Time }-
This optionally specifies upper bound of the time to clear a suspect record. Any suspect record with time less than or equal to end-time is cleared.
-false-positive {true|false}
- False Positive?-
This indicates whether the suspect record of specific extensions, time range, and so on, are to be considered a false positive.
Examples
The following example shows a sample output for clearing all the suspects observed with timestamp in the start-time and end-time range, and with given extension.
clus1::> security anti-ransomware volume attack clear-suspect -volume testvol -start-time "4/14/2021 04:16:48" -end-time "4/14/2021 06:16:50" 5 suspect records cleared. The following examples shows output when given sequence-number is not present. clus1::*> security anti-ransomware volume attack clear-suspect -volume testvol -sequence-number 1000 Error: command failed: No suspect records found.