arw.analytics events

Contributors

arw.analytics.ext.report

Severity

NOTICE

Description

This message occurs when anti-ransomware analytics generates or updates the "suspicious file extensions" report for a volume.

Corrective Action

(None).

Syslog Message

Anti-ransomware file extension analytics has found %s across high entropy data on the volume "%s" in Vserver "%s". Report location: %s.

Parameters

fileExtension (STRING): Previously unseen file extension or suspicious file extension
volumeName (STRING): Name of the volume.
vserverName (STRING): Name of the Vserver.
fileExtensionReport (STRING): Link to report run after file extension analysis.

arw.analytics.high.entropy

Severity

ERROR

Description

This message occurs when the number of high entropy data log messages (pertaining to ransomware detection and analysis) that were generated for a volume cross the predefined threshold.

Corrective Action

To correct this issue: 1) Restore data from the last Snapshot copy that were saved before high entropy data was detected. 2) Refer to the anti-ransomware documentation to learn how to implement ransomware protection and mitigation strategies.

Syslog Message

A large amount of high entropy data was found on volume "%s" in Vserver "%s".

Parameters

volumeName (STRING): Name of the volume.
vserverName (STRING): Name of the Vserver.

arw.analytics.probability

Severity

ERROR

Description

This message occurs when an anti-ransomware attack probability has changed from "low" to "high" on a volume.

Corrective Action

To correct this issue: 1) Restore to the last safe Snapshot copy before attack probabilty became high. 2) Refer to the anti-ransomware documentation to diagnose further and take remedial measures.

Syslog Message

Anti-ransomware attack probability changed from low to high on volume "%s" in Vserver "%s".

Parameters

volumeName (STRING): Name of the volume.
vserverName (STRING): Name of the Vserver.

arw.analytics.report

Severity

NOTICE

Description

This message occurs when an anti-ransomware analytics report is generated or updated for a volume.

Corrective Action

(None).

Syslog Message

Anti-ransomware analytics report has been generated for volume %s of Vserver %s. The report is available at %s.

Parameters

volumeName (STRING): Name of the volume.
vserverName (STRING): Name of the Vserver.
report_path (STRING): Path to anti-ransomware report.

arw.analytics.suspects

Severity

ERROR

Description

This message occurs when a list of suspects generated by anti-ransomware analytics grows to a point where further investigation is needed.

Corrective Action

(None).

Syslog Message

Anti-ransomware analytics on volume "%s" in Vserver "%s" has outstanding suspect files.

Parameters

volumeName (STRING): Name of the volume.
vserverName (STRING): Name of the Vserver.