Skip to main content
A newer release of this product is available.

Retrieve information on the suspects generated by anti-ransomware analytics

Contributors

GET /security/anti-ransomware/suspects

Introduced In: 9.10

Retrieves information on the suspects generated by the anti-ransomware analytics.

  • security anti-ransomware volume attack generate-report

Parameters

Name Type In Required Description

file.suspect_time

string

query

False

Filter by file.suspect_time

file.path

string

query

False

Filter by file.path

file.format

string

query

False

Filter by file.format

file.name

string

query

False

Filter by file.name

volume.uuid

string

query

False

Filter by volume.uuid

volume.name

string

query

False

Filter by volume.name

is_false_positive

boolean

query

False

Filter by is_false_positive

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

  • Default value: 1

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

  • Default value: 1

  • Max value: 120

  • Min value: 0

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok
Name Type Description

_links

_links

num_records

integer

Number of records

records

array[anti_ransomware_suspect]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "file": {
        "format": "pdf",
        "name": "test_file",
        "path": "d1/d2/d3",
        "suspect_time": "2021-05-12T11:00:16-04:00"
      },
      "volume": {
        "name": "string",
        "uuid": "string"
      }
    }
  ]
}

Error

Status: Default, Error
Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

next

href

self

href

Name Type Description

self

href

file

Name Type Description

format

string

File format of the suspected file.

name

string

Name of the suspected file.

path

string

Path of the suspected file.

suspect_time

string

Time when the file was detected as a potential suspect in date-time format.

volume

Name Type Description

name

string

uuid

string

anti_ransomware_suspect

File suspected to be potentially attacked by ransomware.

Name Type Description

_links

_links

file

file

is_false_positive

boolean

Specifies whether the suspected ransomware activity is a false positive or not. This parameter is only used when making a DELETE call.

volume

volume

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.