Skip to main content
A newer release of this product is available.

Retrieve information on the suspects generated by anti-ransomware analytics

Contributors

GET /security/anti-ransomware/suspects

Introduced In: 9.10

Retrieves information on the suspects generated by the anti-ransomware analytics.

  • security anti-ransomware volume attack generate-report

Parameters

Name Type In Required Description

file.format

string

query

False

Filter by file.format

file.reason

string

query

False

Filter by file.reason

  • Introduced in: 9.11

file.path

string

query

False

Filter by file.path

file.name

string

query

False

Filter by file.name

file.suspect_time

string

query

False

Filter by file.suspect_time

volume.name

string

query

False

Filter by volume.name

volume.uuid

string

query

False

Filter by volume.uuid

is_false_positive

boolean

query

False

Filter by is_false_positive

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

  • Default value: 1

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

  • Default value: 1

  • Max value: 120

  • Min value: 0

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok
Name Type Description

_links

_links

num_records

integer

Number of records

records

array[anti_ransomware_suspect]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "file": {
        "format": "pdf",
        "name": "test_file",
        "path": "d1/d2/d3",
        "reason": "High Entropy",
        "suspect_time": "2021-05-12T11:00:16-04:00"
      },
      "volume": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "volume1",
        "uuid": "028baa66-41bd-11e9-81d5-00a0986138f7"
      }
    }
  ]
}

Error

Status: Default, Error
Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

next

href

self

href

Name Type Description

self

href

file

Name Type Description

format

string

File format of the suspected file.

name

string

Name of the suspected file.

path

string

Path of the suspected file.

reason

string

Reason behind this file bieng suspected

suspect_time

string

Time when the file was detected as a potential suspect in date-time format.

volume

Name Type Description

_links

_links

name

string

The name of the volume.

uuid

string

Unique identifier for the volume. This corresponds to the instance-uuid that is exposed in the CLI and ONTAPI. It does not change due to a volume move.

  • example: 028baa66-41bd-11e9-81d5-00a0986138f7

  • Introduced in: 9.6

anti_ransomware_suspect

File suspected to be potentially attacked by ransomware.

Name Type Description

_links

_links

file

file

is_false_positive

boolean

Specifies whether the suspected ransomware activity is a false positive or not. This parameter is only used when making a DELETE call.

volume

volume

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.