Retrieve information on the suspects generated by anti-ransomware analytics
Suggest changes
PDFs
GET /security/anti-ransomware/suspects
Introduced In: 9.10
Retrieves information on the suspects generated by the anti-ransomware analytics.
Related ONTAP commands
-
security anti-ransomware volume attack generate-report
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
file.reason |
string |
query |
False |
Filter by file.reason
|
file.suspect_time |
string |
query |
False |
Filter by file.suspect_time |
file.format |
string |
query |
False |
Filter by file.format |
file.name |
string |
query |
False |
Filter by file.name |
file.path |
string |
query |
False |
Filter by file.path |
volume.name |
string |
query |
False |
Filter by volume.name |
volume.uuid |
string |
query |
False |
Filter by volume.uuid |
is_false_positive |
boolean |
query |
False |
Filter by is_false_positive |
fields |
array[string] |
query |
False |
Specify the fields to return. |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
Response
Status: 200, Ok| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[anti_ransomware_suspect] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"num_records": 1,
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"file": {
"format": "pdf",
"name": "test_file",
"path": "d1/d2/d3",
"reason": "High Entropy",
"suspect_time": "2021-05-12 11:00:16 -0400"
},
"volume": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "volume1",
"uuid": "028baa66-41bd-11e9-81d5-00a0986138f7"
}
}
]
}Error
Status: Default, Error| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
_links
| Name | Type | Description |
|---|---|---|
self |
file
| Name | Type | Description |
|---|---|---|
format |
string |
File format of the suspected file. |
name |
string |
Name of the suspected file. |
path |
string |
Path of the suspected file. |
reason |
string |
Reason behind this file bieng suspected |
suspect_time |
string |
Time when the file was detected as a potential suspect in date-time format. |
volume
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the volume. This field cannot be specified in a POST or PATCH method. |
uuid |
string |
Unique identifier for the volume. This corresponds to the instance-uuid that is exposed in the CLI and ONTAPI. It does not change due to a volume move.
|
anti_ransomware_suspect
File suspected to be potentially attacked by ransomware.
| Name | Type | Description |
|---|---|---|
_links |
||
file |
||
is_false_positive |
boolean |
Specifies whether the suspected ransomware activity is a false positive or not. This parameter is only used when making a DELETE call. |
volume |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |