Release notes
Modify options for ONTAP automatic snapshots
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
Beginning with ONTAP 9.11.1, you can use the CLI to control the retention settings for Autonomous Ransomware Protection (ARP) snapshots that are automatically generated in response to suspected ransomware attacks.
You can only modify ARP snapshots options on a node SVM and not on other SVM types.
Learn more about the commands described in this procedure in the ONTAP command reference.
-
Show all current ARP snapshot settings:
options -option-name arw*Cli -
Show selected current ARP snapshot settings:
options -option-name <arw_setting_name>Cli -
Modify ARP snapshot settings:
options -option-name <arw_setting_name> -option-value <arw_setting_value>CliThe following settings are modifiable:
ARW setting Description arw.snap.max.countSpecifies the maximum number of ARP snapshots that can exist in a volume at any given time. Older copies are deleted to ensure that the total number of ARP snapshots are within this specified limit.
arw.snap.create.interval.hoursSpecifies the interval in hours between ARP snapshots. A new ARP snapshot is created when an data entropy-based attack is suspected and the most recently created ARP snapshot is older than the specified interval.
arw.snap.normal.retain.interval.hoursSpecifies the duration in hours for which an ARP snapshot is retained. When an ARP snapshot reaches the retention threshold, any other ARP snapshots copy created before it is deleted. No more than one ARP snapshot older than the retention threshold can exist.
arw.snap.max.retain.interval.daysSpecifies the maximum duration in days for which an ARP snapshot can be retained. Any ARP snapshot older than this duration is deleted when there is no attack reported on the volume.
The maximum retention interval for ARP snapshots is ignored if a moderate threat is detected. The ARP snapshot created in response to the threat is retained until you have responded to the threat. When you mark a threat as a false positive, ONTAP will delete the ARP snapshots for the volume. arw.snap.create.interval.hours.post.max.countSpecifies the interval in hours between ARP snapshots when the volume already contains the maximum number of ARP snapshots. When the maximum number is reached, an ARP snapshot is deleted to make room for a new copy. The new ARP snapshot creation speed can be reduced to retain the older copy using this option. If the volume already contains the maximum number of ARP snapshots, the interval specified in this option is used for next ARP snapshot creation, instead of
arw.snap.create.interval.hours.arw.surge.snap.interval.daysSpecifies the interval in days between ARP snapshots created in response to IO surges. ONTAP creates an ARP snapshot surge copy when there's a surge in IO traffic and the last created ARP snapshot is older than this specified interval. This option also specifies retention period in day for an ARP surge snapshot.
arw.snap.new.extns.interval.hoursThis option specifies the interval in hours between the ARP snapshots created when a new file extension is detected. A new ARP snapshot is created when a new file extension is observed; the previous snapshot created upon observing a new file extension is older than this specified interval. On a workload that frequently creates new file extensions, this interval helps in controlling the frequency of the ARP snapshots. This option exists independent of
arw.snap.create.interval.hours, which specifies the interval for data entropy-based ARP snapshots.
