高エントロピーデータ検出でARW.ANALYS.HIGHエントロピーイベントをトリガーできない
環境
ONTAP 9
問題
高エントロピーデータ検出は ARW.analytics.high.entropy イベントをトリガーできませんが、ARPスナップショットのみが生成されます。
::> security anti-ransomware volume workload-behavior show -vserver svm1 -volume vol1Vserver : svm1Volume : vol1File Extensions Observed : crt, pdf, docx, key, rpm, XML, 7z, zip, txt, docm, pem, reg, exe, conf, gz, jks, html, csr, p12, ppk, 2, msi, datNumber of File Extensions Observed : 23Historical StatisticsHigh Entropy Data Write Percentage : -High Entropy Data Write Peak Rate (KB/Minute) : -File Create Peak Rate (per Minute) : 5File Delete Peak Rate (per Minute) : -File Rename Peak Rate (per Minute) : -Surge ObservedSurge Timeline : 11/2/2023 07:29:35High Entropy Data Write Percentage : 100High Entropy Data Write Peak Rate (KB/Minute) : 5120File Create Peak Rate (per Minute) : -File Delete Peak Rate (per Minute) : -File Rename Peak Rate (per Minute) : -Newly Observed File Extensions : -Number of Newly Observed File Extensions : -::> event log show -message-name arw.analytics.high.entropyThere are no entries matching your query.::> security anti-ransomware volume attack-detection-parameters show -vserver svm1 -volume vol3
Vserver Name : svm1
Volume Name : vol3
Is Detection Based on High Entropy Data Rate? : true
Is Detection Based on Never Seen before File Extension? : true
Is Detection Based on File Create Rate? : true
Is Detection Based on File Rename Rate? : true
Is Detection Based on File Delete Rate? : true
Is Detection Relaxing Popular File Extensions? : true
High Entropy Data Surge Notify Percentage : 100
File Create Rate Surge Notify Percentage : 100
File Rename Rate Surge Notify Percentage : 100
File Delete Rate Surge Notify Percentage : 100
Never Seen before File Extensions Count Notify Threshold : 20
Never Seen before File Extensions Duration in Hour : 24