Clear-AzNetAppFilesRansomwareReportSuspect

Module:

Az.NetAppFiles Module

Clears suspects for an Azure NetApp Files (ANF) Advanced Ransomware Protection (ARP) report.

Syntax

ByFieldsParameterSet (Default)

Clear-AzNetAppFilesRansomwareReportSuspect
    -ResourceGroupName <String>
    -AccountName <String>
    -PoolName <String>
    -VolumeName <String>
    -Name <String>
    -Resolution <String>
    -Extension <String[]>
    [-PassThru]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

ByParentObjectParameterSet

Clear-AzNetAppFilesRansomwareReportSuspect
    -Name <String>
    -Resolution <String>
    -Extension <String[]>
    -VolumeObject <PSNetAppFilesVolume>
    [-PassThru]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

ByResourceIdParameterSet

Clear-AzNetAppFilesRansomwareReportSuspect
    -Resolution <String>
    -Extension <String[]>
    -ResourceId <String>
    [-PassThru]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Description

The Clear-AzNetAppFilesRansomwareReportSuspect cmdlet clears suspects for an ARP report on an ANF volume. You should evaluate the report to determine whether the activity is acceptable (false positive) or whether an attack seems malicious (potential threat). Each call resolves the specified file extensions with the given resolution.

Examples

Example 1: Mark suspect file extensions as false positive

Clear-AzNetAppFilesRansomwareReportSuspect -ResourceGroupName "MyRG" -AccountName "MyAnfAccount" -PoolName "MyAnfPool" -VolumeName "MyAnfVolume" -Name "current" -Resolution "FalsePositive" -Extension @(".enc", ".locked")

This command marks the file extensions ".enc" and ".locked" as false positives in the ARP report named "current" for the volume "MyAnfVolume".

Example 2: Mark suspect file extensions as potential threat

Clear-AzNetAppFilesRansomwareReportSuspect -ResourceGroupName "MyRG" -AccountName "MyAnfAccount" -PoolName "MyAnfPool" -VolumeName "MyAnfVolume" -Name "current" -Resolution "PotentialThreat" -Extension @(".crypt") -PassThru

True

This command marks the file extension ".crypt" as a potential threat in the ARP report and returns True on success using the -PassThru switch.

Example 3: Clear suspects using a volume object from the pipeline

Get-AzNetAppFilesVolume -ResourceGroupName "MyRG" -AccountName "MyAnfAccount" -PoolName "MyAnfPool" -VolumeName "MyAnfVolume" | Clear-AzNetAppFilesRansomwareReportSuspect -Name "current" -Resolution "FalsePositive" -Extension @(".enc")

This command clears suspects in the ARP report using a pipeline input from Get-AzNetAppFilesVolume.

Parameters

-AccountName

The name of the ANF account

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

ByFieldsParameterSet

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	cf

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Parameter properties

Type:	IAzureContextContainer
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	AzContext, AzureRmContext, AzureCredential

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Extension

List of file extensions to resolve (e.g. '.enc', '.locked')

Parameter properties

Type:	String[]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Name

The name of the ANF ransomware report

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	RansomwareReportName

Parameter sets

ByFieldsParameterSet

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

ByParentObjectParameterSet

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-PassThru

Return whether the suspects were successfully cleared

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-PoolName

The name of the ANF pool

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

ByFieldsParameterSet

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Resolution

The resolution for the suspects. Possible values include: 'PotentialThreat', 'FalsePositive'

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ResourceGroupName

The resource group of the ANF volume

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

ByFieldsParameterSet

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ResourceId

The resource id of the ANF ransomware report

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

ByResourceIdParameterSet

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-VolumeName

The name of the ANF volume

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

ByFieldsParameterSet

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-VolumeObject

The volume object containing the ransomware report

Parameter properties

Type:	PSNetAppFilesVolume
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

ByParentObjectParameterSet

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	wi

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

String

PSNetAppFilesVolume

Outputs

Boolean