curl -k -X POST -H "Content-Type: application/json" -H "ph-auth-token: CZLRUADBTAcFJ7gXEsEj7sCFWxdksG5FGevOJNQjjN0=" -d '{"id":"#17:10076","severity":"CRITICAL","state":"LOCKED_OUT","files":["\\\\onefs93\\System\\ifs\\data\\demo2\\virus - Copy (15) - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy.locky","\\\\onefs93\\System\\ifs\\data\\demo2\\virus - Copy (39) - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy.locky","\\\\onefs93\\System\\ifs\\data\\demo2\\virus - Copy (54) - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy.locky","\\\\onefs93\\System\\ifs\\data\\demo2\\virus - Copy (53) - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy.locky","\\\\onefs93\\System\\ifs\\data\\demo2\\virus - Copy (57) - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy.locky","\\\\onefs93\\System\\ifs\\data\\demo2\\virus - Copy (20) - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy.locky","\\\\onefs93\\System\\ifs\\data\\demo2\\virus - Copy (45) - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy.locky","\\\\onefs93\\System\\ifs\\data\\demo2\\virus - Copy (20) - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy.locky","\\\\onefs93\\System\\ifs\\data\\demo2\\virus - Copy (20) - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy.locky","\\\\onefs93\\System\\ifs\\data\\demo2\\virus - Copy (44) - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy.locky"],"rowKeys":[],"nes":["onefs93"],"user":"S-1-5-21-106253680-1135045642-1225049686-1123","userName":"DEMO\\demo1","shares":[{"name":"docmgmt","zone":"System","initialRunAsRoot":[],"initialPermissions":[{"permission":"FULL","permission_type":"ALLOW","trustee":{"id":"SID:S-1-1-0","name":"Everyone","type":"WELLKNOWN"}}],"clonedInitialPermissions":[],"clonedInitialRunAsRoot":[],"runAsRoot":[],"permissions":[{"permission":"READ","permission_type":"DENY","trustee":{"id":"SID:S-1-5-21-106253680-1135045642-1225049686-1123","name":"DEMO\\demo1","type":"USER"}},{"permission":"FULL","permission_type":"ALLOW","trustee":{"id":"SID:S-1-1-0","name":"Everyone","type":"WELLKNOWN"}}],"neSyncKey":"onefs93_00505699edf0a9bc7561f61c46856c418a3b","neName":"onefs93","path":"/ifs/docmgmt","clients":[],"roClients":[],"rwClients":[],"rootClients":[],"allowVariableExpansion":false},{"name":"QFSQuarantine","zone":"System","initialRunAsRoot":[],"initialPermissions":[{"permission":"FULL","permission_type":"ALLOW","trustee":{"id":"SID:S-1-1-0","name":"Everyone","type":"WELLKNOWN"}}],"clonedInitialPermissions":[],"clonedInitialRunAsRoot":[],"runAsRoot":[],"permissions":[{"permission":"READ","permission_type":"DENY","trustee":{"id":"SID:S-1-5-21-106253680-1135045642-1225049686-1123","name":"DEMO\\demo1","type":"USER"}},{"permission":"FULL","permission_type":"ALLOW","trustee":{"id":"SID:S-1-1-0","name":"Everyone","type":"WELLKNOWN"}}],"neSyncKey":"onefs93_00505699edf0a9bc7561f61c46856c418a3b","neName":"onefs93","path":"/ifs/QFSQuarantine","clients":[],"roClients":[],"rwClients":[],"rootClients":[],"allowVariableExpansion":false},{"name":"dfs","zone":"System","initialRunAsRoot":[],"initialPermissions":[{"permission":"FULL","permission_type":"ALLOW","trustee":{"id":"SID:S-1-1-0","name":"Everyone","type":"WELLKNOWN"}}],"clonedInitialPermissions":[],"clonedInitialRunAsRoot":[],"runAsRoot":[],"permissions":[{"permission":"READ","permission_type":"DENY","trustee":{"id":"SID:S-1-5-21-106253680-1135045642-1225049686-1123","name":"DEMO\\demo1","type":"USER"}},{"permission":"FULL","permission_type":"ALLOW","trustee":{"id":"SID:S-1-1-0","name":"Everyone","type":"WELLKNOWN"}}],"neSyncKey":"onefs93_00505699edf0a9bc7561f61c46856c418a3b","neName":"onefs93","path":"/ifs/data/demo2","clients":[],"roClients":[],"rwClients":[],"rootClients":[],"allowVariableExpansion":false},{"name":"nfssmb","zone":"nfsdata","initialRunAsRoot":[],"initialPermissions":[{"permission":"FULL","permission_type":"ALLOW","trustee":{"id":"SID:S-1-1-0","name":"Everyone","type":"WELLKNOWN"}}],"clonedInitialPermissions":[],"clonedInitialRunAsRoot":[],"runAsRoot":[],"permissions":[{"permission":"READ","permission_type":"DENY","trustee":{"id":"SID:S-1-5-21-106253680-1135045642-1225049686-1123","name":"DEMO\\demo1","type":"USER"}},{"permission":"FULL","permission_type":"ALLOW","trustee":{"id":"SID:S-1-1-0","name":"Everyone","type":"WELLKNOWN"}}],"neSyncKey":"demo93dr_00505699c74b902ea261c31d7de42d78f8e7","neName":"demo93dr","path":"/ifs/data/nfsdata","clients":[],"roClients":[],"rwClients":[],"rootClients":[],"allowVariableExpansion":false},{"name":"igls-dfs-dfs","zone":"System","initialRunAsRoot":[],"initialPermissions":[{"permission":"FULL","permission_type":"ALLOW","trustee":{"id":"SID:S-1-1-0","name":"Everyone","type":"WELLKNOWN"}}],"clonedInitialPermissions":[],"clonedInitialRunAsRoot":[],"runAsRoot":[],"permissions":[{"permission":"READ","permission_type":"DENY","trustee":{"id":"SID:S-1-5-21-106253680-1135045642-1225049686-1123","name":"DEMO\\demo1","type":"USER"}},{"permission":"FULL","permission_type":"ALLOW","trustee":{"id":"SID:S-1-1-0","name":"Everyone","type":"WELLKNOWN"}}],"neSyncKey":"demo93dr_00505699c74b902ea261c31d7de42d78f8e7","neName":"demo93dr","path":"/ifs/data/demo2","clients":[],"roClients":[],"rwClients":[],"rootClients":[],"allowVariableExpansion":false},{"name":"nfssmb","zone":"nfsdata","initialRunAsRoot":[],"initialPermissions":[{"permission":"FULL","permission_type":"ALLOW","trustee":{"id":"SID:S-1-1-0","name":"Everyone","type":"WELLKNOWN"}}],"clonedInitialPermissions":[],"clonedInitialRunAsRoot":[],"runAsRoot":[],"permissions":[{"permission":"READ","permission_type":"DENY","trustee":{"id":"SID:S-1-5-21-106253680-1135045642-1225049686-1123","name":"DEMO\\demo1","type":"USER"}},{"permission":"FULL","permission_type":"ALLOW","trustee":{"id":"SID:S-1-1-0","name":"Everyone","type":"WELLKNOWN"}}],"neSyncKey":"onefs93_00505699edf0a9bc7561f61c46856c418a3b","neName":"onefs93","path":"/ifs/data/nfsdata","clients":[],"roClients":[],"rwClients":[],"rootClients":[],"allowVariableExpansion":false}],"detected":"Oct 9, 2023, 11:31:05 AM","detectedTime":1696865465675,"firstSignalTimeStamp":1696865465476,"archivedTime":0,"lockedOut":"Oct 9, 2023, 11:31:26 AM","lockedOutTime":1696865486758,"expiryTime":1696879877154,"expiry":"n/a","actions":[{"action":"Lockout","dateInLong":1696865486758,"resultState":"LOCKED_OUT","admin":"","comment":"Lockout access result:\u003cbr\u003edemo93dr: successfully locked share nfsdata:nfssmb for user DEMO\\demo1.\u003cbr\u003edemo93dr: successfully locked share System:igls-dfs-dfs for user DEMO\\demo1.\u003cbr\u003eonefs93: successfully locked share System:docmgmt for user DEMO\\demo1.\u003cbr\u003eonefs93: successfully locked share nfsdata:nfssmb for user DEMO\\demo1.\u003cbr\u003eonefs93: successfully locked share System:QFSQuarantine for user DEMO\\demo1.\u003cbr\u003eonefs93: successfully locked share System:dfs for user DEMO\\demo1."},{"action":"Comment","dateInLong":1696865465677,"resultState":"WARNING","admin":"","comment":"Detected ransomware extension(s): [*.locky]"},{"action":"Comment","dateInLong":1696865465676,"resultState":"WARNING","admin":"","comment":"Signal received; New event is raised"},{"action":"Comment","dateInLong":1696865487375,"resultState":"LOCKED_OUT","admin":"","comment":"Signal received; Event state going to LOCKED_OUT"},{"action":"Comment","dateInLong":1696865477337,"resultState":"DELAYED_LOCKOUT","admin":"","comment":"Severity changing from MAJOR to CRITICAL"},{"action":"Comment","dateInLong":1696865486908,"resultState":"LOCKED_OUT","admin":"","comment":"Saved locked out shares"},{"action":"Comment","dateInLong":1696865487288,"resultState":"LOCKED_OUT","admin":"","comment":"Signal received; Event state going to LOCKED_OUT"},{"action":"Comment","dateInLong":1696865487095,"resultState":"LOCKED_OUT","admin":"","comment":"Signal received; Event state going to LOCKED_OUT"},{"action":"Comment","dateInLong":1696865487178,"resultState":"LOCKED_OUT","admin":"","comment":"Signal received; Event state going to LOCKED_OUT"},{"action":"Comment","dateInLong":1696865477037,"resultState":"WARNING","admin":"","comment":"Creating Snapshots for User DEMO\\demo1\u003cbr\u003eSuccessfully created snapshot onefs93 - igls-DEMO-demo1-System-docmgmt-17_10074-1696865466421.\u003cbr\u003eSuccessfully created snapshot onefs93 - igls-critical-path-ifs-data-demo2-17_10074-1696865465908.\u003cbr\u003eSuccessfully created snapshot demo93dr - igls-DEMO-demo1-nfsdata-nfssmb-17_10074-1696865466862.\u003cbr\u003eSuccessfully created snapshot onefs93 - igls-DEMO-demo1-System-QFSQuarantine-17_10074-1696865466415.\u003cbr\u003eSuccessfully created snapshot onefs93 - igls-DEMO-demo1-nfsdata-nfssmb-17_10074-1696865466425.\u003cbr\u003eSuccessfully created snapshot onefs93 - igls-DEMO-demo1-System-dfs-17_10074-1696865466422.\u003cbr\u003eSuccessfully created snapshot demo93dr - igls-DEMO-demo1-System-igls-dfs-dfs-17_10074-1696865466859."},{"action":"Comment","dateInLong":1696865477150,"resultState":"WARNING","admin":"","comment":"Severity changing from WARNING to MAJOR"},{"action":"Comment","dateInLong":1696865476883,"resultState":"WARNING","admin":"","comment":"Creating Snapshots for User DEMO\\demo1\u003cbr\u003eSuccessfully created snapshot onefs93 - igls-DEMO-demo1-System-docmgmt-17_10074-1696865466421.\u003cbr\u003eSuccessfully created snapshot onefs93 - igls-critical-path-ifs-data-demo2-17_10074-1696865465908.\u003cbr\u003eSuccessfully created snapshot demo93dr - igls-DEMO-demo1-nfsdata-nfssmb-17_10074-1696865466862.\u003cbr\u003eSuccessfully created snapshot onefs93 - igls-DEMO-demo1-System-QFSQuarantine-17_10074-1696865466415.\u003cbr\u003eSuccessfully created snapshot onefs93 - igls-DEMO-demo1-nfsdata-nfssmb-17_10074-1696865466425.\u003cbr\u003eSuccessfully created snapshot onefs93 - igls-DEMO-demo1-System-dfs-17_10074-1696865466422.\u003cbr\u003eSuccessfully created snapshot demo93dr - igls-DEMO-demo1-System-igls-dfs-dfs-17_10074-1696865466859."},{"action":"Comment","dateInLong":1696865487461,"resultState":"LOCKED_OUT","admin":"","comment":"Signal received; Event state going to LOCKED_OUT"}],"possibleActions":["Comment","Restore User Access","Create Snapshot","Archive As Unsolved"],"signalStrengths":{"THREAT_DETECTOR_07":10},"predicted":{},"isRoot":false,"monitorOnly":false,"peakMonitor":10,"peakWarning":10,"peakMajor":10,"peakCritical":10,"clientIPs":["172.31.1.45"],"numFiles":9,"isAudit":false,"isRSW":true,"isNFSMonitorMode":false,"isSMBSnapshotEnabled":true,"eventSource":"ISILON_CLUSTER","displayUserActivity":false,"protocol":"SMB2","snapshots":{"onefs93":[{"pct_reserve":0.0,"shadow_bytes":0,"name":"igls-DEMO-demo1-System-docmgmt-17_10074-1696865466421","created":1696865468,"expires":1697038266,"state":"active","has_locks":false,"path":"/ifs/docmgmt","pct_filesystem":2.435778242215747E-6,"id":37432,"size":2048},{"pct_reserve":0.0,"shadow_bytes":0,"name":"igls-critical-path-ifs-data-demo2-17_10074-1696865465908","created":1696865473,"expires":1697038265,"state":"active","has_locks":false,"path":"/ifs/data/demo2","pct_filesystem":4.871556484431494E-6,"id":37436,"size":4096},{"pct_reserve":0.0,"shadow_bytes":0,"name":"igls-DEMO-demo1-System-QFSQuarantine-17_10074-1696865466415","created":1696865467,"expires":1697038266,"state":"active","has_locks":false,"path":"/ifs/QFSQuarantine","pct_filesystem":2.435778242215747E-6,"id":37430,"size":2048},{"pct_reserve":0.0,"shadow_bytes":0,"name":"igls-DEMO-demo1-nfsdata-nfssmb-17_10074-1696865466425","created":1696865472,"expires":1697038266,"state":"active","has_locks":false,"path":"/ifs/data/nfsdata","pct_filesystem":4.871556484431494E-6,"id":37434,"size":4096},{"pct_reserve":0.0,"shadow_bytes":0,"name":"igls-DEMO-demo1-System-dfs-17_10074-1696865466422","created":1696865475,"expires":1697038266,"state":"active","has_locks":false,"path":"/ifs/data/demo2","pct_filesystem":4.871556484431494E-6,"id":37438,"size":4096}],"demo93dr":[{"pct_reserve":0.0,"shadow_bytes":0,"name":"igls-DEMO-demo1-nfsdata-nfssmb-17_10074-1696865466862","created":1696865467,"expires":1697038266,"state":"active","has_locks":false,"path":"/ifs/data/nfsdata","pct_filesystem":4.871556484431494E-6,"id":192,"size":4096},{"pct_reserve":0.0,"shadow_bytes":0,"name":"igls-DEMO-demo1-System-igls-dfs-dfs-17_10074-1696865466859","created":1696865470,"expires":1697038266,"state":"active","has_locks":false,"path":"/ifs/data/demo2","pct_filesystem":4.871556484431494E-6,"id":194,"size":4096}]},"deletedSnapshots":[],"nfsProtocols":["nfs","nfs4"],"isAPIEvent":false,"rswExtensions":["*.locky"],"extraParams":{}}' "http://172.31.1.102:5000/webhook"