Alerts for workload anomaly detection

The workload anomaly alerting mechanism brings an extra layer of detection for IBM Storage Virtualize.

Using advanced compression formulas and entropy analysis, IBM Storage Insights identifies suspicious conditions at both the node and volume level, providing you with early warnings of potential system misbehavior.

You will receive an email notification at the configured email addresses whenever a workload anomaly alert is triggered. This email includes details about the anomalies in your storage environment and provides a link to the corresponding alert in IBM Storage Insights.

Key capabilities of workload anomaly detection alert

  • Streamlined alerting for IBM Storage Virtualize systems:

    IBM Storage Insights will trigger either a ransomware threat alert or a workload anomaly alert for IBM Storage Virtualize system based on the following firmware and FCM drive conditions:

    Table 1. FCM and firmware version requirements for ransomware and workload anomaly detection alerting support
    Firmware version Storage system with at least one FCM drive with version 4 or later Storage system with no FCM drives
    Below 8.6.0.0 No ransomware threat and workload anomaly detection is supported No ransomware threat and workload anomaly detection is supported
    8.6.0.0 to below 8.6.3.0 Only workload anomaly detection is supported Only workload anomaly detection is supported
    8.6.3.0 or later Only ransomware threat detection is supported Only workload anomaly detection is supported
    Note:
    1. The ransomware threat detection for volume groups is supported only for the storage systems with the firmware version 8.7.2.0 or later and having at least one FCM drive with version 4.2 or later.
    2. For the storage system with firmware version 8.6.0.0 or later and having at least one FCM drive with version earlier to 4, only workload anomaly detection is supported.
  • Acknowledgment

    You can acknowledge or un-acknowledge workload anomaly alerts at both the volume level. For more information, see Acknowledging a false positive alert

  • False-positive reporting

    A feedback mechanism for false positives is also available for workload anomaly alerts, enhancing alert accuracy. Submitting feedback for workload anomaly false positives