Login
      Contents x
      Webshell Behavior Detector overview
        • Print
        • PDF
        Contents

        Webshell Behavior Detector overview

          • Print
          • PDF
          Article summary

          Available in VPC

          Webshell Behavior Detector is a NAVER Cloud Platform service that allows for a quick response to suspicious webshell behaviors by carrying out real-time detections and providing notifications. The Webshell Behavior Detector service provides APIs for Webshell, Excepted Webshell, Quarantine, Exception Rule, Deleted Exception Rule, Notification, and Detection Setting features in RESTful form.

          Common Webshell Behavior Detector settings

          The following describes commonly used request and response formats in Webshell Behavior Detector APIs.

          Request

          The following describes the common request format.

          API URL

          The request API URL is as follows.

          https://wbd.apigw.ntruss.com/api/v1/

          Request headers

          The following describes the headers.

          FieldRequiredDescription
          x-ncp-apigw-timestampRequiredThis is the number of milliseconds that have elapsed since January 1, 1970 00:00:00 UTC
        • Request is considered invalid if the timestamp differs from the current time by more than 5 minutes
          • x-ncp-iam-access-keyRequiredAccess key issued on NAVER Cloud Platform
        • Issue and check access key: See Create authentication key
        • Issue and check access key for sub account: See Create sub account
          • x-ncp-apigw-signature-v2RequiredBase64-encoded signature that encrypts the request information with a secret key that maps to the access key issued on NAVER Cloud Platform, using the HMAC encryption algorithm (HmacSHA256)
        • Issue and check secret key: See Create authentication key
        • Create signature: See Create signature
          • Content-typeRequiredRequest data format
        • application/json
          • X-NCP-USE_PLATFORM_TYPERequiredPlatform environment in use
          • VPC

          Response

          The following describes the common response format.

          Response status codes

          The following describes the response status codes.

          HTTP status codeCodeMessagesDescription
          200400Platform must be not null.Platform header missing
          2008008Invalid file status.The status of file is quarantineFailedInvalid file due to quarantine failure
          2008004Invaliddata.The detection data deleted is false, excepted is false.Invalid data due to deletion or exception failure
          Note

          For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.

          Webshell Behavior Detector API

          The following describes the APIs provided by the Webshell Behavior Detector service.

          Webshell

          The following describes the APIs related to the detection history of webshell behavior.

          APIDescription
          GetWebshellGet webshell behavior detection history
          UpdateWebshellMemoChange the notes for the webshell behavior detection history
          DeleteWebshellDelete webshell behavior detection history
          SearchWebshellSearch webshell behavior detection history
          GetWebshellSuspiciousObjectGet webshell suspect file
          QuarantineWebshellSuspiciousObjectQuarantine webshell suspect file
          RecoverWebshellSuspiciousObjectRecover quarantined webshell suspect file
          UpdateWebshellSuspiciousObjectMemoChange the notes in the webshell suspect file

          ExceptedWebshell

          The following describes the APIs related to exception handling for detected webshell behavior.

          APIDescription
          GetExceptedWebshellGet exception-handled webshell behavior detection history
          RevokeExceptedWebshellClear exception for exception-handled webshell behavior detection history
          UpdateExceptedWebshellMemoChange the notes for the exception-handled webshell behavior detection history
          SearchExceptedWebshellSearch exception-handled webshell behavior detection history
          GetExceptedWebshellSuspiciousObjectGet suspect files in exception-handled webshell behavior detection history
          QuarantineExceptedWebshellSuspiciousObjectQuarantine suspect files in exception-handled webshell behavior detection history
          RecoverExceptedWebshellSuspiciousObjectRecover suspect files in exception-handled webshell behavior detection history
          UpdateExceptedWebshellSuspiciousObjectMemoChange suspect file notes in exception-handled web shell behavior detection history

          Quarantine

          The following describes the quarantine-related APIs.

          APIDescription
          GetQuarantineGet quarantined webshell suspect file
          RecoverQuarantineRecover quarantined webshell suspect file
          SearchQuarantineSearch quarantined webshell suspect files
          UpdateQuarantineMemoChange the notes for quarantined webshell suspect files

          ExceptionRule

          The following describes the APIs related to exception rules.

          APIDescription
          GetExceptionRuleGet exception rule
          SearchExceptionRuleSearch exception rules
          UpdateExceptionRuleMemoChange the notes for exception rules
          DeleteExceptionRuleDelete exception rule

          DeletedExceptionRule

          The following describes the APIs for deleted exception rules.

          APIDescription
          GetDeletedExceptionRuleGet deleted exception rule
          SearchDeletedExceptionRuleSearch deleted exception rules
          UpdateDeletedExceptionRuleMemoChange the notes for deleted exception rules
          RecoverDeletedExceptionRuleRestore deleted exception rules

          Notification

          The following describes the APIs related to notification settings.

          APIDescription
          GetNotificationIntervalGet set notification interval
          UpdateNotificationIntervalSet notification interval

          Detection Setting

          The following describes the APIs related to detection settings.

          APIDescription
          GetDetectionTargetGet detection target
          SearchDetectionTargetSearch detection targets
          ActivateAgentEnable agent installed on the server
          DeactivateAgentDisable agent installed on the server
          UpdateDetectionTargetMemoChange the notes for the detection targets

          NAVER Cloud Platform provides a variety of related resources to help users better understand Webshell Behavior Detector APIs.

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout