Available in VPC
Webshell Behavior Detector is a NAVER Cloud Platform service that allows for a quick response to suspicious webshell behaviors by carrying out real-time detections and providing notifications. The Webshell Behavior Detector service provides APIs for Webshell, Excepted Webshell, Quarantine, Exception Rule, Deleted Exception Rule, Notification, and Detection Setting features in RESTful form.
Common Webshell Behavior Detector settings
The following describes commonly used request and response formats in Webshell Behavior Detector APIs.
Request
The following describes the common request format.
API URL
The request API URL is as follows.
https://wbd.apigw.ntruss.com/api/v1/
Request headers
The following describes the headers.
| Field | Required | Description |
|---|---|---|
x-ncp-apigw-timestamp |
Required | This is the number of milliseconds that have elapsed since January 1, 1970 00:00:00 UTC |
x-ncp-iam-access-key |
Required | Access key issued on NAVER Cloud Platform |
x-ncp-apigw-signature-v2 |
Required | Base64-encoded signature that encrypts the request information with a secret key that maps to the access key issued on NAVER Cloud Platform, using the HMAC encryption algorithm (HmacSHA256) |
Content-type |
Required | Request data formatapplication/json |
X-NCP-USE_PLATFORM_TYPE |
Required | Platform environment in use
|
Response
The following describes the common response format.
Response status codes
The following describes the response status codes.
| HTTP status code | Code | Messages | Description |
|---|---|---|---|
| 200 | 400 | Platform must be not null. | Platform header missing |
| 200 | 8008 | Invalid file status.The status of file is quarantineFailed | Invalid file due to quarantine failure |
| 200 | 8004 | Invaliddata.The detection data deleted is false, excepted is false. | Invalid data due to deletion or exception failure |
For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.
Webshell Behavior Detector API
The following describes the APIs provided by the Webshell Behavior Detector service.
Webshell
The following describes the APIs related to the detection history of webshell behavior.
| API | Description |
|---|---|
| GetWebshell | Get webshell behavior detection history |
| UpdateWebshellMemo | Change the notes for the webshell behavior detection history |
| DeleteWebshell | Delete webshell behavior detection history |
| SearchWebshell | Search webshell behavior detection history |
| GetWebshellSuspiciousObject | Get webshell suspect file |
| QuarantineWebshellSuspiciousObject | Quarantine webshell suspect file |
| RecoverWebshellSuspiciousObject | Recover quarantined webshell suspect file |
| UpdateWebshellSuspiciousObjectMemo | Change the notes in the webshell suspect file |
ExceptedWebshell
The following describes the APIs related to exception handling for detected webshell behavior.
| API | Description |
|---|---|
| GetExceptedWebshell | Get exception-handled webshell behavior detection history |
| RevokeExceptedWebshell | Clear exception for exception-handled webshell behavior detection history |
| UpdateExceptedWebshellMemo | Change the notes for the exception-handled webshell behavior detection history |
| SearchExceptedWebshell | Search exception-handled webshell behavior detection history |
| GetExceptedWebshellSuspiciousObject | Get suspect files in exception-handled webshell behavior detection history |
| QuarantineExceptedWebshellSuspiciousObject | Quarantine suspect files in exception-handled webshell behavior detection history |
| RecoverExceptedWebshellSuspiciousObject | Recover suspect files in exception-handled webshell behavior detection history |
| UpdateExceptedWebshellSuspiciousObjectMemo | Change suspect file notes in exception-handled web shell behavior detection history |
Quarantine
The following describes the quarantine-related APIs.
| API | Description |
|---|---|
| GetQuarantine | Get quarantined webshell suspect file |
| RecoverQuarantine | Recover quarantined webshell suspect file |
| SearchQuarantine | Search quarantined webshell suspect files |
| UpdateQuarantineMemo | Change the notes for quarantined webshell suspect files |
ExceptionRule
The following describes the APIs related to exception rules.
| API | Description |
|---|---|
| GetExceptionRule | Get exception rule |
| SearchExceptionRule | Search exception rules |
| UpdateExceptionRuleMemo | Change the notes for exception rules |
| DeleteExceptionRule | Delete exception rule |
DeletedExceptionRule
The following describes the APIs for deleted exception rules.
| API | Description |
|---|---|
| GetDeletedExceptionRule | Get deleted exception rule |
| SearchDeletedExceptionRule | Search deleted exception rules |
| UpdateDeletedExceptionRuleMemo | Change the notes for deleted exception rules |
| RecoverDeletedExceptionRule | Restore deleted exception rules |
Notification
The following describes the APIs related to notification settings.
| API | Description |
|---|---|
| GetNotificationInterval | Get set notification interval |
| UpdateNotificationInterval | Set notification interval |
Detection Setting
The following describes the APIs related to detection settings.
| API | Description |
|---|---|
| GetDetectionTarget | Get detection target |
| SearchDetectionTarget | Search detection targets |
| ActivateAgent | Enable agent installed on the server |
| DeactivateAgent | Disable agent installed on the server |
| UpdateDetectionTargetMemo | Change the notes for the detection targets |
Webshell Behavior Detector related resources
NAVER Cloud Platform provides a variety of related resources to help users better understand Webshell Behavior Detector APIs.
- Webshell Behavior Detector API guides
- Create signature: how to create a signature to add to the request header
- Common Ncloud response status codes: information on common response status codes of NAVER Cloud Platform used by the Webshell Behavior Detector service
- API Gateway User Guide: how to issue the API key to be added to the request header
- Sub Account user guide: how to issue the access key to be added to the request header
- How to use the Webshell Behavior Detector service
- Webshell Behavior Detector User Guide: how to use Webshell Behavior Detector in the NAVER Cloud Platform console
- Ncloud use environment guide: guide on VPC and Classic environments and supported features
- Introduction to pricing, characteristics, and detailed features: summary of Webshell Behavior Detector pricing system, characteristics, and detailed features of Webshell Behavior Detector
- Latest service news: the latest news on Webshell Behavior Detector
- FAQ: Frequently asked questions from Webshell Behavior Detector users
- Contact us: Send direct inquiries in case of any unresolved questions that aren't answered by the user guide.