MENU
      Webshell Behavior Detector overview

        Webshell Behavior Detector overview


        Article summary

        Available in VPC

        Webshell Behavior Detector is a NAVER Cloud Platform service that allows for a quick response to suspicious webshell behaviors by carrying out real-time detections and providing notifications. The Webshell Behavior Detector service provides APIs for Webshell, Excepted Webshell, Quarantine, Exception Rule, Deleted Exception Rule, Notification, and Detection Setting features in RESTful form.

        Common Webshell Behavior Detector settings

        The following describes commonly used request and response formats in Webshell Behavior Detector APIs.

        Request

        The following describes the common request format.

        API URL

        The request API URL is as follows.

        https://wbd.apigw.ntruss.com/api/v1/
        HTTP

        Request headers

        The following describes the headers.

        FieldRequiredDescription
        x-ncp-apigw-timestampRequiredThis is the number of milliseconds that have elapsed since January 1, 1970 00:00:00 UTC
      • Request is considered invalid if the timestamp differs from the current time by more than 5 minutes
      • x-ncp-iam-access-keyRequiredAccess key issued on NAVER Cloud Platform
      • Issue and check access key: See Create authentication key
      • Issue and check access key for sub account: See Create sub account
      • x-ncp-apigw-signature-v2RequiredBase64-encoded signature that encrypts the request information with a secret key that maps to the access key issued on NAVER Cloud Platform, using the HMAC encryption algorithm (HmacSHA256)
      • Issue and check secret key: See Create authentication key
      • Create signature: See Create signature
      • Content-typeRequiredRequest data format
      • application/json
      • X-NCP-USE_PLATFORM_TYPERequiredPlatform environment in use
        • VPC

        Response

        The following describes the common response format.

        Response status codes

        The following describes the response status codes.

        HTTP status codeCodeMessagesDescription
        200400Platform must be not null.Platform header missing
        2008008Invalid file status.The status of file is quarantineFailedInvalid file due to quarantine failure
        2008004Invaliddata.The detection data deleted is false, excepted is false.Invalid data due to deletion or exception failure
        Note

        For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.

        Webshell Behavior Detector API

        The following describes the APIs provided by the Webshell Behavior Detector service.

        Webshell

        The following describes the APIs related to the detection history of webshell behavior.

        APIDescription
        GetWebshellGet webshell behavior detection history
        UpdateWebshellMemoChange the notes for the webshell behavior detection history
        DeleteWebshellDelete webshell behavior detection history
        SearchWebshellSearch webshell behavior detection history
        GetWebshellSuspiciousObjectGet webshell suspect file
        QuarantineWebshellSuspiciousObjectQuarantine webshell suspect file
        RecoverWebshellSuspiciousObjectRecover quarantined webshell suspect file
        UpdateWebshellSuspiciousObjectMemoChange the notes in the webshell suspect file

        ExceptedWebshell

        The following describes the APIs related to exception handling for detected webshell behavior.

        APIDescription
        GetExceptedWebshellGet exception-handled webshell behavior detection history
        RevokeExceptedWebshellClear exception for exception-handled webshell behavior detection history
        UpdateExceptedWebshellMemoChange the notes for the exception-handled webshell behavior detection history
        SearchExceptedWebshellSearch exception-handled webshell behavior detection history
        GetExceptedWebshellSuspiciousObjectGet suspect files in exception-handled webshell behavior detection history
        QuarantineExceptedWebshellSuspiciousObjectQuarantine suspect files in exception-handled webshell behavior detection history
        RecoverExceptedWebshellSuspiciousObjectRecover suspect files in exception-handled webshell behavior detection history
        UpdateExceptedWebshellSuspiciousObjectMemoChange suspect file notes in exception-handled web shell behavior detection history

        Quarantine

        The following describes the quarantine-related APIs.

        APIDescription
        GetQuarantineGet quarantined webshell suspect file
        RecoverQuarantineRecover quarantined webshell suspect file
        SearchQuarantineSearch quarantined webshell suspect files
        UpdateQuarantineMemoChange the notes for quarantined webshell suspect files

        ExceptionRule

        The following describes the APIs related to exception rules.

        APIDescription
        GetExceptionRuleGet exception rule
        SearchExceptionRuleSearch exception rules
        UpdateExceptionRuleMemoChange the notes for exception rules
        DeleteExceptionRuleDelete exception rule

        DeletedExceptionRule

        The following describes the APIs for deleted exception rules.

        APIDescription
        GetDeletedExceptionRuleGet deleted exception rule
        SearchDeletedExceptionRuleSearch deleted exception rules
        UpdateDeletedExceptionRuleMemoChange the notes for deleted exception rules
        RecoverDeletedExceptionRuleRestore deleted exception rules

        Notification

        The following describes the APIs related to notification settings.

        APIDescription
        GetNotificationIntervalGet set notification interval
        UpdateNotificationIntervalSet notification interval

        Detection Setting

        The following describes the APIs related to detection settings.

        APIDescription
        GetDetectionTargetGet detection target
        SearchDetectionTargetSearch detection targets
        ActivateAgentEnable agent installed on the server
        DeactivateAgentDisable agent installed on the server
        UpdateDetectionTargetMemoChange the notes for the detection targets

        NAVER Cloud Platform provides a variety of related resources to help users better understand Webshell Behavior Detector APIs.


        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.