MENU
      GetExceptedWebshellSuspiciousObject

        GetExceptedWebshellSuspiciousObject


        Article summary

        Available in VPC

        Get details about a desired file in the exception-handled webshell behavior detection history.

        Request

        The following describes the request format for the endpoint. The request format is as follows:

        MethodURI
        GET/exceptions/{exception-id}/suspicious-objects

        Request headers

        For headers common to all Webshell Behavior Detector APIs, see Common Webshell Behavior Detector headers.

        Request path parameters

        The following describes the parameters.

        FieldTypeRequiredDescription
        exception-idIntegerRequiredException-handled webshell behavior detection history ID

        Request example

        The following is a sample request.

        curl --location --request GET 'https://wbd.apigw.ntruss.com/api/v1/exceptions/2024072321234500000010/suspicious-objects' \
        --header 'x-ncp-apigw-timestamp: {Timestamp}' \
        --header 'x-ncp-iam-access-key: {Access Key}' \
        --header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
        --header 'Content-Type: application/json' \
        --header 'X-NCP-USE_PLATFORM_TYPE: VPC'
        Shell

        Response

        The following describes the response format.

        Response body

        The following describes the response body.

        FieldTypeRequiredDescription
        successBoolean-Request handling status
        codeInteger-Response code
        messageString-Response message
        resultArray-List of suspicious files

        Suspicious file(result)

        The following describes result.

        FieldTypeRequiredDescription
        suspicionFileIdString-File ID
        detectionIdString-Web shell behavior detection history ID
        hostNameString-VM's host name
        osTypeString-VM's OS type
        fileOriginNameString-File name
        quarantineFileNameString-Name of the isolated file
        fileSizeInteger-File size
        sha1String-File's SHA1 hash value
        privateIPofServerString-VM's private IP
        fileAuthorityString-File's authority
        fileOwnerString-File owner
        fileGroupString-File owner group
        accessTimeInteger-File access date and time (timestamp)
        modifyTimeInteger-File change date and time (timestamp)
        changeTimeInteger-File modification date and time (timestamp)
        instanceNoString-VM's instance number
        hashScanResultString-Hash-based malware determination result
        • malware | notMalware
          • malware: malicious
          • notMalware: normal
        memoString-Notes
        memberNoInteger-Member ID for VM usage
        restoreTimeInteger-File recovery date and time (timestamp)
        quarantineTimeInteger-File quarantine date and time (timestamp)
        weightInteger-Score
        • The higher the score, the more likely it is a webshell
        commandStatusString-Quarantine/recovery command handling status
        • restoring | restored | restoreFailed | onQurantine | quarantined | quarantineFailed
          • restoring: recovering
          • restored: recovery completed
          • restoreFailed: recovery failed
          • onQurantine: quarantine in progress
          • quarantined: quarantine completed
          • quarantineFailed: quarantine failed
        commandResultString-Detailed messages about the results of the quarantine/recovery command
        isRestoreBoolean-Recovery status
        • true | false
          • true: recovered
          • false: not recovered
        isQuarantineBoolean-Quarantine status
        • true | false
          • true: quarantined
          • false: not quarantined
        isExceptedBoolean-Exception handling status
        • true | false
          • true: exception handled
          • false: exception not handled
        lastUpdatedTimeInteger-Last detection history record date and time (timestamp)
        resultCodeInteger-Quarantine/recovery command results code
        platformString-VM environment
        • VPC | CLASSIC
        serverNameString-VM's server name
        containerNameString-VM's container name
        k8sNameString-Workload name
        • Display valid values in Kubernetes environments
        k8sTypeString-Workload type for deployed pod
        • Display valid values in Kubernetes environments
        podNameString-Deployed pod name
        • Display valid values in Kubernetes environments
        isDeletedBoolean-Deletion status of file
        • true | false
          • true: deleted
          • false: not deleted

        Response status codes

        For response status codes common to all Webshell Behavior Detector APIs, see Common Webshell Behavior Detector response status codes.

        Response example

        The following is a sample example.

        {
            "success": true,
            "code": 0,
            "message": "success",
            "result": [
                {
                    "suspicionFileId": "2024072321234500000008",
                    "detectionId": "2024072321234500000010",
                    "hostName": "{hostname}",
                    "osType": "LINUX",
                    "fileOriginName": "{web-root-path}/{suspicious-object-name}",
                    "quarantineFileName": "{web-root-path}/{quarantined-object-name}",
                    "fileSize": 222,
                    "sha1": "********************************",
                    "privateIPofServer": "***.***.***.***",
                    "fileAuthority": "rw-r--r--",
                    "fileOwner": "root",
                    "fileGroup": "root",
                    "accessTime": 1721737308457,
                    "modifyTime": 1721362317000,
                    "changeTime": 1721737326361,
                    "instanceNo": "25****17",
                    "hashScanResult": "notMalware",
                    "memo": null,
                    "memberNo": 26***90,
                    "restoreTime": 1721737448315,
                    "quarantineTime": 1721737443431,
                    "weight": 29,
                    "commandStatus": "restored",
                    "commandResult": "OK",
                    "isRestore": true,
                    "isQuarantine": true,
                    "isExcepted": false,
                    "lastUpdatedTime": 1721737448341,
                    "resultCode": 0,
                    "platform": "VPC",
                    "serverName": "{servername}",
                    "containerName": "{containername}",
                    "k8sName": "my-pod-jsp",
                    "k8sType": "Pod",
                    "podName": "my-pod-jsp",
                    "isDeleted": false
                }
            ]
        }
        JSON

        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.