Available in VPC
Search for the desired item in the exception-handled webshell behavior detection history.
Request
The following describes the request format for the endpoint. The request format is as follows:
| Method | URI |
|---|---|
| POST | /exceptions |
Request headers
For headers common to all Webshell Behavior Detector APIs, see Common Webshell Behavior Detector headers.
Request body
The following describes the request body.
| Field | Type | Required | Description |
|---|---|---|---|
actionStatus |
String | Optional | Response status for the issue
|
detectTimeFrom |
Integer | Optional | Search start date and time (timestamp) |
detectTimeTo |
Integer | Optional | Search end date and time (timestamp) |
executor |
String | Optional | Process account |
executorOfParent |
String | Optional | Parent process account |
hostName |
String | Optional | VM's host name |
memo |
String | Optional | Notes |
pageIndex |
Integer | Required | Page number |
pageSize |
Integer | Required | Number of page outputs |
privateIPofServer |
String | Optional | VM's private IP |
processArg |
String | Optional | Process argument value |
processArgOfParent |
String | Optional | Parent process argument value |
processName |
String | Optional | Process name |
processNameOfParent |
String | Optional | Parent process name |
serverName |
String | Optional | VM's server name |
suspiciousIP |
String | Optional | Suspicious IP |
Request example
The following is a sample request.
curl --location --request POST 'https://wbd.apigw.ntruss.com/api/v1/exceptions' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Content-Type: application/json' \
--header 'X-NCP-USE_PLATFORM_TYPE: VPC' \
--data '{
"detectTimeFrom": 0,
"detectTimeTo": 0,
"pageIndex": 1,
"pageSize": 2,
"serverName": "wbd-****-***-****"
}'
Response
The following describes the response format.
Response body
The following describes the response body.
| Field | Type | Required | Description |
|---|---|---|---|
success |
Boolean | - | Request handling status |
code |
Integer | - | Response code |
message |
String | - | Response message |
result |
Object | - | Response result |
content |
Array | - | List of web shell behavior detection history |
totalCount |
Integer | - | Number of response results |
pageSize |
Integer | - | Number of page outputs |
pageIndex |
Integer | - | Page number |
totalPages |
Integer | - | Total number of pages |
content
The following describes content.
| Field | Type | Required | Description |
|---|---|---|---|
detectionId |
String | - | Web shell behavior detection history ID |
instanceNo |
String | - | VM's instance number |
hostName |
String | - | VM's host name |
serverName |
String | - | VM's server name |
containerName |
String | - | VM's container name |
privateIPofServer |
String | - | VM's private IP |
command |
String | - | File execution command |
processName |
String | - | Process name |
processArg |
String | - | Process argument value |
processId |
String | - | Process ID |
executor |
String | - | Process account |
processIdOfParent |
String | - | Parent process ID |
processNameOfParent |
String | - | Parent process name |
processArgOfParent |
String | - | Parent process argument value |
executorOfParent |
String | - | Parent process account |
uid |
String | - | Detection process UID |
euid |
String | - | Process EUID |
gid |
String | - | Process GID |
egid |
String | - | Process EGID |
actionStatus |
String | - | Response status for the issue
|
memo |
String | - | Notes |
actionTime |
Integer | - | Webshell behavior occurrence date and time (timestamp) |
detectTime |
Integer | - | Webshell behavior detection date and time (timestamp) |
collectTime |
Integer | - | Webshell behavior collection date and time (timestamp) |
lastUpdatedTime |
Integer | - | Last detection history record date and time (timestamp) |
isChecked |
Boolean | - | Verification status for detection history
|
memberNo |
Integer | - | Member ID for VM usage |
detectionRuleId |
String | - | Detection policy ID |
suspicionFiles |
Array | - | List of suspicious files |
suspicionIps |
Array | - | List of suspicious IPs |
osType |
String | - | VM's OS type |
suspicionFiles
The following describes suspicionFiles.
| Field | Type | Required | Description |
|---|---|---|---|
suspicionFileId |
String | - | File ID |
fileOriginName |
String | - | File name |
fileOwner |
String | - | File owner |
weight |
Integer | - | Score
|
accessTime |
Integer | - | File access date and time (timestamp) |
modifyTime |
Integer | - | File change date and time (timestamp) |
changeTime |
Integer | - | File modification date and time (timestamp) |
detectionId |
String | - | Web shell behavior detection history ID |
suspicionIps
The following describes suspicionIps.
| Field | Type | Required | Description |
|---|---|---|---|
suspicionIpId |
String | - | Suspicious IP's ID |
detectionId |
String | - | Web shell behavior detection history ID |
suspicionIp |
String | - | Suspicious IP |
country |
String | - | Suspicious IP's country |
platform |
String | - | VM environment
|
Response status codes
For response status codes common to all Webshell Behavior Detector APIs, see Common Webshell Behavior Detector response status codes.
Response example
The following is a sample example.
{
"success": true,
"code": 0,
"message": "success",
"result": {
"content": [
{
"detectionId": "2024072321225900000008",
"instanceNo": "25****17",
"hostName": "{hostname}",
"serverName": "{servername}",
"containerName": "{containername}",
"privateIPofServer": "***.***.***.***",
"command": "{command}",
"processName": "{process}",
"processArg": "{process-and-arguments}",
"processId": "{command-process-id}",
"executor": "DefaultAppPool",
"processIdOfParent": "{command-process-id}",
"processNameOfParent": "{process}",
"processArgOfParent": "{process-and-arguments}",
"executorOfParent": "DefaultAppPool",
"uid": "0",
"euid": "0",
"gid": "0",
"egid": "0",
"actionStatus": "blank",
"detectTime": 1721737379713,
"collectTime": 1721737379933,
"lastUpdatedTime": 1721737392197,
"isChecked": false,
"memberNo": 26***90,
"detectionRuleId": "2020110215374500000038",
"suspicionIps": [],
"osType": "LINUX"
},
{
"detectionId": "2024072321110800000002",
"instanceNo": "25****17",
"hostName": "{hostname}",
"serverName": "{servername}",
"containerName": "{containername}",
"privateIPofServer": "***.***.***.***",
"command": "{command}",
"processName": "{process}",
"processArg": "{process-and-arguments}",
"processId": "{command-process-id}",
"executor": "www-data",
"processIdOfParent": "{command-process-id}",
"processNameOfParent": "{process}",
"processArgOfParent": "{process-and-arguments}",
"executorOfParent": "www-data",
"uid": "33",
"euid": "33",
"gid": "33",
"egid": "33",
"actionStatus": "blank",
"actionTime": 1721736687176,
"detectTime": 1721736668622,
"collectTime": 1721736669272,
"lastUpdatedTime": 1721736701611,
"isChecked": false,
"memberNo": 26***90,
"detectionRuleId": "2020110215374200000034",
"suspicionIps": [
{
"suspicionIpId": "2024072321110900000002",
"detectionId": "2024072321110800000002",
"suspicionIp": "***.***.***.***",
"country": null,
"platform": "VPC"
}
],
"osType": "LINUX"
}
],
"totalCount": 4,
"pageSize": 2,
"pageIndex": 1,
"totalPages": 2
}
}