SearchExceptedWebshell
- Print
- PDF
SearchExceptedWebshell
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Available in VPC
Search for the desired item in the exception-handled webshell behavior detection history.
Request
The following describes the request format for the endpoint. The request format is as follows:
| Method | URI |
|---|---|
| POST | /exceptions |
Request headers
For headers common to all Webshell Behavior Detector APIs, see Common Webshell Behavior Detector headers.
Request body
The following describes the request body.
| Field | Type | Required | Description |
|---|---|---|---|
actionStatus | String | Optional | Response status for the issue
|
detectTimeFrom | Integer | Optional | Search start date and time (timestamp) |
detectTimeTo | Integer | Optional | Search end date and time (timestamp) |
executor | String | Optional | Process account |
executorOfParent | String | Optional | Parent process account |
hostName | String | Optional | VM's host name |
memo | String | Optional | Notes |
pageIndex | Integer | Required | Page number |
pageSize | Integer | Required | Number of page outputs |
privateIPofServer | String | Optional | VM's private IP |
processArg | String | Optional | Process argument value |
processArgOfParent | String | Optional | Parent process argument value |
processName | String | Optional | Process name |
processNameOfParent | String | Optional | Parent process name |
serverName | String | Optional | VM's server name |
suspiciousIP | String | Optional | Suspicious IP |
Request example
The following is a sample request.
curl --location --request POST 'https://wbd.apigw.ntruss.com/api/v1/exceptions' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Content-Type: application/json' \
--header 'X-NCP-USE_PLATFORM_TYPE: VPC' \
--data '{
"detectTimeFrom": 0,
"detectTimeTo": 0,
"pageIndex": 1,
"pageSize": 2,
"serverName": "wbd-****-***-****"
}'
Response
The following describes the response format.
Response body
The following describes the response body.
| Field | Type | Required | Description |
|---|---|---|---|
success | Boolean | - | Request handling status |
code | Integer | - | Response code |
message | String | - | Response message |
result | Object | - | Response result |
content | Array | - | List of web shell behavior detection history |
totalCount | Integer | - | Number of response results |
pageSize | Integer | - | Number of page outputs |
pageIndex | Integer | - | Page number |
totalPages | Integer | - | Total number of pages |
content
The following describes content.
| Field | Type | Required | Description |
|---|---|---|---|
detectionId | String | - | Web shell behavior detection history ID |
instanceNo | String | - | VM's instance number |
hostName | String | - | VM's host name |
serverName | String | - | VM's server name |
containerName | String | - | VM's container name |
privateIPofServer | String | - | VM's private IP |
command | String | - | File execution command |
processName | String | - | Process name |
processArg | String | - | Process argument value |
processId | String | - | Process ID |
executor | String | - | Process account |
processIdOfParent | String | - | Parent process ID |
processNameOfParent | String | - | Parent process name |
processArgOfParent | String | - | Parent process argument value |
executorOfParent | String | - | Parent process account |
uid | String | - | Detection process UID |
euid | String | - | Process EUID |
gid | String | - | Process GID |
egid | String | - | Process EGID |
actionStatus | String | - | Response status for the issue
|
memo | String | - | Notes |
actionTime | Integer | - | Webshell behavior occurrence date and time (timestamp) |
detectTime | Integer | - | Webshell behavior detection date and time (timestamp) |
collectTime | Integer | - | Webshell behavior collection date and time (timestamp) |
lastUpdatedTime | Integer | - | Last detection history record date and time (timestamp) |
isChecked | Boolean | - | Verification status for detection history
|
memberNo | Integer | - | Member ID for VM usage |
detectionRuleId | String | - | Detection policy ID |
suspicionFiles | Array | - | List of suspicious files |
suspicionIps | Array | - | List of suspicious IPs |
osType | String | - | VM's OS type |
suspicionFiles
The following describes suspicionFiles.
| Field | Type | Required | Description |
|---|---|---|---|
suspicionFileId | String | - | File ID |
fileOriginName | String | - | File name |
fileOwner | String | - | File owner |
weight | Integer | - | Score
|
accessTime | Integer | - | File access date and time (timestamp) |
modifyTime | Integer | - | File change date and time (timestamp) |
changeTime | Integer | - | File modification date and time (timestamp) |
detectionId | String | - | Web shell behavior detection history ID |
suspicionIps
The following describes suspicionIps.
| Field | Type | Required | Description |
|---|---|---|---|
suspicionIpId | String | - | Suspicious IP's ID |
detectionId | String | - | Web shell behavior detection history ID |
suspicionIp | String | - | Suspicious IP |
country | String | - | Suspicious IP's country |
platform | String | - | VM environment
|
Response status codes
For response status codes common to all Webshell Behavior Detector APIs, see Common Webshell Behavior Detector response status codes.
Response example
The following is a sample example.
{
"success": true,
"code": 0,
"message": "success",
"result": {
"content": [
{
"detectionId": "2024072321225900000008",
"instanceNo": "25****17",
"hostName": "{hostname}",
"serverName": "{servername}",
"containerName": "{containername}",
"privateIPofServer": "***.***.***.***",
"command": "{command}",
"processName": "{process}",
"processArg": "{process-and-arguments}",
"processId": "{command-process-id}",
"executor": "DefaultAppPool",
"processIdOfParent": "{command-process-id}",
"processNameOfParent": "{process}",
"processArgOfParent": "{process-and-arguments}",
"executorOfParent": "DefaultAppPool",
"uid": "0",
"euid": "0",
"gid": "0",
"egid": "0",
"actionStatus": "blank",
"detectTime": 1721737379713,
"collectTime": 1721737379933,
"lastUpdatedTime": 1721737392197,
"isChecked": false,
"memberNo": 26***90,
"detectionRuleId": "2020110215374500000038",
"suspicionIps": [],
"osType": "LINUX"
},
{
"detectionId": "2024072321110800000002",
"instanceNo": "25****17",
"hostName": "{hostname}",
"serverName": "{servername}",
"containerName": "{containername}",
"privateIPofServer": "***.***.***.***",
"command": "{command}",
"processName": "{process}",
"processArg": "{process-and-arguments}",
"processId": "{command-process-id}",
"executor": "www-data",
"processIdOfParent": "{command-process-id}",
"processNameOfParent": "{process}",
"processArgOfParent": "{process-and-arguments}",
"executorOfParent": "www-data",
"uid": "33",
"euid": "33",
"gid": "33",
"egid": "33",
"actionStatus": "blank",
"actionTime": 1721736687176,
"detectTime": 1721736668622,
"collectTime": 1721736669272,
"lastUpdatedTime": 1721736701611,
"isChecked": false,
"memberNo": 26***90,
"detectionRuleId": "2020110215374200000034",
"suspicionIps": [
{
"suspicionIpId": "2024072321110900000002",
"detectionId": "2024072321110800000002",
"suspicionIp": "***.***.***.***",
"country": null,
"platform": "VPC"
}
],
"osType": "LINUX"
}
],
"totalCount": 4,
"pageSize": 2,
"pageIndex": 1,
"totalPages": 2
}
}
Was this article helpful?