GetQuarantine

Available in VPC

Get suspected webshell files quarantined by the user.

Request

The following describes the request format for the endpoint. The request format is as follows:

Method	URI
GET	/quarantines

Request headers

For headers common to all Webshell Behavior Detector APIs, see Common Webshell Behavior Detector headers.

Request query parameters

The following describes the parameters.

Field	Type	Required	Description
`pageIndex`	Integer	Required	Page number
`pageSize`	Integer	Required	Number of page outputs

Request example

The following is a sample request.

curl --location --request GET 'https://wbd.apigw.ntruss.com/api/v1/quarantines?pageIndex=0&pageSize=2' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Content-Type: application/json' \
--header 'X-NCP-USE_PLATFORM_TYPE: VPC'

Response

The following describes the response format.

Response body

The following describes the response body.

Field	Type	Required	Description
`success`	Boolean	-	Request handling status
`code`	Integer	-	Response code
`message`	String	-	Response message
`result`	Array	-	List of suspicious files

`result`

The following describes result.

Field	Type	Required	Description
`suspicionFileId`	String	-	File ID
`detectionId`	String	-	Web shell behavior detection history ID
`hostName`	String	-	VM's host name
`osType`	String	-	VM's OS type
`fileOriginName`	String	-	File name
`quarantineFileName`	String	-	Name of the isolated file
`fileSize`	Integer	-	File size
`sha1`	String	-	File's SHA1 hash value
`privateIPofServer`	String	-	VM's private IP
`fileAuthority`	String	-	File's authority
`fileOwner`	String	-	File owner
`fileGroup`	String	-	File owner group
`accessTime`	Integer	-	File access date and time (timestamp)
`modifyTime`	Integer	-	File change date and time (timestamp)
`changeTime`	Integer	-	File modification date and time (timestamp)
`instanceNo`	String	-	VM's instance number
`hashScanResult`	String	-	Hash-based malware determination result `malware` \| `notMalware` `malware`: malicious `notMalware`: normal
`memo`	String	-	Notes
`memberNo`	Integer	-	Member ID for VM usage
`restoreTime`	Integer	-	File recovery date and time (timestamp)
`quarantineTime`	Integer	-	File quarantine date and time (timestamp)
`weight`	Integer	-	Score The higher the score, the more likely it is a webshell
`commandStatus`	String	-	Quarantine/recovery command handling status `restoring` \| `restored` \| `restoreFailed` \| `onQurantine` \| `quarantined` \| `quarantineFailed` `restoring`: recovering `restored`: recovery completed `restoreFailed`: recovery failed `onQurantine`: quarantine in progress `quarantined`: quarantine completed `quarantineFailed`: quarantine failed
`commandResult`	String	-	Detailed messages about the results of the quarantine/recovery command
`isRestore`	Boolean	-	Recovery status `true` \| `false` `true`: recovered `false`: not recovered
`isQuarantine`	Boolean	-	Quarantine status `true` \| `false` `true`: quarantined `false`: not quarantined
`isExcepted`	Boolean	-	Exception handling status `true` \| `false` `true`: exception handled `false`: exception not handled
`lastUpdatedTime`	Integer	-	Last detection history record date and time (timestamp)
`resultCode`	Integer	-	Quarantine/recovery command results code
`platform`	String	-	VM environment `VPC` \| `CLASSIC`
`serverName`	String	-	VM's server name
`containerName`	String	-	VM's container name
`k8sName`	String	-	Workload name Display valid values in Kubernetes environments
`k8sType`	String	-	Workload type for deployed pod Display valid values in Kubernetes environments
`podName`	String	-	Deployed pod name Display valid values in Kubernetes environments
`isDeleted`	Boolean	-	Deletion status of file `true` \| `false` `true`: deleted `false`: not deleted

Response status codes

For response status codes common to all Webshell Behavior Detector APIs, see Common Webshell Behavior Detector response status codes.

Response example

The following is a sample example.

{
    "success": true,
    "code": 0,
    "message": "success",
    "result": {
        "content": [
            {
                "suspicionFileId": "2024072409172700000036",
                "detectionId": "2024072409172700000036",
                "hostName": null,
                "osType": "WINDOWS",
                "fileOriginName": "{web-root-path}/{suspicious-object-name}",
                "quarantineFileName": "{web-root-path}/{quarantined-object-name}",
                "fileSize": 98,
                "sha1": "*******************************",
                "privateIPofServer": "***.***.***.***",
                "fileAuthority": "[{\"BUILTIN/Administrators\":\"(I)(F)\"},{\"BUILTIN/IIS_IUSRS\":\"(I)(RX)\"},{\"BUILTIN/Users\":\"(I)(RX)\"},{\"NT AUTHORITY/SYSTEM\":\"(I)(F)\"},{\"NT SERVICE/TrustedInstaller\":\"(I)(F)\"}]",
                "fileOwner": "S-1-5-32-544",
                "fileGroup": "S-1-5-32-544",
                "accessTime": 1721742837000,
                "modifyTime": 1721742837000,
                "changeTime": 1721742803000,
                "instanceNo": "23****68",
                "hashScanResult": "notMalware",
                "memo": null,
                "memberNo": 26***90,
                "restoreTime": 1722999457076,
                "quarantineTime": 1722999351039,
                "weight": 29,
                "commandStatus": "restored",
                "commandResult": "OK",
                "isRestore": true,
                "isQuarantine": true,
                "isExcepted": false,
                "lastUpdatedTime": 1722999457125,
                "resultCode": 0,
                "platform": "VPC",
                "serverName": "{servername}",
                "containerName": null,
                "k8sName": null,
                "k8sType": null,
                "podName": null,
                "isDeleted": false
            },
            {
                "suspicionFileId": "2024072323595800000443",
                "detectionId": "2024072323595700000436",
                "hostName": null,
                "osType": "WINDOWS",
                "fileOriginName": "{web-root-path}/{suspicious-object-name}",
                "quarantineFileName": "{web-root-path}/{quarantined-object-name}",
                "fileSize": 306,
                "sha1": "*******************************",
                "privateIPofServer": "***.***.***.***",
                "fileAuthority": "[{\"BUILTIN/Administrators\":\"(I)(F)\"},{\"BUILTIN/IIS_IUSRS\":\"(I)(RX)\"},{\"BUILTIN/Users\":\"(I)(RX)\"},{\"NT AUTHORITY/SYSTEM\":\"(I)(F)\"},{\"NT SERVICE/TrustedInstaller\":\"(I)(F)\"}]",
                "fileOwner": "S-1-5-32-544",
                "fileGroup": "S-1-5-32-544",
                "accessTime": 1721742550000,
                "modifyTime": 1721742550000,
                "changeTime": 1721742542000,
                "instanceNo": "25****97",
                "hashScanResult": "notMalware",
                "memo": null,
                "memberNo": 26***90,
                "restoreTime": 1722994883598,
                "quarantineTime": 1722994682859,
                "weight": 29,
                "commandStatus": "restored",
                "commandResult": "OK",
                "isRestore": true,
                "isQuarantine": true,
                "isExcepted": false,
                "lastUpdatedTime": 1722994883631,
                "resultCode": 0,
                "platform": "VPC",
                "serverName": "{servername}",
                "containerName": null,
                "k8sName": null,
                "k8sType": null,
                "podName": null,
                "isDeleted": false
            }
        ],
        "totalCount": 29,
        "pageSize": 2,
        "pageIndex": 0,
        "totalPages": 15
    }
}