MENU
      SearchQuarantine

        SearchQuarantine


        Article summary

        Available in VPC

        Search for the desired item among quarantined webshell suspect files.

        Request

        The following describes the request format for the endpoint. The request format is as follows:

        MethodURI
        POST/quarantines

        Request headers

        For headers common to all Webshell Behavior Detector APIs, see Common Webshell Behavior Detector headers.

        Request body

        The following describes the request body.

        FieldTypeRequiredDescription
        fileOriginNameStringOptionalFile name
        fileOwnerStringOptionalFile owner
        hostNameStringOptionalVM's host name
        memoStringOptionalNotes
        pageIndexIntegerRequiredPage number
        pageSizeIntegerRequiredNumber of page outputs
        quarantineFileNameStringOptionalName of the isolated file
        quarantineTimeFromIntegerOptionalQuarantine start date and time (timestamp)
        quarantineTimeToIntegerOptionalQuarantine end date and time (timestamp)
        serverNameStringOptionalVM's server name

        Request example

        The following is a sample request.

        curl --location --request POST 'https://wbd.apigw.ntruss.com/api/v1/quarantines' \
        --header 'x-ncp-apigw-timestamp: {Timestamp}' \
        --header 'x-ncp-iam-access-key: {Access Key}' \
        --header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
        --header 'Content-Type: application/json' \
        --header 'X-NCP-USE_PLATFORM_TYPE: VPC' \
        --data '{
            "fileOriginName": "",
            "pageIndex": "0",
            "pageSize": "2",
            "serverName": "s18ee********"
        }'
        Shell

        Response

        The following describes the response format.

        Response body

        The following describes the response body.

        FieldTypeRequiredDescription
        successBoolean-Request handling status
        codeInteger-Response code
        messageString-Response message
        resultArray-List of suspicious files

        result

        The following describes result.

        FieldTypeRequiredDescription
        suspicionFileIdString-File ID
        detectionIdString-Web shell behavior detection history ID
        hostNameString-VM's host name
        osTypeString-VM's OS type
        fileOriginNameString-File name
        quarantineFileNameString-Name of the isolated file
        fileSizeInteger-File size
        sha1String-File's SHA1 hash value
        privateIPofServerString-VM's private IP
        fileAuthorityString-File's authority
        fileOwnerString-File owner
        fileGroupString-File owner group
        accessTimeInteger-File access date and time (timestamp)
        modifyTimeInteger-File change date and time (timestamp)
        changeTimeInteger-File modification date and time (timestamp)
        instanceNoString-VM's instance number
        hashScanResultString-Hash-based malware determination result
        • malware | notMalware
          • malware: malicious
          • notMalware: normal
        memoString-Notes
        memberNoInteger-Member ID for VM usage
        restoreTimeInteger-File recovery date and time (timestamp)
        quarantineTimeInteger-File quarantine date and time (timestamp)
        weightInteger-Score
        • The higher the score, the more likely it is a webshell
        commandStatusString-Quarantine/recovery command handling status
        • restoring | restored | restoreFailed | onQurantine | quarantined | quarantineFailed
          • restoring: recovering
          • restored: recovery completed
          • restoreFailed: recovery failed
          • onQurantine: quarantine in progress
          • quarantined: quarantine completed
          • quarantineFailed: quarantine failed
        commandResultString-Detailed messages about the results of the quarantine/recovery command
        isRestoreBoolean-Recovery status
        • true | false
          • true: recovered
          • false: not recovered
        isQuarantineBoolean-Quarantine status
        • true | false
          • true: quarantined
          • false: not quarantined
        isExceptedBoolean-Exception handling status
        • true | false
          • true: exception handled
          • false: exception not handled
        lastUpdatedTimeInteger-Last detection history record date and time (timestamp)
        resultCodeInteger-Quarantine/recovery command results code
        platformString-VM environment
        • VPC | CLASSIC
        serverNameString-VM's server name
        containerNameString-VM's container name
        k8sNameString-Workload name
        • Display valid values in Kubernetes environments
        k8sTypeString-Workload type for deployed pod
        • Display valid values in Kubernetes environments
        podNameString-Deployed pod name
        • Display valid values in Kubernetes environments
        isDeletedBoolean-Deletion status of file
        • true | false
          • true: deleted
          • false: not deleted

        Response status codes

        For response status codes common to all Webshell Behavior Detector APIs, see Common Webshell Behavior Detector response status codes.

        Response example

        The following is a sample example.

        {
            "success": true,
            "code": 0,
            "message": "success",
            "result": {
                "content": [
                    {
                        "suspicionFileId": "2024072409172700000036",
                        "detectionId": "2024072409172700000036",
                        "hostName": null,
                        "osType": "WINDOWS",
                        "fileOriginName": "{web-root-path}/{suspicious-object-name}",
                        "quarantineFileName": "{web-root-path}/{quarantined-object-name}",
                        "fileSize": 98,
                        "sha1": "********************************",
                        "privateIPofServer": "***.***.***.***",
                        "fileAuthority": "[{\"BUILTIN/Administrators\":\"(I)(F)\"},{\"BUILTIN/IIS_IUSRS\":\"(I)(RX)\"},{\"BUILTIN/Users\":\"(I)(RX)\"},{\"NT AUTHORITY/SYSTEM\":\"(I)(F)\"},{\"NT SERVICE/TrustedInstaller\":\"(I)(F)\"}]",
                        "fileOwner": "S-1-5-32-544",
                        "fileGroup": "S-1-5-32-544",
                        "accessTime": 1721742837000,
                        "modifyTime": 1721742837000,
                        "changeTime": 1721742803000,
                        "instanceNo": "23****68",
                        "hashScanResult": "notMalware",
                        "memo": null,
                        "memberNo": 26***90,
                        "restoreTime": 1722999457076,
                        "quarantineTime": 1722999351039,
                        "weight": 29,
                        "commandStatus": "restored",
                        "commandResult": "OK",
                        "isRestore": true,
                        "isQuarantine": true,
                        "isExcepted": false,
                        "lastUpdatedTime": 1722999457125,
                        "resultCode": 0,
                        "platform": "VPC",
                        "serverName": "{servername}",
                        "containerName": null,
                        "k8sName": null,
                        "k8sType": null,
                        "podName": null,
                        "isDeleted": false
                    },
                    {
                        "suspicionFileId": "2024072323001500000229",
                        "detectionId": "2024072323001500000230",
                        "hostName": null,
                        "osType": "WINDOWS",
                        "fileOriginName": "{web-root-path}/{suspicious-object-name}",
                        "quarantineFileName": "{web-root-path}/{quarantined-object-name}",
                        "fileSize": 98,
                        "sha1": "********************************",
                        "privateIPofServer": "***.***.***.***",
                        "fileAuthority": "[{\"BUILTIN/Administrators\":\"(I)(F)\"},{\"BUILTIN/IIS_IUSRS\":\"(I)(RX)\"},{\"BUILTIN/Users\":\"(I)(RX)\"},{\"NT AUTHORITY/SYSTEM\":\"(I)(F)\"},{\"NT SERVICE/TrustedInstaller\":\"(I)(F)\"}]",
                        "fileOwner": "S-1-5-32-544",
                        "fileGroup": "S-1-5-32-544",
                        "accessTime": 1721742837000,
                        "modifyTime": 1721742837000,
                        "changeTime": 1721742803000,
                        "instanceNo": "23****68",
                        "hashScanResult": "notMalware",
                        "memo": null,
                        "memberNo": 26***90,
                        "restoreTime": 1721743312629,
                        "quarantineTime": 1721743240602,
                        "weight": 29,
                        "commandStatus": "restored",
                        "commandResult": "OK",
                        "isRestore": true,
                        "isQuarantine": true,
                        "isExcepted": false,
                        "lastUpdatedTime": 1721743312629,
                        "resultCode": 0,
                        "platform": "VPC",
                        "serverName": "{servername}",
                        "containerName": null,
                        "k8sName": null,
                        "k8sType": null,
                        "podName": null,
                        "isDeleted": false
                    }
                ],
                "totalCount": 2,
                "pageSize": 2,
                "pageIndex": 0,
                "totalPages": 1
            }
        }
        JSON

        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.