Login
      Contents x
      SearchQuarantine
        • Print
        • PDF
        Contents

        SearchQuarantine

          • Print
          • PDF
          Article summary

          Available in VPC

          Search for the desired item among quarantined webshell suspect files.

          Request

          The following describes the request format for the endpoint. The request format is as follows:

          MethodURI
          POST/quarantines

          Request headers

          For headers common to all Webshell Behavior Detector APIs, see Common Webshell Behavior Detector headers.

          Request body

          The following describes the request body.

          FieldTypeRequiredDescription
          fileOriginNameStringOptionalFile name
          fileOwnerStringOptionalFile owner
          hostNameStringOptionalVM's host name
          memoStringOptionalNotes
          pageIndexIntegerRequiredPage number
          pageSizeIntegerRequiredNumber of page outputs
          quarantineFileNameStringOptionalName of the isolated file
          quarantineTimeFromIntegerOptionalQuarantine start date and time (timestamp)
          quarantineTimeToIntegerOptionalQuarantine end date and time (timestamp)
          serverNameStringOptionalVM's server name

          Request example

          The following is a sample request.

          curl --location --request POST 'https://wbd.apigw.ntruss.com/api/v1/quarantines' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Content-Type: application/json' \
--header 'X-NCP-USE_PLATFORM_TYPE: VPC' \
--data '{
    "fileOriginName": "",
    "pageIndex": "0",
    "pageSize": "2",
    "serverName": "s18ee********"
}'

          Response

          The following describes the response format.

          Response body

          The following describes the response body.

          FieldTypeRequiredDescription
          successBoolean-Request handling status
          codeInteger-Response code
          messageString-Response message
          resultArray-List of suspicious files

          result

          The following describes result.

          FieldTypeRequiredDescription
          suspicionFileIdString-File ID
          detectionIdString-Web shell behavior detection history ID
          hostNameString-VM's host name
          osTypeString-VM's OS type
          fileOriginNameString-File name
          quarantineFileNameString-Name of the isolated file
          fileSizeInteger-File size
          sha1String-File's SHA1 hash value
          privateIPofServerString-VM's private IP
          fileAuthorityString-File's authority
          fileOwnerString-File owner
          fileGroupString-File owner group
          accessTimeInteger-File access date and time (timestamp)
          modifyTimeInteger-File change date and time (timestamp)
          changeTimeInteger-File modification date and time (timestamp)
          instanceNoString-VM's instance number
          hashScanResultString-Hash-based malware determination result
          • malware | notMalware
            • malware: malicious
            • notMalware: normal
          memoString-Notes
          memberNoInteger-Member ID for VM usage
          restoreTimeInteger-File recovery date and time (timestamp)
          quarantineTimeInteger-File quarantine date and time (timestamp)
          weightInteger-Score
          • The higher the score, the more likely it is a webshell
          commandStatusString-Quarantine/recovery command handling status
          • restoring | restored | restoreFailed | onQurantine | quarantined | quarantineFailed
            • restoring: recovering
            • restored: recovery completed
            • restoreFailed: recovery failed
            • onQurantine: quarantine in progress
            • quarantined: quarantine completed
            • quarantineFailed: quarantine failed
          commandResultString-Detailed messages about the results of the quarantine/recovery command
          isRestoreBoolean-Recovery status
          • true | false
            • true: recovered
            • false: not recovered
          isQuarantineBoolean-Quarantine status
          • true | false
            • true: quarantined
            • false: not quarantined
          isExceptedBoolean-Exception handling status
          • true | false
            • true: exception handled
            • false: exception not handled
          lastUpdatedTimeInteger-Last detection history record date and time (timestamp)
          resultCodeInteger-Quarantine/recovery command results code
          platformString-VM environment
          • VPC | CLASSIC
          serverNameString-VM's server name
          containerNameString-VM's container name
          k8sNameString-Workload name
          • Display valid values in Kubernetes environments
          k8sTypeString-Workload type for deployed pod
          • Display valid values in Kubernetes environments
          podNameString-Deployed pod name
          • Display valid values in Kubernetes environments
          isDeletedBoolean-Deletion status of file
          • true | false
            • true: deleted
            • false: not deleted

          Response status codes

          For response status codes common to all Webshell Behavior Detector APIs, see Common Webshell Behavior Detector response status codes.

          Response example

          The following is a sample example.

          {
    "success": true,
    "code": 0,
    "message": "success",
    "result": {
        "content": [
            {
                "suspicionFileId": "2024072409172700000036",
                "detectionId": "2024072409172700000036",
                "hostName": null,
                "osType": "WINDOWS",
                "fileOriginName": "{web-root-path}/{suspicious-object-name}",
                "quarantineFileName": "{web-root-path}/{quarantined-object-name}",
                "fileSize": 98,
                "sha1": "********************************",
                "privateIPofServer": "***.***.***.***",
                "fileAuthority": "[{\"BUILTIN/Administrators\":\"(I)(F)\"},{\"BUILTIN/IIS_IUSRS\":\"(I)(RX)\"},{\"BUILTIN/Users\":\"(I)(RX)\"},{\"NT AUTHORITY/SYSTEM\":\"(I)(F)\"},{\"NT SERVICE/TrustedInstaller\":\"(I)(F)\"}]",
                "fileOwner": "S-1-5-32-544",
                "fileGroup": "S-1-5-32-544",
                "accessTime": 1721742837000,
                "modifyTime": 1721742837000,
                "changeTime": 1721742803000,
                "instanceNo": "23****68",
                "hashScanResult": "notMalware",
                "memo": null,
                "memberNo": 26***90,
                "restoreTime": 1722999457076,
                "quarantineTime": 1722999351039,
                "weight": 29,
                "commandStatus": "restored",
                "commandResult": "OK",
                "isRestore": true,
                "isQuarantine": true,
                "isExcepted": false,
                "lastUpdatedTime": 1722999457125,
                "resultCode": 0,
                "platform": "VPC",
                "serverName": "{servername}",
                "containerName": null,
                "k8sName": null,
                "k8sType": null,
                "podName": null,
                "isDeleted": false
            },
            {
                "suspicionFileId": "2024072323001500000229",
                "detectionId": "2024072323001500000230",
                "hostName": null,
                "osType": "WINDOWS",
                "fileOriginName": "{web-root-path}/{suspicious-object-name}",
                "quarantineFileName": "{web-root-path}/{quarantined-object-name}",
                "fileSize": 98,
                "sha1": "********************************",
                "privateIPofServer": "***.***.***.***",
                "fileAuthority": "[{\"BUILTIN/Administrators\":\"(I)(F)\"},{\"BUILTIN/IIS_IUSRS\":\"(I)(RX)\"},{\"BUILTIN/Users\":\"(I)(RX)\"},{\"NT AUTHORITY/SYSTEM\":\"(I)(F)\"},{\"NT SERVICE/TrustedInstaller\":\"(I)(F)\"}]",
                "fileOwner": "S-1-5-32-544",
                "fileGroup": "S-1-5-32-544",
                "accessTime": 1721742837000,
                "modifyTime": 1721742837000,
                "changeTime": 1721742803000,
                "instanceNo": "23****68",
                "hashScanResult": "notMalware",
                "memo": null,
                "memberNo": 26***90,
                "restoreTime": 1721743312629,
                "quarantineTime": 1721743240602,
                "weight": 29,
                "commandStatus": "restored",
                "commandResult": "OK",
                "isRestore": true,
                "isQuarantine": true,
                "isExcepted": false,
                "lastUpdatedTime": 1721743312629,
                "resultCode": 0,
                "platform": "VPC",
                "serverName": "{servername}",
                "containerName": null,
                "k8sName": null,
                "k8sType": null,
                "podName": null,
                "isDeleted": false
            }
        ],
        "totalCount": 2,
        "pageSize": 2,
        "pageIndex": 0,
        "totalPages": 1
    }
}
          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout