Managing Webshell Behavior Detector permissions
  • PDF

Managing Webshell Behavior Detector permissions

  • PDF

Available in VPC

By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for WebShell Behavior Detector. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.

Note

Sub Account is a service provided free of charge upon subscription request. For more information on Sub Account, refer to the Services > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, as well as the Sub Account Guide.

System Managed policies

System Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account, that sub account can use WebShell Behavior Detector. The following is a brief description about System Managed policies of WebShell Behavior Detector.

Note

For how to request subscription to Sub Account, refer to Sub Account Guide.

Policy name Policy description
NCP_ADMINISTRATOR Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts
NCP_INFRA_MANAGER Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal
NCP_WEBSHELL_BEHAVIOR_DETECTOR_MANAGER Permission to use of all features in the Webshell Behavior Detector service
NCP_WEBSHELL_BEHAVIOR_DETECTOR_VIEWER Permission to use only the View feature in the Webshell Behavior Detector service

User Created policies

User Created policies are policies that users can create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about User Created policies of WebShell Behavior Detector.

Actions related to webshell list

Type Action name Related action(s) Resource type Group by resource type Action description
View View/getWebShellEvents - - Webshell List View the list of detected web shell behaviors.
Change Change/manageWebShellEvent View/getServerGroupDetail
View/getWebShellEvents
View/getDetectionTargetDetail
View/getServerGroupList
View/getDetectionTargetList
Change/createUserExceptionRule
- Webshell List Manage the list of detected web shell behaviors.

Actions related to the excepted list

Type Action name Related action(s) Resource type Group by resource type Action description
View View/getExceptedWebShellEvents - - Excepted List View the list of web shell behaviors handled as exceptions.
Change Change/manageExceptedWebShellEvent View/getExceptedWebShellEvents - Excepted List Manage the list of web shell behaviors handled as exceptions.

Actions related to quarantine

Type Action name Related action(s) Resource type Group by resource type Action description
View View/getQuarantinedFileList - - Quarantine View the list of isolated files suspected to be web shells.
Change Change/manageQuarantinedFile View/getQuarantinedFileList - Quarantine Manage the list of isolated files suspected to be web shells.

Actions related to exception rules

Type Action name Related action(s) Resource type Group by resource type Action description
View View/getUserExceptionRuleList - - Exception Rule View the list of exception rules.
View View/getUserExceptionRuleDetail View/getUserExceptionRuleList ExceptionRule ExceptionRule View exception rule details.
View View/getDeletedUserExceptionRuleList - - Exception Rule Log View the list of deleted exception rules.
Change Change/createUserExceptionRule View/getUserExceptionRuleList
View/getServerGroupDetail
View/getDetectionTargetDetail
View/getServerGroupList
View/getDetectionTargetList
- Exception Rule Create exception rule.
Change Change/copyUserExceptionRule View/getUserExceptionRuleList
View/getUserExceptionRuleDetail
View/getServerGroupDetail
View/getDetectionTargetDetail
View/getServerGroupList
View/getDetectionTargetList
ExceptionRule Exception Rule Replicate exception rule.
Change Change/deleteUserExceptionRule View/getUserExceptionRuleList ExceptionRule ExceptionRule Delete exception rule.

Actions related to deleted exception rules (logs)

Type Action name Related action(s) Resource type Group by resource type Action description
View View/getDeletedUserExceptionRuleList - - Exception Rule Log View the list of deleted exception rules.
View View/getDeletedUserExceptionRuleDetail View/getDeletedUserExceptionRuleList - Exception Rule Log View deleted exception rule details.
Change Change/updateDeletedUserExceptionRuleMemo View/getDeletedUserExceptionRuleDetail
View/getDeletedUserExceptionRuleList
- Exception Rule Log Edit memo attached to deleted exception rule.
Change Change/recoveryDeletedUserExceptionRule View/getDeletedUserExceptionRuleDetail
View/getDeletedUserExceptionRuleList
- Exception Rule Log Restore deleted exception rule.

Actions related to notification intervals

Type Action name Related action(s) Resource type Group by resource type Action description
View View/getNotificationInterval - - Interval View notification interval settings for web shell behavior detection.
Change Change/updateNotificationInterval View/getNotificationInterval - Interval Change notification interval for web shell behavior detection.

Actions related to configuration

Type Action name Related action(s) Resource type Group by resource type Action description
View View/getDetectionTargetList - - Configuration View the list of detection targets.
View View/getDetectionTargetDetail View/getDetectionTargetList DetectionTarget Configuration View detection target details.
View View/getVPCServerList - - Configuration View VPC server list.
View View/getVPCServerDetail View/getVPCServerList VPCServer:Server Configuration Select target VPC server to detect.
View View/getNotificationSetting - - Configuration View notification recipient settings.
Change Change/updateDetectionTargetMemo View/getDetectionTargetDetail
View/getDetectionTargetList
DetectionTarget Configuration Edit memo attached to detection target.
Change Change/updateDetectionTarget View/getNotificationSetting
Change/manageNotificationSetting
View/getDetectionTargetDetail
View/getDetectionTargetList
Change/activateDetectionTarget
Change/deactivateDetectionTarget
DetectionTarget Configuration Modify detection target settings.
Change Change/activateDetectionTarget View/getDetectionTargetDetail
View/getDetectionTargetList
DetectionTarget Configuration Enable agent.
Change Change/deactivateDetectionTarget View/getDetectionTargetDetail
View/getDetectionTargetList
DetectionTarget Configuration Disable agent.
Change Change/releaseDetectionTarget View/getDetectionTargetDetail
View/getDetectionTargetList
DetectionTarget Configuration Remove from detection target.
Change Change/createVPCDetectionTarget View/getNotificationSetting
Change/manageNotificationSetting
View/getVPCServerList
View/getVPCServerDetail
View/getDetectionTargetList
- Configuration Create VPC detection target server.
Change Change/manageNotificationSetting View/getNotificationSetting - Configuration Set notification recipients.

Actions related to server groups

Type Action name Related action(s) Resource type Group by resource type Action description
View View/getServerGroupList View/getDetectionTargetList - Server Group View server group list.
View View/getServerGroupDetail View/getServerGroupList ServerGroup Server Group View server group or specify a server group as an exception.
Change Change/createServerGroup View/getServerGroupList - Server Group Create server group.
Change Change/updateServerGroup View/getServerGroupDetail
View/getServerGroupList
View/getDetectionTargetDetail
View/getDetectionTargetList
ServerGroup ServerGroup Modify server group.
Change Change/deleteServerGroup View/getServerGroupDetail
View/getServerGroupList
ServerGroup Server Group Delete server group.
Change Change/setDetectionTargetServerGroup View/getServerGroupDetail
View/getServerGroupList
View/getDetectionTargetDetail
View/getDetectionTargetList
DetectionTarget Server Group Set detection target in server group or remove it.

Actions related to subscription

Type Action name Related action(s) Resource type Group by resource type Action description
Change Change/subscribeProduct - - Subscription Request subscription to Webshell Behavior Detector.
Note

For more information, refer to the NAVER Cloud Platform portal's Sub Account > Policies.


Was this article helpful?