Webshell Behavior Detector permissions management

Prev Next

Available in VPC

You can set different access permissions for WebShell Behavior Detector using NAVER Cloud Platform's Sub Account service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.

Note

Sub Account is a free service with no additional charges. For more information about Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and the Sub Account user guide.

System-managed policies

System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access WebShell Behavior Detector. Here are the available system-managed policies for WebShell Behavior Detector:

Note

For how to subscribe to Sub Account, see the Sub Account user guide.

Policy name Policy description
NCP_ADMINISTRATOR Full access to all services, same as the main account
NCP_INFRA_MANAGER Access to all NAVER Cloud Platform services, except the My Account > Pricing information and cost management > Billing and payment management menu on the console
NCP_FINANCE_MANAGER Access to Cost Explorer and the My Account > Pricing information and cost management > Billing and payment management menu on the console
NCP_WEBSHELL_BEHAVIOR_DETECTOR_MANAGER Full access to all WebShell Behavior Detector features
NCP_WEBSHELL_BEHAVIOR_DETECTOR_VIEWER View-only access to all WebShell Behavior Detector features

User-defined policies

User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions you've allowed. Here are the available user-defined policies for WebShell Behavior Detector:

Actions related to WebShell List

| Type | Action name | Related action | Resource type | Group by resource type | Action description |
| ---- | ---- | ---- | ---- | ---- | ---- |
| View | View/getWebShellEvents | - | - | WebShell List | View list of detected web shell behaviors. |
| Change | Change/manageWebShellEvent | View/getServerGroupDetail
View/getWebShellEvents
View/getDetectionTargetDetail
View/getServerGroupList
View/getDetectionTargetList
Change/createUserExceptionRule | - | WebShell List | Manage list of detected web shell behaviors. |

Actions related to the excepted list

| Type | Action name | Related action | Resource type | Group by resource type | Action description |
| ---- | ---- | ---- | ---- | ---- | ---- |
| View | View/getExceptedWebShellEvents | - | - | Excepted List | View list of web shell behaviors handled as exceptions. |
| Change | Change/manageExceptedWebShellEvent | View/getExceptedWebShellEvents | - | Excepted List | Manage list of web shell behaviors handled as exceptions. |

Actions related to Quarantine

| Type | Action name | Related action | Resource type | Group by resource type | Action description |
| ---- | ---- | ---- | ---- | ---- | ---- |
| View | View/getQuarantinedFileList | - | - | Quarantine | View list of isolated files suspicious to be web shells. |
| Change | Change/manageQuarantinedFile | View/getQuarantinedFileList | - | Quarantine | Manage list of isolated files suspicious to be web shells. |

Actions related to exception rules

| Type | Action name | Related action | Resource type | Group by resource type | Action description |
| ---- | ---- | ---- | ---- | ---- | ---- |
| View | View/getUserExceptionRuleList | - | - | Exception Rule | View list of exception rules. |
| View | View/getUserExceptionRuleDetail | View/getUserExceptionRuleList | ExceptionRule | ExceptionRule | View exception rule details. |
| View | View/getDeletedUserExceptionRuleList | - | - | Exception Rule Log | View list of deleted exception rules. |
| Change | Change/createUserExceptionRule | View/getUserExceptionRuleList
View/getServerGroupDetail
View/getDetectionTargetDetail
View/getServerGroupList
View/getDetectionTargetList | - | Exception Rule | Create exception rule. |
| Change | Change/copyUserExceptionRule | View/getUserExceptionRuleList
View/getUserExceptionRuleDetail
View/getServerGroupDetail
View/getDetectionTargetDetail
View/getServerGroupList
View/getDetectionTargetList | ExceptionRule | Exception Rule | Replicate exception rule. |
| Change | Change/deleteUserExceptionRule | View/getUserExceptionRuleList | ExceptionRule | ExceptionRule | Delete exception rule. |
| Change | Change/updateUserExceptionRuleMemo | View/getUserExceptionRuleList
View/getUserExceptionRuleDetail | ExceptionRule | ExceptionRule | Edit memo of exception rule. |

Actions related to deleted exception rules (logs)

| Type | Action name | Related action | Resource type | Group by resource type | Action description |
| ---- | ---- | ---- | ---- | ---- | ---- |
| View | View/getDeletedUserExceptionRuleList | - | - | Exception Rule Log | View list of deleted exception rules. |
| View | View/getDeletedUserExceptionRuleDetail | View/getDeletedUserExceptionRuleList | - | Exception Rule Log | View deleted exception rule details. |
| Change | Change/updateDeletedUserExceptionRuleMemo | View/getDeletedUserExceptionRuleDetail
View/getDeletedUserExceptionRuleList | - | Exception Rule Log | Edit memo of deleted exception rule. |
| Change | Change/recoveryDeletedUserExceptionRule | View/getDeletedUserExceptionRuleDetail
View/getDeletedUserExceptionRuleList | - | Exception Rule Log | Restore deleted exception rule. |

Actions related to notification interval

| Type | Action name | Related action | Resource type | Group by resource type | Action description |
| ---- | ---- | ---- | ---- | ---- | ---- |
| View | View/getNotificationInterval | - | - | Interval | View notification interval settings for web shell behavior detection. |
| Change | Change/updateNotificationInterval | View/getNotificationInterval | - | Interval | Change notification interval for web shell behavior detection. |

Actions related to configuration

| Type | Action name | Related action | Resource type | Group by resource type | Action description |
| ---- | ---- | ---- | ---- | ---- | ---- |
| View | View/getDetectionTargetList | - | - | Configuration | View list of detection targets. |
| View | View/getDetectionTargetDetail | View/getDetectionTargetList | DetectionTarget | Configuration | View detection target details. |
| View | View/getVPCServerList | - | - | Configuration | View VPC server list. |
| View | View/getVPCServerDetail | View/getVPCServerList | VPCServer:Server | Configuration | Select VPC server to detect. |
| View | View/getNotificationSetting | - | - | Configuration | View notification recipient settings. |
| Change | Change/updateDetectionTargetMemo | View/getDetectionTargetDetail
View/getDetectionTargetList | DetectionTarget | Configuration | Edit memo of detection target. |
| Change | Change/updateDetectionTarget | View/getNotificationSetting
Change/manageNotificationSetting
View/getDetectionTargetDetail
View/getDetectionTargetList
Change/activateDetectionTarget
Change/deactivateDetectionTarget | DetectionTarget | Configuration | Edit detection target settings. |
| Change | Change/activateDetectionTarget | View/getDetectionTargetDetail
View/getDetectionTargetList | DetectionTarget | Configuration | Enable agent. |
| Change | Change/deactivateDetectionTarget | View/getDetectionTargetDetail
View/getDetectionTargetList | DetectionTarget | Configuration | Disable agent. |
| Change | Change/releaseDetectionTarget | View/getDetectionTargetDetail
View/getDetectionTargetList | DetectionTarget | Configuration | Remove from detection target. |
| Change | Change/createVPCDetectionTarget | View/getNotificationSetting
Change/manageNotificationSetting
View/getVPCServerList
View/getVPCServerDetail
View/getDetectionTargetList | - | Configuration | Create a detection target with a VPC platform server. |
| Change | Change/manageNotificationSetting | View/getNotificationSetting | - | Configuration | Set notification recipients |

Actions related to server group

| Type | Action name | Related action | Resource type | Group by resource type | Action description |
| ---- | ---- | ---- | ---- | ---- | ---- |
| View | View/getServerGroupList | View/getDetectionTargetList | - | Server Group | View server group list. |
| View | View/getServerGroupDetail | View/getServerGroupList | ServerGroup | Server Group | View server group or specify a server group as an exception. |
| Change | Change/createServerGroup | View/getServerGroupList | - | Server Group | Create server group. |
| Change | Change/updateServerGroup | View/getServerGroupDetail
View/getServerGroupList
View/getDetectionTargetDetail
View/getDetectionTargetList | ServerGroup | ServerGroup | Edit server group. |
| Change | Change/deleteServerGroup | View/getServerGroupDetail
View/getServerGroupList | ServerGroup | Server Group | Delete server group. |
| Change | Change/setDetectionTargetServerGroup | View/getServerGroupDetail
View/getServerGroupList
View/getDetectionTargetDetail
View/getDetectionTargetList | DetectionTarget | Server Group | Set detection target in server group or remove from it. |

Actions related to subscription

| Type | Action name | Related action | Resource type | Group by resource type | Action description |
| ---- | ---- | ---- | ---- | ---- | ---- |
| Change | Change/subscribeProduct | - | - | Subscription | Subscribe to Webshell Behavior Detector. |

Note

For more information, see Sub Account > Policies from the NAVER Cloud Platform portal.