Login
      Contents x
      Webshell Behavior Detector permissions management
        • Print
        • PDF
        Contents

        Webshell Behavior Detector permissions management

          • Print
          • PDF
          Article summary

          Available in VPC

          By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for WebShell Behavior Detector. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.

          Note

          Sub Account is a service provided free of charge upon subscription request. For more information on Sub Account, refer to the Services > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, as well as the Sub Account Guide.

          System Managed policies

          System Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account, that sub account can use WebShell Behavior Detector. The following is a brief description about System Managed policies of WebShell Behavior Detector.

          Note

          For how to request subscription to Sub Account, refer to Sub Account Guide.

          Policy namePolicy description
          NCP_ADMINISTRATORPermission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts
          NCP_INFRA_MANAGERPermission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal
          NCP_WEBSHELL_BEHAVIOR_DETECTOR_MANAGERPermission to use of all features in the Webshell Behavior Detector service
          NCP_WEBSHELL_BEHAVIOR_DETECTOR_VIEWERPermission to use only the View feature in the Webshell Behavior Detector service

          User Created policies

          User Created policies are policies that users can create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about User Created policies of WebShell Behavior Detector.

          Actions related to webshell list

          TypeAction nameRelated action(s)Resource typeGroup by resource typeAction description
          ViewView/getWebShellEvents--Webshell ListView the list of detected web shell behaviors.
          ChangeChange/manageWebShellEventView/getServerGroupDetail
          View/getWebShellEvents
          View/getDetectionTargetDetail
          View/getServerGroupList
          View/getDetectionTargetList
          Change/createUserExceptionRule          		-Webshell ListManage the list of detected web shell behaviors.

          Actions related to the excepted list

          TypeAction nameRelated action(s)Resource typeGroup by resource typeAction description
          ViewView/getExceptedWebShellEvents--Excepted ListView the list of web shell behaviors handled as exceptions.
          ChangeChange/manageExceptedWebShellEventView/getExceptedWebShellEvents-Excepted ListManage the list of web shell behaviors handled as exceptions.

          Actions related to quarantine

          TypeAction nameRelated action(s)Resource typeGroup by resource typeAction description
          ViewView/getQuarantinedFileList--QuarantineView the list of isolated files suspected to be web shells.
          ChangeChange/manageQuarantinedFileView/getQuarantinedFileList-QuarantineManage the list of isolated files suspected to be web shells.

          Actions related to exception rules

          TypeAction nameRelated action(s)Resource typeGroup by resource typeAction description
          ViewView/getUserExceptionRuleList--Exception RuleView the list of exception rules.
          ViewView/getUserExceptionRuleDetailView/getUserExceptionRuleListExceptionRuleExceptionRuleView exception rule details.
          ViewView/getDeletedUserExceptionRuleList--Exception Rule LogView the list of deleted exception rules.
          ChangeChange/createUserExceptionRuleView/getUserExceptionRuleList
          View/getServerGroupDetail
          View/getDetectionTargetDetail
          View/getServerGroupList
          View/getDetectionTargetList          		-Exception RuleCreate exception rule.
          ChangeChange/copyUserExceptionRuleView/getUserExceptionRuleList
          View/getUserExceptionRuleDetail
          View/getServerGroupDetail
          View/getDetectionTargetDetail
          View/getServerGroupList
          View/getDetectionTargetList          		ExceptionRuleException RuleReplicate exception rule.
          ChangeChange/deleteUserExceptionRuleView/getUserExceptionRuleListExceptionRuleExceptionRuleDelete exception rule.

          Actions related to deleted exception rules (logs)

          TypeAction nameRelated action(s)Resource typeGroup by resource typeAction description
          ViewView/getDeletedUserExceptionRuleList--Exception Rule LogView the list of deleted exception rules.
          ViewView/getDeletedUserExceptionRuleDetailView/getDeletedUserExceptionRuleList-Exception Rule LogView deleted exception rule details.
          ChangeChange/updateDeletedUserExceptionRuleMemoView/getDeletedUserExceptionRuleDetail
          View/getDeletedUserExceptionRuleList          		-Exception Rule LogEdit memo attached to deleted exception rule.
          ChangeChange/recoveryDeletedUserExceptionRuleView/getDeletedUserExceptionRuleDetail
          View/getDeletedUserExceptionRuleList          		-Exception Rule LogRestore deleted exception rule.

          Actions related to notification intervals

          TypeAction nameRelated action(s)Resource typeGroup by resource typeAction description
          ViewView/getNotificationInterval--IntervalView notification interval settings for web shell behavior detection.
          ChangeChange/updateNotificationIntervalView/getNotificationInterval-IntervalChange notification interval for web shell behavior detection.

          Actions related to configuration

          TypeAction nameRelated action(s)Resource typeGroup by resource typeAction description
          ViewView/getDetectionTargetList--ConfigurationView the list of detection targets.
          ViewView/getDetectionTargetDetailView/getDetectionTargetListDetectionTargetConfigurationView detection target details.
          ViewView/getVPCServerList--ConfigurationView VPC server list.
          ViewView/getVPCServerDetailView/getVPCServerListVPCServer:ServerConfigurationSelect target VPC server to detect.
          ViewView/getNotificationSetting--ConfigurationView notification recipient settings.
          ChangeChange/updateDetectionTargetMemoView/getDetectionTargetDetail
          View/getDetectionTargetList          		DetectionTargetConfigurationEdit memo attached to detection target.
          ChangeChange/updateDetectionTargetView/getNotificationSetting
          Change/manageNotificationSetting
          View/getDetectionTargetDetail
          View/getDetectionTargetList
          Change/activateDetectionTarget
          Change/deactivateDetectionTarget          		DetectionTargetConfigurationModify detection target settings.
          ChangeChange/activateDetectionTargetView/getDetectionTargetDetail
          View/getDetectionTargetList          		DetectionTargetConfigurationEnable agent.
          ChangeChange/deactivateDetectionTargetView/getDetectionTargetDetail
          View/getDetectionTargetList          		DetectionTargetConfigurationDisable agent.
          ChangeChange/releaseDetectionTargetView/getDetectionTargetDetail
          View/getDetectionTargetList          		DetectionTargetConfigurationRemove from detection target.
          ChangeChange/createVPCDetectionTargetView/getNotificationSetting
          Change/manageNotificationSetting
          View/getVPCServerList
          View/getVPCServerDetail
          View/getDetectionTargetList          		-ConfigurationCreate VPC detection target server.
          ChangeChange/manageNotificationSettingView/getNotificationSetting-ConfigurationSet notification recipients.

          Actions related to server groups

          TypeAction nameRelated action(s)Resource typeGroup by resource typeAction description
          ViewView/getServerGroupListView/getDetectionTargetList-Server GroupView server group list.
          ViewView/getServerGroupDetailView/getServerGroupListServerGroupServer GroupView server group or specify a server group as an exception.
          ChangeChange/createServerGroupView/getServerGroupList-Server GroupCreate server group.
          ChangeChange/updateServerGroupView/getServerGroupDetail
          View/getServerGroupList
          View/getDetectionTargetDetail
          View/getDetectionTargetList          		ServerGroupServerGroupModify server group.
          ChangeChange/deleteServerGroupView/getServerGroupDetail
          View/getServerGroupList          		ServerGroupServer GroupDelete server group.
          ChangeChange/setDetectionTargetServerGroupView/getServerGroupDetail
          View/getServerGroupList
          View/getDetectionTargetDetail
          View/getDetectionTargetList          		DetectionTargetServer GroupSet detection target in server group or remove it.

          Actions related to subscription

          TypeAction nameRelated action(s)Resource typeGroup by resource typeAction description
          ChangeChange/subscribeProduct--SubscriptionRequest subscription to Webshell Behavior Detector.
          Note

          For more information, refer to the NAVER Cloud Platform portal's Sub Account > Policies.

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout