Webshell Behavior Detector prerequisites

Prev Next

Available in VPC

Check the information in advance including supported environments and precautions before starting to use the Webshell Behavior Detector service.

Service environment

Webshell Behavior Detector can be used in the following environments:

VM environment

Type Specifications
OS
  • CentOS 6.3 or later
  • Ubuntu 16.04 or later
  • Oracle Linux 7.4 or later
  • Red Hat Enterprise Linux 7.6 or later
  • Windows Server 2017 or later
    		•
    Web Server
  • (Linux) Apache
  • (Linux) Tomcat
  • (Linux) Nginx
  • (Windows) IIS
    		•

    Kubernetes environment

    Type Specifications
    Base OS for Container
  • CentOS 6.3 or later
  • Ubuntu 16.04 or later
  • Oracle Linux 7.4 or later
  • Red Hat Enterprise Linux 7.6 or later
    		•
    Web Server
  • Apache
  • Tomcat
  • Nginx
    		•

    Cautions for use

    When using Webshell Behavior Detector, note the following:

    • Make sure that the agent is enabled from the NAVER Cloud Platform console after installation.
      The agent must be enabled to be able to detect web shell behaviors. If the agent is not enabled, change its status.
    • When installing the agent, check the user guide and make sure that it is configured correctly to your server environment.
      It must be configured according to the server environment to be able to detect web shell behaviors. If strange detections are collected or a confirmation is required whether it is successfully configured, see the user guide.
    • Be careful when taking measures such as isolating files suspected to be web shells or blocking suspicious attacker IPs.
      The list of files suspected to be web shells and suspicious attacker IP show the targets with high probability of being threats. The provided list of suspicious files and IPs is made by collecting various information, such as file creation time and access logs. It is provided for your reference when responding. Make sure to review carefully before isolating files or blocking IPs since isolating normal web service files or blocking normal IPs may cause service failure.
    • Webshell Behavior Detector needs time to adapt to customers' web service environment.
      Intended task behaviors (normal behaviors) may be detected and flagged as suspicious for about a month in the early stage of service use. If you apply exception rules for the normal behaviors, the detection will become more focused on web shell behaviors. You can adjust the notification cycle settings during this adaptation period to stop receiving too many detection notifications.

    Pricing information

    Webshell Behavior Detector is serviced on a pay-as-you-go pricing plan.
    For detailed pricing information about WebShell Behavior Detector, refer to Portal > Service > Security > WebShell Behavior Detector.