Change Webshell Behavior Detector settings

Available in VPC

You can adjust various settings required for running Webshell Behavior Detector, such as detection target, detection notification, exception rules, etc.

Exception settings

You can view the exception rules, and add or delete them in the Exception Setting menu.

View exception rules

The following describes how to check the exception rules.

1. From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.
2. Click the Exception Setting > Exception menus in order.
3. Click the exception rule item you'd like to check from the list and check the details.
   

Add exception rule

The following describes how to add exception rules.

1. From NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in order.
2. Click the Exception Setting > Exception menus in order.
3. Click the [Add exception rule] button.
   • If you'd like to replicate an existing exception rule to add, then click the exception rule to replicate from the list, and click the [Replicate exception rule] button.
4. Enter a name for the rule in the settings pop-up window, and set the exception rule.
   
   • Only web shell behaviors that meet all the conditions of the exception rules (AND condition) are excepted.
   • Conditions that can be selected when creating exception rules are as follows.
     • START: Starting with the entered string
     • END: Ending with the entered string
     • NOT USE: Not using this condition

Delete exception rule

The following describes how to add exception rules.

1. From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.
2. Click the Exception Setting > Exception menus in order.
3. Click the [Delete exception rule] button.
4. Click the [Yes] button from the confirmation pop-up window.

Set notifications

You can set the detection notification intervals and recipients in the Notification Setting menu.

Set detection notification recipients

The following describes how to set detection notification recipients.

1. From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.
2. Click the Notification Setting > Recipient menus in order.
   • You'll be directed to NAVER Cloud Platform Monitoring's notification recipients settings page.
3. Click the [Add recipient] button.
   
4. Set the recipient's contact information, and then click the [Register] button.
   

Set notification transmission intervals

The following describes how to set notification transmission intervals.

1. From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.
2. Click the Notification Setting > Interval menus in order.
3. Select a notification transmission interval, and then click the [Save settings] button.
   

Detection settings

You can check the detection target server's status and information and change them in the Detection settings menu. You can also add detection target servers if required. You can also set server groups and use them for setting exception targets in exception rules.

Check and manage detection targets

The following describes how to check and manage detection target servers.

1. From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.
2. Click the Detection Setting > Configuration menus in order.
3. Click the server to check from the list of detection targets, and then check the server's status and information.
   
   • Click the [Change settings] button to change the server's detection settings.
   • Click the [Enable] or [Disable] button to change the server's activation status.
   • Click the [Remove detection target] button to remove the server from the detection target.
   • Click the [Register detection target] button to add detection target servers. Refer to Detection target registration.

Set server groups

If you group servers registered as detection targets, then you can select the group to be the exception target when setting exception rules and apply the rule generally.

Add server group

The following describes how to add a server group.

1. From NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in order.

2. Click the Detection Setting > Server Group menus in order.

3. Click above the server group list, enter the group name, and then click .
   

4. Select servers to be grouped from the server list, and then click the [Move to group] button.

5. Select the server group from the list pop-up window, and then click the [Move] button.

   • The server will be moved to the selected server group.

Remove server from group

The following describes how to remove a specific server from a server group.

1. From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.
2. Click the Detection Setting > Server Group menus in order.
3. Select a server to remove from a group from the server list, and then click the [Remove from group] button.
4. Click the [Remove] button from the confirmation pop-up window.

Delete server group

The following describes how to delete a server group.

1. From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.
2. Click the Detection Setting > Server Group menus in order.
3. From the server group list, click > Delete next to the server group to be deleted.
4. Click the [Delete] button from the confirmation pop-up window.