- Print
- PDF
Change Webshell Behavior Detector settings
- Print
- PDF
Available in VPC
You can adjust various settings required for running Webshell Behavior Detector, such as detection target, detection notification, exception rules, etc.
Exception settings
You can view the exception rules, and add or delete them in the Exception Setting menu.
View exception rules
The following describes how to check the exception rules.
- From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.
- Click the Exception Setting > Exception menus in order.
- Click the exception rule item you'd like to check from the list and check the details.
Add exception rule
The following describes how to add exception rules.
- From NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in order.
- Click the Exception Setting > Exception menus in order.
- Click the [Add exception rule] button.
- If you'd like to replicate an existing exception rule to add, then click the exception rule to replicate from the list, and click the [Replicate exception rule] button.
- Enter a name for the rule in the settings pop-up window, and set the exception rule.
- Only web shell behaviors that meet all the conditions of the exception rules (AND condition) are excepted.
- Conditions that can be selected when creating exception rules are as follows.
- START: Starting with the entered string
- END: Ending with the entered string
- NOT USE: Not using this condition
Use the NOT USE condition with caution since it widens the range of the targets handled by the exception rule. If used excessively, then it may increase the chance of web shells not being detected.
If you set the detection target as a server group, then you can select it as the exception rule application target and apply the exception rule generally. For more details about setting server groups, refer to Set server groups.
Delete exception rule
The following describes how to add exception rules.
- From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.
- Click the Exception Setting > Exception menus in order.
- Click the [Delete exception rule] button.
- Click the [Yes] button from the confirmation pop-up window.
You can see the deleted exception rules in the Exception Setting > Log menu, and restore them if necessary.
Set notifications
You can set the detection notification intervals and recipients in the Notification Setting menu.
Set detection notification recipients
The following describes how to set detection notification recipients.
- From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.
- Click the Notification Setting > Recipient menus in order.
- You'll be directed to NAVER Cloud Platform Monitoring's notification recipients settings page.
- Click the [Add recipient] button.
- Set the recipient's contact information, and then click the [Register] button.
Set notification transmission intervals
The following describes how to set notification transmission intervals.
- From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.
- Click the Notification Setting > Interval menus in order.
- Select a notification transmission interval, and then click the [Save settings] button.
There may be relatively many notifications in the early stage of using the service since not enough exceptions have been set. We recommend setting a long interval in the early stage, and then making the interval shorter after a month or so.
Detection settings
You can check the detection target server's status and information and change them in the Detection settings menu. You can also add detection target servers if required. You can also set server groups and use them for setting exception targets in exception rules.
Check and manage detection targets
The following describes how to check and manage detection target servers.
- From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.
- Click the Detection Setting > Configuration menus in order.
- Click the server to check from the list of detection targets, and then check the server's status and information.
- Click the [Change settings] button to change the server's detection settings.
- Click the [Enable] or [Disable] button to change the server's activation status.
- Click the [Remove detection target] button to remove the server from the detection target.
- Click the [Register detection target] button to add detection target servers. Refer to Detection target registration.
Set server groups
If you group servers registered as detection targets, then you can select the group to be the exception target when setting exception rules and apply the rule generally.
Add server group
The following describes how to add a server group.
From NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in order.
Click the Detection Setting > Server Group menus in order.
Click above the server group list, enter the group name, and then click .
Select servers to be grouped from the server list, and then click the [Move to group] button.
Select the server group from the list pop-up window, and then click the [Move] button.
- The server will be moved to the selected server group.
Click > Edit next to the server group in the server group list if you'd like to change the server group's name.
Remove server from group
The following describes how to remove a specific server from a server group.
- From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.
- Click the Detection Setting > Server Group menus in order.
- Select a server to remove from a group from the server list, and then click the [Remove from group] button.
- Click the [Remove] button from the confirmation pop-up window.
Delete server group
The following describes how to delete a server group.
- From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.
- Click the Detection Setting > Server Group menus in order.
- From the server group list, click > Delete next to the server group to be deleted.
- Click the [Delete] button from the confirmation pop-up window.