Getting started with Webshell Behavior Detector
- Print
- PDF
Getting started with Webshell Behavior Detector
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Available in VPC
If you've checked the supported environments and required specifications of Webshell Behavior Detector and thoroughly learned the overall scenarios and glossary, you're now ready to start using Webshell Behavior Detector. The first thing to do now is to request subscription for the Webshell Behavior Detector service. You can request subscription to Webshell Behavior Detector and manage your subscription in the NAVER Cloud Platform console.
The following summarizes what you can learn from the starter guide:
- Request subscription to service
- Detection target registration
- Install and execute agent
- Remove detection target
- Cancel service
Request subscription to service
To request subscription to Webshell Behavior Detector, follow these steps:
- Access the console in NAVER Cloud Platform.
- Click VPC from the Platform menu to switch to VPC environment.
- Click Services > Security > Webshell Behavior Detector in order.
- Click the [Request subscription] button.
{height="" width="70%"} - Read the Terms of service, agree to them, and click the [OK] button.
{height="" width="70%"}Note
Click the [Request subscription] button in Services > Security > Webshell Behavior Detector in the NAVER Cloud Platform portal to directly go to the page in Step 3.
Detection target registration
Once you complete the subscription request to the Webshell Behavior Detector service, you need to register servers to detect web shell behaviors for as detection targets.
To register detection targets, follow these steps:
- From the VPC environment of the NAVER Cloud Platform console, click Services > Security > Webshell Behavior Detector in order.
- Click Detection Setting > Configuration in order.
- Click the [Detection target registration] button.
- Select a server to register as a detection target, and set the server environment and notification recipients.
{height="" width="70%"}- You should enter the webroot and upload directory after selecting a server environment. Click the [Add] button after entering the path to complete.
- Webroot directory path is a required item.
- Enter an absolute path, just like the example displayed on the NAVER Cloud Platform screen. If there are multiple paths, enter them all. If some of paths are overlapped, enter the upper path only.
- You can add a note for the detection target server if needed.
{height="" width="70%"}Note
For Kubernetes environments, you can set up the web server environment and web root/upload directory paths after running the Agent POD.
Click the [Complete settings] button once you finish setting.
Check if the configuration is accurately entered from the confirmation popup window, and click the [Detection target registered] button.
- Once the detection target registration is completed, a notification will be sent to notification recipients according to the notification settings.
- The server registered will be added to the list of detection targets, but the agent status will be displayed as Not installed. You have to install and execute the agent in the server.
Install and execute agent
In order for Webshell Behavior Detector to start detecting web shell behaviors normally, you should install and execute the agent in the registered detection target server. For more information, see Install and execute agent.
Remove detection target
You can remove servers registered as detection targets. Please proceed carefully as you're exposed to the risk of web shell attacks if you remove servers from detection targets. The agent ends automatically, and you will not be charged anymore.
To remove servers from detection targets, follow these steps:
- From the VPC environment of the NAVER Cloud Platform console, click Services > Security > Webshell Behavior Detector in order.
- Click Detection Setting > Configuration in order.
- Select a server to remove from the detection target list and click the [Remove detection target] button.
- Check the server's information in the confirmation popup window and click the [Remove detection target] button.
Note
- We recommend disabling it if you won't be using the service in the short term for the detection target. You won't be charged if you disable the detection target, and you can easily enable it again if needed.
- If you remove a server from detection targets, the agent's process is ended, but it won't be deleted. To delete the agent from the server, see Delete agent.
Cancel service
You can cancel service subscription to Webshell Behavior Detector from the NAVER Cloud Platform console. You can cancel the subscription any time you want, but please take note of the billing unit when canceling.
Caution
If you cancel the subscription, all data set, produced and saved while using Webshell Behavior Detector, will be deleted, and you will be exposed to the risk of web shell attacks. Please consider carefully before proceeding with canceling the service.
To unsubscribe, follow these steps:
- From the VPC environment of the NAVER Cloud Platform console, click Services > Security > Webshell Behavior Detector in order.
- Click the Subscription menu.
- Click the [Product in use] button, and click Unsubscribe.
- Check the notification in the Confirmation popup window, and click the [OK] button.
.png?sv=2022-11-02&spr=https&st=2025-04-02T01%3A48%3A52Z&se=2025-04-02T01%3A58%3A52Z&sr=c&sp=r&sig=R%2BwVOeBVbaYbZX9oVnbtU%2B3kKbUZq98tPqX2bBaeBu8%3D)
{height="" width="70%"}
.png?sv=2022-11-02&spr=https&st=2025-04-02T01%3A48%3A52Z&se=2025-04-02T01%3A58%3A52Z&sr=c&sp=r&sig=R%2BwVOeBVbaYbZX9oVnbtU%2B3kKbUZq98tPqX2bBaeBu8%3D)
{height="" width="70%"}Was this article helpful?