Login
      Contents x
      Get started with Webshell Behavior Detector
        • Print
        • PDF
        Contents

        Get started with Webshell Behavior Detector

          • Print
          • PDF
          Article Summary

          Available in VPC

          If you've checked the supported environments and required specifications of Webshell Behavior Detector, and thoroughly learned the overall scenarios and terms, then you're now ready to start using Webshell Behavior Detector. The first thing to do now is to request subscription for the Webshell Behavior Detector service. You can request subscription to Webshell Behavior Detector and manage your subscription in NAVER Cloud Platform's console.

          The following summarizes what you can learn from the starter guide.

          Request subscription to service

          The following describes how to request subscription to Webshell Behavior Detector.

          1. Access the console in NAVER Cloud Platform.

          2. Click VPC from the Platform menu to switch to VPC environment.

          3. Click the Services > Security > Webshell Behavior Detector menus in this order.

          4. Click the [Request subscription] button.
            wbd-wbdstart-subscribe-vpc-en

          5. Read the Terms and Conditions, agree to them, and then click the [Confirm] button.

          Note

          Click the [Request subscription] button from NAVER Cloud Platform portal's Service > Security > Webshell Behavior Detector to directly go to the page in Step 3.

          Detection target registration

          Once you complete the subscription request to the Webshell Behavior Detector service, you need to register servers to detect web shell behaviors for as detection targets.

          The following describes how to register detection targets.

          1. From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.

          2. Click the Detection Setting > Configuration menus in order.
            wbd-wbdstart-config-vpc-en

          3. Click the [Detection target registration] button.

          4. Select a server to register as a detection target, and then set the server environment and notification recipients.
            wbd-wbdstart-addserver-vpc-en

            • You should enter the webroot and upload directory after selecting a server environment. Click the [Add] button after entering the path to complete.
            • Webroot directory path is a required item.
            • Enter an absolute path, just like the example displayed on the screen. If there are multiple paths, then enter them all. If some of paths are overlapped, then enter the upper path only.
            • You can add a memo for the detection target server if needed.

          5. Click the [Complete settings] button once you finish setting.

          6. Check if the configuration is accurately entered from the confirmation pop-up window, and then click the [Detection target registered] button.

            • Once the detection target registration is completed, a notification will be sent to notification recipients according to the notification settings.
            • The server registered will be added to the list of detection targets, but the agent status will be displayed as Not installed. You have to install and execute the agent in the server.

          Install and execute the agent

          In order for Webshell Behavior Detector to start detecting web shell behaviors normally, you should install and execute the agent in the registered detection target server. For more details, please refer to Install and execute agent.

          Remove detection target

          You can remove servers registered as detection targets. Please proceed carefully as you're exposed to the risk of web shell attacks if you remove servers from detection targets. The agent ends automatically, and you will not be charged anymore.

          The following describes how to remove servers from detection targets.

          1. From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.
          2. Click the Detection Setting > Configuration menus in order.
          3. Select a server to remove from the detection target list, and then click the [Remove detection target] button.
          4. Check the server's information in the confirmation pop-up window and click the [Remove detection target] button.
          Note
          • We recommend disabling it if you won't be using the service in the short term for the detection target. You won't be charged if you disable the detection target, and you can easily enable it again if needed.
          • If you remove a server from detection targets, then the agent's process is ended, but it won't be deleted. If you'd like to delete the agent from the server, then please refer to Delete agent.

          Cancel service

          You can cancel service subscription to Webshell Behavior Detector from the NAVER Cloud Platform console. You can cancel the subscription any time you want, but please take note of the billing standard when canceling.

          Caution

          If you cancel the subscription, then all data set, produced, and saved while using Webshell Behavior Detector will be deleted, and you will be exposed to the risk of web shell attacks. Please consider carefully before proceeding with canceling the service.

          The following describes how to cancel subscription.

          1. From the VPC environment of the NAVER Cloud Platform console, click the Services > Security > Webshell Behavior Detector menus in this order.

          2. Select the Subscription menu.

          3. Click the [Product in use] button, and then click Cancel subscription.
            wbd-wbdstart-cancel-vpc-en

          4. Check the notification in the confirmation pop-up window, and then click the [Confirm] button.

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout