documentation
MBUSTER
User Guides
MBUSTER Management

MBUSTER Management

Domain Creation

This page allows you to create a domain for applying macro blocking. You can enter information about the domain you want to create by clicking the Register Domain button at the top right of MBUSTER Management > Domain Creation or MBUSTER Management > Domain Management.

  • Domain Alias: Register an alias to distinguish the domain
  • Domain: Enter the domain of the site where macro blocking will be performed

Domain Management

Domain management is a page where you can register, modify, and delete domains for macro blocking.

도메인 관리

On the domain management page, you can find the following information and features:

  • Domain Search: Search function within the list
  • No: List order number
  • Domain: Target site domain
  • Domain Name: Domain alias
  • Standard Deviation from Average: Calculated value used for the threshold of access count based on statistics
  • Edit: Button to modify the domain
  • Delete: Button to delete the domain
  • Policy Setting: Button to navigate the page where you can set policies for the domain

Domain Modification

도메인 수정

When you click the Modify button, you can modify the information about the created domain.

  • Domain Name: Domain alias
  • Standard Deviation from Average: Calculated value used for the threshold of access count based on statistics. Only numerical input is allowed.
ℹ️

Only the organization owner can access the domain creation and domain management menus. After creating a domain, please assign it to members invited to the organization. 🔎 SCP Member Management


Policy Settings

Policy settings is a page where you can turn each macro blocking policy ON or OFF for a selected domain, and set thresholds and secondary verification policies for behavior analysis conditions.

정책 설정

There are a total of 5 macro blocking policies:

1️⃣ Blocking through Header Analysis

Determines whether to block macros by analyzing the request header values of users accessing the website. This involves static analysis.

2️⃣ Blocking through IP Management

Determines whether to block based on BOT IPs managed by MBUSTER and IPs set for blocking. This involves static analysis.

3️⃣ Blocking through Access Statistics Analysis

Determines whether to block users through access statistics analysis. You can set a threshold value for the number of allowed accesses exceeding the average. The threshold is a percentage over the average access count. This involves static analysis.

4️⃣ Blocking Overseas Access

Determines whether to block if the accessing IP is from overseas. This involves dynamic analysis. If access from an overseas IP is blocked, the user must have their blocked status and personal identification ID released before they can access again from within the country.

5️⃣ Behavior Analysis Policy Settings

Sets whether to block users based on behavior analysis. Each behavior analysis can be turned on and off via toggle switches. However, if the behavior analysis policy setting is OFF, the underlying settings will not operate even if they are ON.

Behavior analysis policy extraction group names are as follows:

Extraction Group NameDescription
Excessive Page RequestsOccurs when a specific URL is excessively requested, based on a specific time period from a user
Repeated Page RequestsOccurs when the number of URL calls repeats in the same pattern per minute
Bypass Access to PageOccurs when access to a specific page happens outside the designated time
Abnormal Page AccessOccurs when a specific URL is repeatedly accessed directly, or when a single personal identification ID is accessed from multiple IPs, or when multiple personal identification IDs are issued from a single IP
ℹ️

Abnormal Page Access Policy exception: MBUSTER's behavior analysis is managed on a per-device basis (per terminal), not per IP. If multiple devices access from a single IP, the IP is considered the origin of abnormal behavior and is blocked on an IP basis. This type of block cannot be lifted by general administrators and must be lifted by requesting technical support from an engineer.

Behavior Analysis Settings include the following items:

  • Macro Detection: Behavior analysis conditions
  • Threshold: The threshold for detecting a user's behavior type in the specified behavior analysis type. Only numerical input is allowed.
  • Secondary Verification Attempts: Sets how many times secondary verification will be conducted. If the set number of attempts is exceeded, the user is considered a macro and blocked.
  • Target URL: Specifies the URL to be detected.
  • Start, End Time: In [Bypass Access to Page], you can specify the start and end times, and apply the policy outside these times.

Secondary Verification Policies include three types:

  • Browser Challenge: A JavaScript cryptographic puzzle developed by MBUSTER. During the challenge, the user consumes hardware resources. Therefore, simple bots without a JavaScript execution stack cannot pass the challenge, and attackers using macros for multiple access drain their hardware resources.
  • CAPTCHA: Requires users detected in a specified type to enter a CAPTCHA. If they fail to enter the CAPTCHA within the set number of secondary verification attempts, they are blocked.
  • Block: Immediately blocks users detected in a specified type.
ℹ️

Behavior analysis policy settings are based on collected logs and are registered as policies through batch processing, not in real time.

Exception Management

Exception management is a page that allows you to apply exceptions to specific users so that even if MBUSTER considers them macros, they are not blocked.

예외 처리 관리

  • Registration Type: Choose the type of value to apply the exception. You can select from IP/ID/Personal Identification ID.
  • Registration Value: Enter the value to apply the exception.
    • For example, for an IP: 234.23.13.254 / for an ID: user123 / for a Personal Identification ID: 234.23.13.254_T_20554_WC
  • Policy Application: Select which policy to apply the user's exception. You can select multiple or all policies if you do not wish to block the user in any policy.

Audit Logs

Records audit logs for the menus accessed by users in MBUSTER.

감사로그

  • Period Search: Select the period you want to search.
  • Search: Search based on IP/ID/Name/Content entered.
  • User Information: Shows the actor.
  • User IP: Shows the actor's IP.
  • Time: Shows the time the actor accessed the menu or performed an action.
  • Content: Shows the action performed by the actor.

BOT List

The BOT list page displays information about harmful BOTs managed by MBUSTER.

BOT 리스트

  • Domain: Select the domain you want to search.
  • Period Search: Select the period you want to search.
  • IP Search: Search the list and chart based on the searched IP.
  • BOT List: Displays the BOT list along with the country information.
    • Country: BOT's country information
    • IP: BOT's IP
  • BOT Chart: Displays the country information of the BOTs.

Reports

You can query reports based on the specified date and time and download them in Excel.

보고서


배너 (opens in a new tab)

IP Detailed InfoMBUSTER MANAGER