Fortinet black logo

Administration Guide

Home FortiNDR 7.2.2 Administration Guide
7.2.2
7.4.6
7.4.5
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

Malware Log

Malware Log

Malware Log reports provide administrators with a detailed view of malicious malware detected.

Details include Date, MD5 checksum, File Type such as portable executable, HTML, and so on. Detection Name is the unique name of the malware. Device Type is the source device from which the sample file is, eg. Sniffer, ICAP, etc.

The Malware Log also shows the Confidence Level as a percentage and as well as a Risk verdict of High, Medium, Low or No Risk.

The Indicator displays icons if the detection has IOC detail. Feature Detection shows the detection feature type of the malware.

Malware Log has the following pages.

Detected

Malicious files processed by FortiNDR engines.

Processed

Both clean and malicious files processed by FortiNDRengines.

Processing

Files still under processing by FortiNDR parsers.

Double-click an entry to view a summary of the log entry

Double-click a zip folder to view what is inside the folder.

Enable Showing Zip Container to view the extracted files in the page.

Advanced search

When you type a key words into the search field it will display partial results. Click the plus sign (+) to include filterable columns in your search. The Search function only supports exact matches. Wildcards are not supported.

You can also filter the logs by clicking the filter icon in the column heading.

Viewing the sample details

The Sample details page contains the sample meta data and detection information if detected by FortiNDR. You can download the sample from the details page if sample has been detected as malware. The downloaded sample is compressed as ZIP file with default password Infected.

To download a sample:
  1. Go to Log & Report > Malware Log.
  2. (Optional) Enable Showing Zip Container to download samples detected as malware.
  3. Select a sample and click the View Sample Detail button at the right side of the Search field. The Sample details page opens.
  4. Click the Download File button at the top right-side of the page.

Previous
Next

Malware Log

Malware Log

Malware Log reports provide administrators with a detailed view of malicious malware detected.

Details include Date, MD5 checksum, File Type such as portable executable, HTML, and so on. Detection Name is the unique name of the malware. Device Type is the source device from which the sample file is, eg. Sniffer, ICAP, etc.

The Malware Log also shows the Confidence Level as a percentage and as well as a Risk verdict of High, Medium, Low or No Risk.

The Indicator displays icons if the detection has IOC detail. Feature Detection shows the detection feature type of the malware.

Malware Log has the following pages.

Detected

Malicious files processed by FortiNDR engines.

Processed

Both clean and malicious files processed by FortiNDRengines.

Processing

Files still under processing by FortiNDR parsers.

Double-click an entry to view a summary of the log entry

Double-click a zip folder to view what is inside the folder.

Enable Showing Zip Container to view the extracted files in the page.

Advanced search

When you type a key words into the search field it will display partial results. Click the plus sign (+) to include filterable columns in your search. The Search function only supports exact matches. Wildcards are not supported.

You can also filter the logs by clicking the filter icon in the column heading.

Viewing the sample details

The Sample details page contains the sample meta data and detection information if detected by FortiNDR. You can download the sample from the details page if sample has been detected as malware. The downloaded sample is compressed as ZIP file with default password Infected.

To download a sample:
  1. Go to Log & Report > Malware Log.
  2. (Optional) Enable Showing Zip Container to download samples detected as malware.
  3. Select a sample and click the View Sample Detail button at the right side of the Search field. The Sample details page opens.
  4. Click the Download File button at the top right-side of the page.

Previous
Next