Fortinet black logo

Administration Guide

Home FortiNDR 7.4.5 Administration Guide
7.4.5
7.4.6
7.4.5
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

Malware Log

Malware Log

The Log & Report > Malware Log page displays the malicious malware detected by FortiNDR. Double-click an entry to view a summary of the log.

The Malware Log contains the following tabs:

Detected

Malicious files processed by FortiNDR engines.

Processed

Both clean and malicious files processed by FortiNDR engines.

Processing

Files that still being processed by FortiNDR parsers. The Processing tab is not available in Center mode.

Each tab displays the following information:

Date

The detection date.

MD5

The MD5 has value.

Sensor

The sensor type. Hover over the sensor to view the sensor the IP Address, Last Synch Time, and Status

File ID

The file ID.

File type

The file type. Other indicates the detected file type is not supported by Artificial Neural Networks (ANN).

Detection Name

The unique name of the malware. Click the name view a description in FortiGuard.

Device Type

The device type.

VDOM

The VDOM name.

Attacker

The attacker IP address.

Victim

The victim IP address.

Confidence

The confidence level as a percentage.

Risk

The risk verdict (High, Medium, Low or No Risk).

Indicator

Indicates the detection has IOC details.

Feature Detection

The detection feature type of the malware.

Download a sample

The Sample details page contains the sample meta data and detection information if detected by FortiNDR. You can download the sample from the details page if the sample has been detected as malware. The downloaded sample is compressed as ZIP file with default password Infected.

To download a sample:
  1. Go to Log & Report > Malware Log.
  2. (Optional) Enable Showing Zip Container to download samples detected as malware.
  3. Select a sample and click the View Sample Detail button at the left side of the Search field. The Sample details page opens.
  4. Click the Download File button at the top right-side of the page.

View items in a zip folder

To view items in a zip folder:
  1. In the File Type column, click the Filter/Configure Column icon and select Zip.

  2. Double-click a log to view the contents of the folder.

Perform a batch download

To perform a batch download:
  1. Select the files to download.
  2. Click Batch Download. The files are zipped with a password and downloaded to your device.

Add detections to the Allow List

To add detections to the allow list and submit feedback:
  1. Go to Log & Report > Malware Log.
  2. Right-click a sample and select, Add to Allow List. The Add to Allow List pane opens. Optionally, you can click View Sample Detail and click Add to Allow List.
  3. (Optional) In the Comments field, enter a comment about the detection.

  4. (Optional) Enable Submit feedback to FortiGuard and then enter your Contact Email and your feedback in the Comment field.
  5. Click OK.

Optionally, you can click View Sample Detail and click Add to Allow List.

Advanced search

You can search for detections with Search function or by right-clicking a detection and selecting an option from the menu. The Search function only supports exact matches. Wildcards are not supported.

To use the search feature:
  1. Type key words into the Search field. Partial results are displayed.
  2. Click the plus sign (+) to include filterable columns in your search.
  3. To refine the search results, click the filter icon in the column header.
To search a detection:

Right-click a detection and select one of the following options:

  • Filter by MD5
  • Search by Hash
  • Search similar file(s) with Hash
  • Search by Detection Name
  • Search similar file(s) by Detection name
Previous
Next

On This Page

Download a sample
View items in a zip folder
Perform a batch download
Add detections to the Allow List
Advanced search

Malware Log

Malware Log

The Log & Report > Malware Log page displays the malicious malware detected by FortiNDR. Double-click an entry to view a summary of the log.

The Malware Log contains the following tabs:

Detected

Malicious files processed by FortiNDR engines.

Processed

Both clean and malicious files processed by FortiNDR engines.

Processing

Files that still being processed by FortiNDR parsers. The Processing tab is not available in Center mode.

Each tab displays the following information:

Date

The detection date.

MD5

The MD5 has value.

Sensor

The sensor type. Hover over the sensor to view the sensor the IP Address, Last Synch Time, and Status

File ID

The file ID.

File type

The file type. Other indicates the detected file type is not supported by Artificial Neural Networks (ANN).

Detection Name

The unique name of the malware. Click the name view a description in FortiGuard.

Device Type

The device type.

VDOM

The VDOM name.

Attacker

The attacker IP address.

Victim

The victim IP address.

Confidence

The confidence level as a percentage.

Risk

The risk verdict (High, Medium, Low or No Risk).

Indicator

Indicates the detection has IOC details.

Feature Detection

The detection feature type of the malware.

Download a sample

The Sample details page contains the sample meta data and detection information if detected by FortiNDR. You can download the sample from the details page if the sample has been detected as malware. The downloaded sample is compressed as ZIP file with default password Infected.

To download a sample:
  1. Go to Log & Report > Malware Log.
  2. (Optional) Enable Showing Zip Container to download samples detected as malware.
  3. Select a sample and click the View Sample Detail button at the left side of the Search field. The Sample details page opens.
  4. Click the Download File button at the top right-side of the page.

View items in a zip folder

To view items in a zip folder:
  1. In the File Type column, click the Filter/Configure Column icon and select Zip.

  2. Double-click a log to view the contents of the folder.

Perform a batch download

To perform a batch download:
  1. Select the files to download.
  2. Click Batch Download. The files are zipped with a password and downloaded to your device.

Add detections to the Allow List

To add detections to the allow list and submit feedback:
  1. Go to Log & Report > Malware Log.
  2. Right-click a sample and select, Add to Allow List. The Add to Allow List pane opens. Optionally, you can click View Sample Detail and click Add to Allow List.
  3. (Optional) In the Comments field, enter a comment about the detection.

  4. (Optional) Enable Submit feedback to FortiGuard and then enter your Contact Email and your feedback in the Comment field.
  5. Click OK.

Optionally, you can click View Sample Detail and click Add to Allow List.

Advanced search

You can search for detections with Search function or by right-clicking a detection and selecting an option from the menu. The Search function only supports exact matches. Wildcards are not supported.

To use the search feature:
  1. Type key words into the Search field. Partial results are displayed.
  2. Click the plus sign (+) to include filterable columns in your search.
  3. To refine the search results, click the filter icon in the column header.
To search a detection:

Right-click a detection and select one of the following options:

  • Filter by MD5
  • Search by Hash
  • Search similar file(s) with Hash
  • Search by Detection Name
  • Search similar file(s) by Detection name
Previous
Next