Optional: Installing custom VM
Prepare custom VM
FortiSandbox AWS supports custom VMs. The user can provide the VHD image for created customer VM, and FSA firmware can load the VM image and use it for sample analysis.
How to create a custom VM:
Create the VHD image with a virtualization software solution. For example, VirtualBox. Refer to the custom VM section of the FortiSandbox Administration Guide for further details and instruction.
Key components:
- When creating the VM, specify VHD as the disk image format.
- The disk controller must be IDE.
- The disk size must not over 20GB.
- The OS must have the PV Driver installed. (current ver, 7.4.6). https://s3.amazonaws.com/ec2-downloads-windows/Drivers/AWSPVDriverSetup.zip
-
Copy the FortiSandbox Tools folder to any location (e.g.
C:\
) of the custom VM, and add theFSALauncher.exe
(FSALauncher_x64.exe for 64bit
) to be an auto-startup program (using the Startup folder or Task Scheduler). -
Windows should be configured to auto-login
Share the VHD file and accessible from SSH/FTP from on public server, or a internal server that can be accessed from the FSA firmware.
Enter firmware CLI
If you don’t choose the without key pair option, log in using password |
- Before logging in, convert the saved
pem
file which you downloaded while creating the key pair toppk
file. - Log in to CLI using the Elastic IP you created by entering username as admin and with the
ppk
file. - In the CLI, run the
status
command to view the VM status.
Install via CLI
- To install the VM via the CLI, go to FSA firmware CLI.
- Import the VHD image using CLI command
vm-customized
.
For further information about the vm-customized command. Please refer to the FortiSandbox CLI Reference Guide available in the Fortinet Document Library.
Submit a test
- Navigate to Scan Input > File On-Demand > Submit File. The Submit File dialog box will open.
- Click on choose file and upload the file
fiddler2setup.exe
, and submit. You should receive a Clean rating after you send the file to FortiSandbox if the uploaded file is clean and not harmful. - Upload any file that might be harmful. For example the
fsa_dropper.vxe
file. Click on Submit, you will be alerted by FortiSandbox that this file is harmful if it contains any malware. - After uploading files, you can view File On-Demand page and select any file to check.
- Click the View File icon to view its details.
The file fsa_dropper.vxe
, is a fake high-risk sample created by Fortinet. For harmful malicious behavior, FortiSandbox will detect them as High Risk.
To submit a file for risk analysis:
- Click on the View File icon of your submitted file for risk analysis.
- Click on the file.
- Click on Details.
- The High-Risk Dropper page will open.