Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Operation Center

On this page you can view malware which has been detected, as well as its status from a security update perspective.

When a dynamic signature is sent back to FortiGate, FortiMail, or FortiClient, the status information will be displayed so you can see that it has been done.

When a new antivirus update is received, FortiSandbox will recheck all samples not covered by the standard antivirus package and update its status. Malware detected by FortiSandbox before an antivirus signature is available will be marked as Zero-day.

The following options are available:

Refresh

Click the refresh icon to refresh the entries displayed after applying search filters.

Search

Show or hide the search filter field.

Time Period

Select the time period from the drop-down list. Select one of the following: 24 Hours, 7 Days, or 4 Weeks.

Clear all removable filters

Click the trash can icon to clear all removable filters.

Export Data

Click the Export Data button to create a PDF or CSV snapshot report. The time to generate the report is dependent on the number of events selected. You can wait till the report is ready to view, or navigate away and find the report later in Log & Report > Report Center page.

Add Search Filter

Click the search filter field to add search filters. Click the cancel icon to the left of the search filter to remove the specific filter. Click the clear all filters icon in the search filter field to clear all filters.

In this page, several fields, like victim host IP can be the search criteria.

Search filters can be used to filter the information displayed in the GUI.

View Job

Click the View Jobs icon show the job detail page.

Number of Blocks

After a malware's signature is added to a Malware package and downloaded by FortiGate, FortiGate can block subsequent occurrence of it. Hover your cursor on top of the icon, the number of blocks of this Malware is displayed.

In Cloud

An icon will appear if the malware is available in the FortiSandbox Community Cloud.

In Signature

An icon will appear if the malware is included in the current FortiSandbox generated Malware Package.

Perform Rescan

An icon will appear if the malware has a Malicious rating. Users can perform a Rescan to obtain its Sandboxing behavior details.

Archived File

An icon will appear if the file is an Archived File.

Pagination

Use the pagination options to browse entries displayed.

This page displays the following information:

Severity

The severity rating of the malware.

Severity levels include:

  • Low Risk
  • Medium Risk
  • High Risk
  • Malicious

If a file is detected by FortiSandbox first before an antivirus signature is available, the Severity level will be Zero-day.

Victim IP

The IP address of the client that downloaded the malware. Use the column filter to sort the entries in ascending or descending order.

Incident Time

The date and time that the file was received by FortiSandbox. Use the column filter to sort the entries in ascending or descending order.

Threat Name

The name of the virus. Use the column filter to sort the entries in ascending or descending order.

If the virus name is not available, the malware's Severity will be used as its Threat Name.

Action

Current action applied to the malware. Users use this field to track responses taken towards the incident. Three values are available:

  • Action Taken
  • Ignore
  • Action Required. The user can mark an action against a single job, or to all jobs of the same file.
To view file details:
  1. Select a file.
  2. Click the View Details icon. A new tab will open.
  3. See Appendix A - View Details Page Reference for descriptions of the View Details page.
  4. Close the tab to exit the View Details page.

Operation Center

On this page you can view malware which has been detected, as well as its status from a security update perspective.

When a dynamic signature is sent back to FortiGate, FortiMail, or FortiClient, the status information will be displayed so you can see that it has been done.

When a new antivirus update is received, FortiSandbox will recheck all samples not covered by the standard antivirus package and update its status. Malware detected by FortiSandbox before an antivirus signature is available will be marked as Zero-day.

The following options are available:

Refresh

Click the refresh icon to refresh the entries displayed after applying search filters.

Search

Show or hide the search filter field.

Time Period

Select the time period from the drop-down list. Select one of the following: 24 Hours, 7 Days, or 4 Weeks.

Clear all removable filters

Click the trash can icon to clear all removable filters.

Export Data

Click the Export Data button to create a PDF or CSV snapshot report. The time to generate the report is dependent on the number of events selected. You can wait till the report is ready to view, or navigate away and find the report later in Log & Report > Report Center page.

Add Search Filter

Click the search filter field to add search filters. Click the cancel icon to the left of the search filter to remove the specific filter. Click the clear all filters icon in the search filter field to clear all filters.

In this page, several fields, like victim host IP can be the search criteria.

Search filters can be used to filter the information displayed in the GUI.

View Job

Click the View Jobs icon show the job detail page.

Number of Blocks

After a malware's signature is added to a Malware package and downloaded by FortiGate, FortiGate can block subsequent occurrence of it. Hover your cursor on top of the icon, the number of blocks of this Malware is displayed.

In Cloud

An icon will appear if the malware is available in the FortiSandbox Community Cloud.

In Signature

An icon will appear if the malware is included in the current FortiSandbox generated Malware Package.

Perform Rescan

An icon will appear if the malware has a Malicious rating. Users can perform a Rescan to obtain its Sandboxing behavior details.

Archived File

An icon will appear if the file is an Archived File.

Pagination

Use the pagination options to browse entries displayed.

This page displays the following information:

Severity

The severity rating of the malware.

Severity levels include:

  • Low Risk
  • Medium Risk
  • High Risk
  • Malicious

If a file is detected by FortiSandbox first before an antivirus signature is available, the Severity level will be Zero-day.

Victim IP

The IP address of the client that downloaded the malware. Use the column filter to sort the entries in ascending or descending order.

Incident Time

The date and time that the file was received by FortiSandbox. Use the column filter to sort the entries in ascending or descending order.

Threat Name

The name of the virus. Use the column filter to sort the entries in ascending or descending order.

If the virus name is not available, the malware's Severity will be used as its Threat Name.

Action

Current action applied to the malware. Users use this field to track responses taken towards the incident. Three values are available:

  • Action Taken
  • Ignore
  • Action Required. The user can mark an action against a single job, or to all jobs of the same file.
To view file details:
  1. Select a file.
  2. Click the View Details icon. A new tab will open.
  3. See Appendix A - View Details Page Reference for descriptions of the View Details page.
  4. Close the tab to exit the View Details page.