Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

URL Scan Search

To view all URL scan jobs and search URLs, go to FortiView > URL Scan Search. You can apply search filters to drill down the information displayed. URLs can be searched based on different criteria, and a snapshot report can be created for all search results.

If the device is the Master node of a cluster, all jobs processed by the cluster are available to be searched. If the device is a Slave node of a cluster, only jobs processed by this device are available to be searched.

The following options are available:

Refresh

Click the refresh icon to refresh the entries displayed after applying search filters.

Search Field

Enter the detection time frame and click to add additional search filters for Destination, Device, Infected OS Job ID, Job Status, Rated By, Rating, Scan Unit, Submit User, Submitted Filename and URL. When the search criteria is Submitted Filename, click the = sign to toggle between the exact and pattern search.

Time Period

Select a time period to apply to the search.

Export to Report

Select to open the Report Generator dialog box. Select to generate a PDF or CSV report. During generation, do not close the dialog box or navigate away from the page. You can wait till the report is ready to view, or navigate away and find the report later in Log & Report > Report Center page.

Customize

Click the Customize icon to customize the Job View settings page. Go to Job View Settings for more information.

Action

 

 

View Details

Click the View Details icon to view file information. The information displayed in the view details page is dependent on the file type and risk level.

 

FortiGuard Advanced Static Scan

The icon displays that the URL is rated by user's overridden verdict, or FortiGuard advanced static scan

 

Rescan Job

The icon displays that the job is a customized rescan job of a Malicious URL.

 

Video

Click on the Video button to play the video of the scan job. Scan videos are available in On Demand scans if user has the privilege.

 

Archive File

The icon displays that the URL is from a file from an On Demand scan

 

File Downloading URL

The icon displays that the URL is from a downloading URL, and its payload is also scanned as a file scan job.

 

Perform Rescan

Click the icon to rescan the entry. In the Rescan Configuration dialog box you can select to skip Static Scan, AV Scan, Cloud Query, and Sandboxing.

Click OK to continue. Click the Close icon or the Close button to close the dialog box. This feature is only available for URLs with a Malicious rating. The rescan job can be found in File Input > URL On-Demand page.

Pagination

Use the pagination options to browse entries displayed.

The following information is displayed by default:

Detection

The date and time that the file was detected by FortiSandbox.

URL

Displays the URL.

Rating

The URL rating. The rating can be one or more of the following: Clean, Low Risk, Medium Risk, High Risk, Malicious, or Unknown. Click the column header to sort the table by this column.

Submitted Filename

The submitted filename associated with the URL. Click the column header to sort the table by this column.

If the URL is from the body of an Email, and submitted by FortiMail, the Email's session ID is used as the Submitted Filename.

Submit User

The user that submitted the URL to be scanned. Click the column header to sort the table by this column.

Infected OS

The OS version of the FortiSandbox VM that was used to make the Suspicious verdict

Total Jobs

The number of jobs displayed and the total number of jobs.

The displayed columns are determined by settings defined in System > Job View Settings > URL Detection Columns page. Go to Job View Settings for more information.

URL Scan Search

To view all URL scan jobs and search URLs, go to FortiView > URL Scan Search. You can apply search filters to drill down the information displayed. URLs can be searched based on different criteria, and a snapshot report can be created for all search results.

If the device is the Master node of a cluster, all jobs processed by the cluster are available to be searched. If the device is a Slave node of a cluster, only jobs processed by this device are available to be searched.

The following options are available:

Refresh

Click the refresh icon to refresh the entries displayed after applying search filters.

Search Field

Enter the detection time frame and click to add additional search filters for Destination, Device, Infected OS Job ID, Job Status, Rated By, Rating, Scan Unit, Submit User, Submitted Filename and URL. When the search criteria is Submitted Filename, click the = sign to toggle between the exact and pattern search.

Time Period

Select a time period to apply to the search.

Export to Report

Select to open the Report Generator dialog box. Select to generate a PDF or CSV report. During generation, do not close the dialog box or navigate away from the page. You can wait till the report is ready to view, or navigate away and find the report later in Log & Report > Report Center page.

Customize

Click the Customize icon to customize the Job View settings page. Go to Job View Settings for more information.

Action

 

 

View Details

Click the View Details icon to view file information. The information displayed in the view details page is dependent on the file type and risk level.

 

FortiGuard Advanced Static Scan

The icon displays that the URL is rated by user's overridden verdict, or FortiGuard advanced static scan

 

Rescan Job

The icon displays that the job is a customized rescan job of a Malicious URL.

 

Video

Click on the Video button to play the video of the scan job. Scan videos are available in On Demand scans if user has the privilege.

 

Archive File

The icon displays that the URL is from a file from an On Demand scan

 

File Downloading URL

The icon displays that the URL is from a downloading URL, and its payload is also scanned as a file scan job.

 

Perform Rescan

Click the icon to rescan the entry. In the Rescan Configuration dialog box you can select to skip Static Scan, AV Scan, Cloud Query, and Sandboxing.

Click OK to continue. Click the Close icon or the Close button to close the dialog box. This feature is only available for URLs with a Malicious rating. The rescan job can be found in File Input > URL On-Demand page.

Pagination

Use the pagination options to browse entries displayed.

The following information is displayed by default:

Detection

The date and time that the file was detected by FortiSandbox.

URL

Displays the URL.

Rating

The URL rating. The rating can be one or more of the following: Clean, Low Risk, Medium Risk, High Risk, Malicious, or Unknown. Click the column header to sort the table by this column.

Submitted Filename

The submitted filename associated with the URL. Click the column header to sort the table by this column.

If the URL is from the body of an Email, and submitted by FortiMail, the Email's session ID is used as the Submitted Filename.

Submit User

The user that submitted the URL to be scanned. Click the column header to sort the table by this column.

Infected OS

The OS version of the FortiSandbox VM that was used to make the Suspicious verdict

Total Jobs

The number of jobs displayed and the total number of jobs.

The displayed columns are determined by settings defined in System > Job View Settings > URL Detection Columns page. Go to Job View Settings for more information.