Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSandbox 3.1.4 Administration Guide
    3.1.4
    5.0.0
    4.4.6
    4.4.5
    4.4.4
    4.4.3
    4.4.2
    4.4.1
    4.4.0
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.0.5
    4.0.4
    4.0.3
    4.0.2
    4.0.1
    4.0.0
    3.2.4
    3.2.3
    3.2.2
    3.2.1
    3.2.0
    3.1.5
    3.1.4
    3.1.3
    3.1.2
    3.1.1
    3.1.0
    3.0.7
    3.0.6

    Network Alerts

    Network Alerts

    Network alerts show detected connection attempts to known botnets, attacks to hosts on your network, and harmful websites visited from your network.

    To view network alerts (Attacker, Botnet, and URL), go to Network Alerts. You can drill down the information displayed and apply search filters. You can select to create a PDF or CSV format snapshot report for specific types of network alert files. Search filters will be applied to the detailed report and will be displayed in the Filtering Criteria section.

    This page has the following options:

    Time Period

    Select the time period from the dropdown list. Select one of the following: 24 Hours, 7 Days, or 4 Weeks.

    You can select the time period to filter the information displayed in the GUI. This selection is also applied to exported data for the snapshot report.

    Alert Type

    Select Attacker, Botnet, or URL from the dropdown list. You can select the alert type to filter the information displayed in the GUI. This selection is also applied to exported data for the snapshot report.

    Attacker

    Shows attacks against hosts on your network. When selecting Attacker from the dropdown list, the following information is displayed:

    • Detected: The date and time that the attack was detected by FortiSandbox.
    • Backdoor: The name of the attack.
    • Source: The attacker’s IP address.
    • Destination: The attacked host IP address.

    All columns include a filter to allow you to sort the entries in ascending or descending order.

    Botnet

    Shows detected connections to knows botnets. When selecting Botnet from the dropdown list, the following information is displayed:

    • Detected: The date and time that the botnet contact was detected by FortiSandbox.
    • Name: The botnet name.
    • Source: The IP address of the infected host.
    • Destination: The botnet command and control IP address.

    The Detected, Name, and Source columns include a filter to allow you to sort the entries in ascending or descending order.

    URL

    Shows visited suspicious websites from your network. When selecting URL from the dropdown list, the following information is displayed:

    • Detected: The date and time that the malicious URL was visited.
    • Rating: The severity of the visiting activity.
    • Category: The URL’s web filtering category.
    • Host: The host IP address. The first level domain name of the URL.
    • URL: The visited URL address.
    • Type: The URL type, http or https
    • Source: The IP address of the host who visited the malicious URL.

    The Detected, Category, Hostname, URL, Type, and Source columns include a filter to allow you to sort the entries in ascending or descending order.

    Tooltip: Certain URL categories are set as Benign by default. To view and change, go to Scan Policy > URL Category.

    Export Data

    Select to create a PDF or CSV snapshot report. The time to generate the report is dependent on the number of events selected. You can wait till the report is ready to view, or navigate away and find the report later on the Log & Report > Report Center page.

    Refresh

    Click the icon to refresh the log message list.

    Search

    Show or hide the search filter field.

    Add Search Filter

    Click the search filter field to add search filters. Click the close icon in the search filter field to remove the search filter.

    Search filters can be used to filter the information displayed in the GUI.

    To create a snapshot report for all network alert files:
    1. Select a time period from the first dropdown list.
    2. Select Attacker, Botnet, or URL from the second dropdown list.
    3. Select to apply search filters to further drill down the information in the report.
    4. Click the Export Data button in the toolbar. The Report Generator window opens.
    5. Select either PDF or CSV for the report type.
    6. Click the Generate Report button to create the report.

      When the report generation is completed, select the Download button to save the file to your management computer.

    7. You can wait till the report is ready to view, or navigate away and find the report later on the Log & Report > Report Center page.
    Previous
    Next

    Network Alerts

    Network Alerts

    Network alerts show detected connection attempts to known botnets, attacks to hosts on your network, and harmful websites visited from your network.

    To view network alerts (Attacker, Botnet, and URL), go to Network Alerts. You can drill down the information displayed and apply search filters. You can select to create a PDF or CSV format snapshot report for specific types of network alert files. Search filters will be applied to the detailed report and will be displayed in the Filtering Criteria section.

    This page has the following options:

    Time Period

    Select the time period from the dropdown list. Select one of the following: 24 Hours, 7 Days, or 4 Weeks.

    You can select the time period to filter the information displayed in the GUI. This selection is also applied to exported data for the snapshot report.

    Alert Type

    Select Attacker, Botnet, or URL from the dropdown list. You can select the alert type to filter the information displayed in the GUI. This selection is also applied to exported data for the snapshot report.

    Attacker

    Shows attacks against hosts on your network. When selecting Attacker from the dropdown list, the following information is displayed:

    • Detected: The date and time that the attack was detected by FortiSandbox.
    • Backdoor: The name of the attack.
    • Source: The attacker’s IP address.
    • Destination: The attacked host IP address.

    All columns include a filter to allow you to sort the entries in ascending or descending order.

    Botnet

    Shows detected connections to knows botnets. When selecting Botnet from the dropdown list, the following information is displayed:

    • Detected: The date and time that the botnet contact was detected by FortiSandbox.
    • Name: The botnet name.
    • Source: The IP address of the infected host.
    • Destination: The botnet command and control IP address.

    The Detected, Name, and Source columns include a filter to allow you to sort the entries in ascending or descending order.

    URL

    Shows visited suspicious websites from your network. When selecting URL from the dropdown list, the following information is displayed:

    • Detected: The date and time that the malicious URL was visited.
    • Rating: The severity of the visiting activity.
    • Category: The URL’s web filtering category.
    • Host: The host IP address. The first level domain name of the URL.
    • URL: The visited URL address.
    • Type: The URL type, http or https
    • Source: The IP address of the host who visited the malicious URL.

    The Detected, Category, Hostname, URL, Type, and Source columns include a filter to allow you to sort the entries in ascending or descending order.

    Tooltip: Certain URL categories are set as Benign by default. To view and change, go to Scan Policy > URL Category.

    Export Data

    Select to create a PDF or CSV snapshot report. The time to generate the report is dependent on the number of events selected. You can wait till the report is ready to view, or navigate away and find the report later on the Log & Report > Report Center page.

    Refresh

    Click the icon to refresh the log message list.

    Search

    Show or hide the search filter field.

    Add Search Filter

    Click the search filter field to add search filters. Click the close icon in the search filter field to remove the search filter.

    Search filters can be used to filter the information displayed in the GUI.

    To create a snapshot report for all network alert files:
    1. Select a time period from the first dropdown list.
    2. Select Attacker, Botnet, or URL from the second dropdown list.
    3. Select to apply search filters to further drill down the information in the report.
    4. Click the Export Data button in the toolbar. The Report Generator window opens.
    5. Select either PDF or CSV for the report type.
    6. Click the Generate Report button to create the report.

      When the report generation is completed, select the Download button to save the file to your management computer.

    7. You can wait till the report is ready to view, or navigate away and find the report later on the Log & Report > Report Center page.
    Previous
    Next