URL Scan Search
To view all URL scan jobs and search URLs, go to FortiView > URL Scan Search. You can apply search filters to drill down the information displayed. URLs can be searched based on different criteria, and a snapshot report can be created for all search results.
If the device is the primary (master) node of a cluster, all jobs processed by the cluster are available to be searched. If the device is a worker (slave) node of a cluster, only jobs processed by this device are available to be searched.
The following options are available:
|
Refresh |
Click the refresh icon to refresh the entries displayed after applying search filters. |
|
|
Search Field |
Enter the detection time frame and click to add additional search filters for Destination, Device, Infected OS Job ID, Job Status, Rated By, Rating, Scan Unit, Submit User, Submitted Filename and URL. When the search criteria is Submitted Filename, click the = sign to toggle between the exact and pattern search. |
|
|
Time Period |
Select a time period to apply to the search. |
|
|
Export to Report |
Select to open the Report Generator dialog box. Select to generate a PDF or CSV report. During generation, do not close the dialog box or navigate away from the page. You can wait till the report is ready to view, or navigate away and find the report later in Log & Report > Report Center page. |
|
|
Customize |
Click the Customize icon to customize the Job View settings page. Go to Job View Settings for more information. |
|
|
Action |
|
|
|
|
View Details |
Click the View Details icon to view file information. The information displayed in the view details page is dependent on the file type and risk level. |
|
|
FortiGuard Advanced Static Scan |
The icon displays that the URL is rated by user's overridden verdict, or FortiGuard advanced static scan |
|
|
Rescan Job |
The icon displays that the job is a customized rescan job of a Malicious URL. |
|
|
Video |
Click on the Video button to play the video of the scan job. Scan videos are available in On Demand scans if user has the privilege. |
|
|
Archive File |
The icon displays that the URL is from a file from an On Demand scan |
|
|
File Downloading URL |
The icon displays that the URL is from a downloading URL, and its payload is also scanned as a file scan job. |
|
|
Perform Rescan |
Click the icon to rescan the suspicious or malicious entry except suspicious files rated by the VM. In the Rescan Configuration dialog box, you can customize the new scan's depth and timeout value. You can also force the URL to do Sandboxing scan even if was detected in former steps of the allowlist/blocklist (white/black list) check or stopped from entering VM by a Sandboxing-prefilter setting. Click OK to continue. The rescan job is in File Input > URL On-Demand. |
|
Pagination |
Use the pagination options to browse entries displayed. |
|
The following information is displayed by default:
|
Detection |
The date and time that the file was detected by FortiSandbox. |
|
URL |
Displays the URL. |
|
Rating |
The URL rating. The rating can be one or more of the following: Clean, Low Risk, Medium Risk, High Risk, Malicious, or Unknown. Click the column header to sort the table by this column. |
|
Submitted Filename |
The submitted filename associated with the URL. Click the column header to sort the table by this column. If the URL is from the body of an Email, and submitted by FortiMail, the Email's session ID is used as the Submitted Filename. |
|
Submit User |
The user that submitted the URL to be scanned. Click the column header to sort the table by this column. |
|
Infected OS |
The OS version of the FortiSandbox VM that was used to make the Suspicious verdict |
|
Total Jobs |
The number of jobs displayed and the total number of jobs. |
The displayed columns are determined by settings defined in System > Job View Settings > URL Detection Columns page. Go to Job View Settings for more information.