Fortinet white logo
Fortinet white logo

Administration Guide

Malware and URL Package Options

Malware and URL Package Options

The malware package options allow you to configure how many days worth of data the malware packages save and the malware ratings that are included in the packages.

In a cluster environment, only the primary (master) node generates malware packages and URL packages.

The URL package contains downloaded URLs of detected malware.

Local Malware Package Options

Include past __ day(s) of data. (1-365 days)

Enter the number of days. If the user changes the current days to a longer value, the unit will not go back to include historical data older than current days.

Include the job data of the following ratings

Malicious

Include malware with malicious ratings.

By default, only data with Malicious or High Risk rating will be included in the Malware Package.

High Risk

Include malware with high risk ratings and URLs sent by FortiMail devices of high risk ratings and whose scan depth is 0.

Medium Risk

Include malware with medium risk ratings and URLs sent by FortiMail devices of medium risk ratings and whose scan depth is 0.

Local URL Package Option

Include past __ day(s) of data. (1-365 days)

Enter the number of days. If the user changes current days to a longer value, the unit will not go back to include historical data older than current days.

Include the job data of the following ratings

Malicious

Include downloaded URLs of malware with malicious ratings.

By default, only downloaded URLs of malware with a Malicious or High Risk rating will be included in the URL Package.

High Risk

Include downloaded URLs of malware with high risk ratings.

Medium Risk

Include downloaded URLs of malware with medium risk ratings.

Enable STIX IOC

Enable to generate STIX IOC packages.

STIX Malware Package Options

Include past __ day(s) of data. (1-365 days)

Enter the number of days.

Include the job data of the following ratings

Malicious

Include malware with malicious ratings.

High Risk

Include malware with high risk ratings.

Medium Risk

Include malware with medium risk ratings.

Generate STIX file with behaviour

Include behavior information of each malware or suspicious URL.

Download STIX

Download most recently generated Malware STIX IOC package.

STIX URL Package Options

Include past __ day(s) of data. (1-365 days)

Enter the number of days.

Include the job data of the following ratings

Malicious

Include malware with malicious ratings.

High Risk

Include downloaded URLs of malware with high risk ratings and URLs sent by FortiMail devices of high risk ratings and whose scan depth is 0.

Medium Risk

Include downloaded URLs of malware with medium risk ratings and URLs sent by FortiMail devices of medium risk ratings and whose scan depth is 0.

Download STIX

Download most recently generated URL STIX IOC package.

Users can also select to include files or URLs to packages during an On Demand scan if their results meet package settings.

Because of size limitations, malware packages can only have a maximum of 100K entries.

Because of size limitations, URL package can only have a maximum of 1000 entries.

Malware and URL Package Options

Malware and URL Package Options

The malware package options allow you to configure how many days worth of data the malware packages save and the malware ratings that are included in the packages.

In a cluster environment, only the primary (master) node generates malware packages and URL packages.

The URL package contains downloaded URLs of detected malware.

Local Malware Package Options

Include past __ day(s) of data. (1-365 days)

Enter the number of days. If the user changes the current days to a longer value, the unit will not go back to include historical data older than current days.

Include the job data of the following ratings

Malicious

Include malware with malicious ratings.

By default, only data with Malicious or High Risk rating will be included in the Malware Package.

High Risk

Include malware with high risk ratings and URLs sent by FortiMail devices of high risk ratings and whose scan depth is 0.

Medium Risk

Include malware with medium risk ratings and URLs sent by FortiMail devices of medium risk ratings and whose scan depth is 0.

Local URL Package Option

Include past __ day(s) of data. (1-365 days)

Enter the number of days. If the user changes current days to a longer value, the unit will not go back to include historical data older than current days.

Include the job data of the following ratings

Malicious

Include downloaded URLs of malware with malicious ratings.

By default, only downloaded URLs of malware with a Malicious or High Risk rating will be included in the URL Package.

High Risk

Include downloaded URLs of malware with high risk ratings.

Medium Risk

Include downloaded URLs of malware with medium risk ratings.

Enable STIX IOC

Enable to generate STIX IOC packages.

STIX Malware Package Options

Include past __ day(s) of data. (1-365 days)

Enter the number of days.

Include the job data of the following ratings

Malicious

Include malware with malicious ratings.

High Risk

Include malware with high risk ratings.

Medium Risk

Include malware with medium risk ratings.

Generate STIX file with behaviour

Include behavior information of each malware or suspicious URL.

Download STIX

Download most recently generated Malware STIX IOC package.

STIX URL Package Options

Include past __ day(s) of data. (1-365 days)

Enter the number of days.

Include the job data of the following ratings

Malicious

Include malware with malicious ratings.

High Risk

Include downloaded URLs of malware with high risk ratings and URLs sent by FortiMail devices of high risk ratings and whose scan depth is 0.

Medium Risk

Include downloaded URLs of malware with medium risk ratings and URLs sent by FortiMail devices of medium risk ratings and whose scan depth is 0.

Download STIX

Download most recently generated URL STIX IOC package.

Users can also select to include files or URLs to packages during an On Demand scan if their results meet package settings.

Because of size limitations, malware packages can only have a maximum of 100K entries.

Because of size limitations, URL package can only have a maximum of 1000 entries.