Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSandbox 4.0.2 Administration Guide
    4.0.2
    5.0.0
    4.4.6
    4.4.5
    4.4.4
    4.4.3
    4.4.2
    4.4.1
    4.4.0
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.0.5
    4.0.4
    4.0.3
    4.0.2
    4.0.1
    4.0.0
    3.2.4
    3.2.3
    3.2.2
    3.2.1
    3.2.0
    3.1.5
    3.1.4
    3.1.3
    3.1.2
    3.1.1
    3.1.0
    3.0.7
    3.0.6

    Operation Center

    Operation Center

    Use this page to view malware that has been detected and its status from a security update perspective. This page displays severity levels, victim IP addresses, incident time, threat, and current action status.

    When a dynamic signature is sent back to FortiGate, FortiMail, or FortiClient, check the status information that it has been done.

    When a new antivirus update is received, FortiSandbox rechecks all samples not covered by the standard antivirus package and update its status. Malware detected by FortiSandbox before an antivirus signature is available is marked as Zero-day.

    The following options are available:

    Refresh

    Refresh the entries after applying search filters.

    Search

    Show or hide the search filter field.

    Time Period

    Select the time period from the dropdown list. Select one of the following: 24 Hours, 7 Days, or 4 Weeks.

    Clear all removable filters

    Click the trash can icon to clear all removable filters.

    Export to report

    Click Export to report to create a PDF or CSV snapshot report. The time to generate the report depends on the number of events. You can wait to view the report or find the report later in Log & Report > Report Center.

    Add Search Filter

    Click the search filter field to add search filters.

    Use search filters to define what to display in the GUI. For example, you can use a field like source IP address as the search criterion.

    View Job

    Show the job detail page.

    Number of Blocks

    After a malware's signature is added to a Malware package and downloaded by FortiGate, FortiGate can block subsequent occurrences. Hover the pointer over the icon to see the number of blocks of this Malware.

    In Cloud

    An icon appears if the malware is available in the FortiSandbox Community Cloud.

    In Signature

    An icon appears if the malware is included in the current FortiSandbox generated Malware Package.

    Perform Rescan

    Rescan the suspicious or malicious entry. In the Rescan Configuration dialog box, you can force the file to do Sandboxing scan even if was detected in former steps of Static Scan, AV Scan, Cloud Query, or stopped from entering VM by Sandboxing-prefilter setting.

    The rescan job is in Scan Job > File On-Demand.

    Archived File

    An icon appears if the file is an Archived File.

    Pagination

    Use pagination options to browse entries.

    This page displays the following information:

    Severity

    The severity rating of the malware, including:

    • Low Risk
    • Medium Risk
    • High Risk
    • Malicious

    If a file is detected by FortiSandbox first before an antivirus signature is available, the Severity level is Zero-day.

    Source

    IP address of the client that downloaded the malware. Use the column filter to sort the entries.

    Incident Time

    Date and time the file was received by FortiSandbox. Use the column filter to sort the entries.

    Threat Name

    Name of the virus. Use the column filter to sort the entries. If the virus name is not available, the malware's Severity is used as its Threat Name.

    Action

    Current action applied to the malware. Use this field to track responses to the incident, including:

    • Action Taken.
    • Ignore.
    • Action Required. The user can mark an action against a single job or to all jobs in the same file.
    To view file details:
    1. Select a file.
    2. Click the View Details icon to open a new tab.

      For descriptions of the View Details page, see Appendix A: Job Details page reference.

    Previous
    Next

    Operation Center

    Operation Center

    Use this page to view malware that has been detected and its status from a security update perspective. This page displays severity levels, victim IP addresses, incident time, threat, and current action status.

    When a dynamic signature is sent back to FortiGate, FortiMail, or FortiClient, check the status information that it has been done.

    When a new antivirus update is received, FortiSandbox rechecks all samples not covered by the standard antivirus package and update its status. Malware detected by FortiSandbox before an antivirus signature is available is marked as Zero-day.

    The following options are available:

    Refresh

    Refresh the entries after applying search filters.

    Search

    Show or hide the search filter field.

    Time Period

    Select the time period from the dropdown list. Select one of the following: 24 Hours, 7 Days, or 4 Weeks.

    Clear all removable filters

    Click the trash can icon to clear all removable filters.

    Export to report

    Click Export to report to create a PDF or CSV snapshot report. The time to generate the report depends on the number of events. You can wait to view the report or find the report later in Log & Report > Report Center.

    Add Search Filter

    Click the search filter field to add search filters.

    Use search filters to define what to display in the GUI. For example, you can use a field like source IP address as the search criterion.

    View Job

    Show the job detail page.

    Number of Blocks

    After a malware's signature is added to a Malware package and downloaded by FortiGate, FortiGate can block subsequent occurrences. Hover the pointer over the icon to see the number of blocks of this Malware.

    In Cloud

    An icon appears if the malware is available in the FortiSandbox Community Cloud.

    In Signature

    An icon appears if the malware is included in the current FortiSandbox generated Malware Package.

    Perform Rescan

    Rescan the suspicious or malicious entry. In the Rescan Configuration dialog box, you can force the file to do Sandboxing scan even if was detected in former steps of Static Scan, AV Scan, Cloud Query, or stopped from entering VM by Sandboxing-prefilter setting.

    The rescan job is in Scan Job > File On-Demand.

    Archived File

    An icon appears if the file is an Archived File.

    Pagination

    Use pagination options to browse entries.

    This page displays the following information:

    Severity

    The severity rating of the malware, including:

    • Low Risk
    • Medium Risk
    • High Risk
    • Malicious

    If a file is detected by FortiSandbox first before an antivirus signature is available, the Severity level is Zero-day.

    Source

    IP address of the client that downloaded the malware. Use the column filter to sort the entries.

    Incident Time

    Date and time the file was received by FortiSandbox. Use the column filter to sort the entries.

    Threat Name

    Name of the virus. Use the column filter to sort the entries. If the virus name is not available, the malware's Severity is used as its Threat Name.

    Action

    Current action applied to the malware. Use this field to track responses to the incident, including:

    • Action Taken.
    • Ignore.
    • Action Required. The user can mark an action against a single job or to all jobs in the same file.
    To view file details:
    1. Select a file.
    2. Click the View Details icon to open a new tab.

      For descriptions of the View Details page, see Appendix A: Job Details page reference.

    Previous
    Next