Fortinet black logo

Administration Guide

Operation Center

Copy Link
Copy Doc ID 4f5a6250-a945-11ec-9fd1-fa163e15d75b:116165
Download PDF

Operation Center

Use this page to view malware that has been detected and its status from a security update perspective. This page displays severity levels, victim IP addresses, incident time, threat, and current action status.

When a dynamic signature is sent back to FortiGate, FortiMail, or FortiClient, check the status information that it has been done.

When a new antivirus update is received, FortiSandbox rechecks all samples not covered by the standard antivirus package and update its status. Malware detected by FortiSandbox before an antivirus signature is available is marked as Zero-day.

The following options are available:

Refresh

Refresh the entries after applying search filters.

Search

Show or hide the search filter field.

Time Period

Select the time period from the dropdown list. Select one of the following: 24 Hours, 7 Days, or 4 Weeks.

Clear all removable filters

Click the trash can icon to clear all removable filters.

Export to report

Click Export to report to create a PDF or CSV snapshot report. The time to generate the report depends on the number of events. You can wait to view the report or find the report later in Log & Report > Report Center.

Add Search Filter

Click the search filter field to add search filters.

Use search filters to define what to display in the GUI. For example, you can use a field like source IP address as the search criterion.

View Job

Show the job detail page.

Number of Blocks

After a malware's signature is added to a Malware package and downloaded by FortiGate, FortiGate can block subsequent occurrences. Hover the pointer over the icon to see the number of blocks of this Malware.

In Cloud

An icon appears if the malware is available in the FortiSandbox Community Cloud.

In Signature

An icon appears if the malware is included in the current FortiSandbox generated Malware Package.

Perform Rescan

Rescan the suspicious or malicious entry. In the Rescan Configuration dialog box, you can force the file to do Sandboxing scan even if was detected in former steps of Static Scan, AV Scan, Cloud Query, or stopped from entering VM by Sandboxing-prefilter setting.

The rescan job is in Scan Job > File On-Demand.

Archived File

An icon appears if the file is an Archived File.

Pagination

Use pagination options to browse entries.

This page displays the following information:

Severity

The severity rating of the malware, including:

  • Low Risk
  • Medium Risk
  • High Risk
  • Malicious

If a file is detected by FortiSandbox first before an antivirus signature is available, the Severity level is Zero-day.

Source

IP address of the client that downloaded the malware. Use the column filter to sort the entries.

Incident Time

Date and time the file was received by FortiSandbox. Use the column filter to sort the entries.

Threat Name

Name of the virus. Use the column filter to sort the entries. If the virus name is not available, the malware's Severity is used as its Threat Name.

Action

Current action applied to the malware. Use this field to track responses to the incident, including:

  • Action Taken.
  • Ignore.
  • Action Required. The user can mark an action against a single job or to all jobs in the same file.
To view file details:
  1. Select a file.
  2. Click the View Details icon to open a new tab.

    For descriptions of the View Details page, see Appendix A: Job Details page reference.

Operation Center

Use this page to view malware that has been detected and its status from a security update perspective. This page displays severity levels, victim IP addresses, incident time, threat, and current action status.

When a dynamic signature is sent back to FortiGate, FortiMail, or FortiClient, check the status information that it has been done.

When a new antivirus update is received, FortiSandbox rechecks all samples not covered by the standard antivirus package and update its status. Malware detected by FortiSandbox before an antivirus signature is available is marked as Zero-day.

The following options are available:

Refresh

Refresh the entries after applying search filters.

Search

Show or hide the search filter field.

Time Period

Select the time period from the dropdown list. Select one of the following: 24 Hours, 7 Days, or 4 Weeks.

Clear all removable filters

Click the trash can icon to clear all removable filters.

Export to report

Click Export to report to create a PDF or CSV snapshot report. The time to generate the report depends on the number of events. You can wait to view the report or find the report later in Log & Report > Report Center.

Add Search Filter

Click the search filter field to add search filters.

Use search filters to define what to display in the GUI. For example, you can use a field like source IP address as the search criterion.

View Job

Show the job detail page.

Number of Blocks

After a malware's signature is added to a Malware package and downloaded by FortiGate, FortiGate can block subsequent occurrences. Hover the pointer over the icon to see the number of blocks of this Malware.

In Cloud

An icon appears if the malware is available in the FortiSandbox Community Cloud.

In Signature

An icon appears if the malware is included in the current FortiSandbox generated Malware Package.

Perform Rescan

Rescan the suspicious or malicious entry. In the Rescan Configuration dialog box, you can force the file to do Sandboxing scan even if was detected in former steps of Static Scan, AV Scan, Cloud Query, or stopped from entering VM by Sandboxing-prefilter setting.

The rescan job is in Scan Job > File On-Demand.

Archived File

An icon appears if the file is an Archived File.

Pagination

Use pagination options to browse entries.

This page displays the following information:

Severity

The severity rating of the malware, including:

  • Low Risk
  • Medium Risk
  • High Risk
  • Malicious

If a file is detected by FortiSandbox first before an antivirus signature is available, the Severity level is Zero-day.

Source

IP address of the client that downloaded the malware. Use the column filter to sort the entries.

Incident Time

Date and time the file was received by FortiSandbox. Use the column filter to sort the entries.

Threat Name

Name of the virus. Use the column filter to sort the entries. If the virus name is not available, the malware's Severity is used as its Threat Name.

Action

Current action applied to the malware. Use this field to track responses to the incident, including:

  • Action Taken.
  • Ignore.
  • Action Required. The user can mark an action against a single job or to all jobs in the same file.
To view file details:
  1. Select a file.
  2. Click the View Details icon to open a new tab.

    For descriptions of the View Details page, see Appendix A: Job Details page reference.