Fortinet black logo

Administration Guide

FortiNDR

Copy Link
Copy Doc ID 4f5a6250-a945-11ec-9fd1-fa163e15d75b:152318
Download PDF

FortiNDR

FortiSandbox can use FortiNDR as one method to generate verdicts. If FortiNDR rates a file as clean, and all other methods gives that file a clean verdict, then FortiSandbox will not go into VM scan. If FortiNDR rates a file as malicious or high risk, then FortiSandbox will also rate it as malicious or high risk. For all other FortiNDR ratings, FortiSandbox follows the regular scan flow and give a final verdict after using all methods including VM scan.

Prerequisites
  • FortiNDR server is installed and licensed.
  • FortiNDR is higher than v1.5.0 build 0104.
  • You have the token from FortiNDR System > Administrator > Edit > API Key.
Caution

FortiNDR v1.5.0 -1.5.3 is named FortiAI. For more information, see the FortiAI product page in the Fortinet Document Library.

To configure FortiNDR as a verdict method:
  1. Go to Security Fabric > FortiNDR.
  2. Click Enable.

  3. Configure the following options.

    Server IP

    IP address of FortiNDR server.

    Token

    The token from FortiNDR System > Administrator > Edit > API Key.

    Rating Timeout (Seconds)

    The maximum time to wait for FortiNDR to give a verdict. If a file does not get a verdict from FortiNDR by this time, the file goes into normal scan flow.

    Uploading Timeout (Seconds)

    The maximum time to upload a file to FortiNDR. If a file does not upload to FortiNDR by this time, the file goes into normal scan flow.

    Maximum File Size (KB)

    The maximum file size to upload to FortiNDR. Oversize files are not sent to FortiNDR, they continue with regular scan flow.

  4. Go to Scan Policy and Object > Scan Profile > Pre-Filter.
  5. Enable FortiNDR entrust and click Apply.

FortiNDR

FortiSandbox can use FortiNDR as one method to generate verdicts. If FortiNDR rates a file as clean, and all other methods gives that file a clean verdict, then FortiSandbox will not go into VM scan. If FortiNDR rates a file as malicious or high risk, then FortiSandbox will also rate it as malicious or high risk. For all other FortiNDR ratings, FortiSandbox follows the regular scan flow and give a final verdict after using all methods including VM scan.

Prerequisites
  • FortiNDR server is installed and licensed.
  • FortiNDR is higher than v1.5.0 build 0104.
  • You have the token from FortiNDR System > Administrator > Edit > API Key.
Caution

FortiNDR v1.5.0 -1.5.3 is named FortiAI. For more information, see the FortiAI product page in the Fortinet Document Library.

To configure FortiNDR as a verdict method:
  1. Go to Security Fabric > FortiNDR.
  2. Click Enable.

  3. Configure the following options.

    Server IP

    IP address of FortiNDR server.

    Token

    The token from FortiNDR System > Administrator > Edit > API Key.

    Rating Timeout (Seconds)

    The maximum time to wait for FortiNDR to give a verdict. If a file does not get a verdict from FortiNDR by this time, the file goes into normal scan flow.

    Uploading Timeout (Seconds)

    The maximum time to upload a file to FortiNDR. If a file does not upload to FortiNDR by this time, the file goes into normal scan flow.

    Maximum File Size (KB)

    The maximum file size to upload to FortiNDR. Oversize files are not sent to FortiNDR, they continue with regular scan flow.

  4. Go to Scan Policy and Object > Scan Profile > Pre-Filter.
  5. Enable FortiNDR entrust and click Apply.