Adapter
FortiSandbox uses adapters to connect to third-party products such as Carbon Black/Bit9 server, ICAP, and mail gateway clients.
With an adapter, FortiSandbox can analyze files downloaded from the Carbon Black server to send notifications of file verdict back to the server, or receive HTTP messages from an ICAP client and return a response to it.
FortiSandbox supports mail adapters to receive forwarded emails from an upstream email gateway and scan them. FortiSandbox extracts email attachments and URLs in an email body and sends them to the job queue.
You can use the MTA adapter to inspect and quarantine suspicious emails. For more information, see MTA adapter and the FortiSandbox user guide in the AWS marketplace.
The BCC adapter is for information only, it does not block emails.
FortiSandbox creates the ICAP, BCC, and MTA adapters which cannot be deleted. They are disabled by default.
The following options are available:
Create New |
Create a new adapter. |
Edit |
Edit an adapter. |
Delete |
Delete an adapter. You cannot delete the ICAP, BCC, or MTA adapter. |
Test Connection |
If available, click this button to test the selected entry's connection. The banner at the top displays the result. |
This page displays the following information:
Adapter Name |
Adapter name. |
Vendor Name |
Vendor name. |
Serial |
Serial number. |
FQDN/IP |
FQDN/IP address. This field is empty for the ICAP, BCC, and MTA adapter. |
Malicious |
File and URL count of Malicious rating from this adapter in the last seven days. |
High |
File and URL count of High Risk rating from this adapter in the last seven days. |
Medium |
File and URL count of Medium Risk rating from this adapter in the last seven days. |
Low |
File and URL count of Low Risk rating from this adapter in the last seven days. |
Clean |
File and URL count of Clean rating from this adapter in the last seven days. |
Other |
File and URL count of Other rating from this adapter in the last seven days. |
To create an adapter:
- Go to Security Fabric > Adapter.
- Click the Create New button from the toolbar.
- Configure the following and click OK.
Vendor Name
Select Carbon Blaclk/Bit9.
Adapter Name
Enter the adapter name.
Server FQDN/IP
Enter the FQDN/IP address of the Carbon Black server.
Token
Enter the token string. Authentication token is assigned by the Carbon Black server.
Timeout (seconds)
Enter the timeout value.
Serial
Auto-generated serial number for this adapter. It works as a device serial number to denote file's input device.
After you create a Carbon Black adapter, FortiSandbox tries to communicate with the Carbon Black server. If the connection and authentication is successful, the status column shows a green icon, otherwise it shows a red icon.
To troubleshoot communication problems with an adapter, use this CLI command:
diagnose-debug [adapter_cb | adapter_icap | adapter_bcc | adapter_mta_relay | adapter_mta_mail]