URL On-Demand
URL On-Demand allows you to upload a plain-text file containing a list of URLs, or an individual URL directly to your FortiSandbox device. Upon upload, the URLs inside the file, or the individual URL, is inspected. The Depth to which the URL is examined as well as the length of time that the URL is scanned can be set. You can then view the results and decide whether or not to allow access to the URL.
To view On-Demand URLs and submit URLs to scan, go to Scan Job > URL On-Demand. You can drill down the information displayed and apply search filters.
The following options are available:
|
Submit URL |
Click the button to submit a file containing a list of scanned URLs, or submit an individual URL. |
|
Show Rescan Job |
Jobs generated from a customized rescan of a URL can be shown/hidden by this option. |
|
Refresh |
Click the Refresh icon to refresh the entries displayed after applying search filters. |
|
Search |
Show the search filter field. |
|
Add Search Filter |
|
|
Export Data |
Click the Export Data button to create a PDF or CSV snapshot report. The time period of included jobs in the report depends on the selection of Time Period filter. You can wait until the report is ready to view, or navigate away and find the report later in Log & Report > Report Center. |
|
View Jobs |
Click a row in the table to activate the View Details button to view the scan job(s) associated with the entry. Click the Back button to return to the on-demand page. |
|
Configure Table |
Hover over table header to activate the Configure Table icon
|
. Click the icon to create a filter. The options will vary depending on the column. 
. Click the icon to access the following options:This page displays the following information:
|
Submission Time |
The date and time that the URL file or individual URL was submitted to FortiSandbox. Use the column filter to sort the entries in ascending or descending order. |
|
Submitted Filename |
The submitted URL file name. If the scan is about an individual URL, the name is |
|
Submitted By |
The name of the administrator that submitted the file scan. |
|
Rating |
Hover over the icon in this column to view the rating. The rating can be one or more of the following: Clean, Low Risk, Medium Risk, High Risk, Malicious, or Other. During the URL scan, the rating is displayed as N/A. If a scan times out or is terminated by the system, the file will have an Other rating. |
|
Status |
The scan status can be Queued, In-Process, or Done. |
|
URL Count |
The number of URLs associated with the submission when the scan is done. When the scan is In-Progress, it shows (finished scan)/(total URLs of this submission). |
|
Comments |
The comments a user entered when submitting the file scan. |
To view the scan job(s) associated with the entry:
- Select an entry in the table then click the View Details button to view the specific URLs that were scanned. The following options and information are displayed:
Back
Click the Back button to return to the On-Demand page.
Search
Show the search filter field.
Refresh
Click the Refresh icon to refresh the entries displayed after applying search filters.
Add Search Filter
Click
to add search filters. Click 
at the right side of the search filter to remove the filter. You can also directly type a partial file name to search all files that contain the specified name.Hover over the column heading to activate the filter icon to filter the column.
Click the Close to clear all search filters.
View Job Detail
Select a record in the page to activate the View Job Details icon below the row. Click the icon to view file job detail information.
Perform Rescan
You can rescan malicious or suspicious jobs if it was not rated by Dynamic Scan.
In the rescanned job detail, you can click the original job ID to view the original file details.
Scan Video
A video icon is displayed when Record scan process in video is selected at the time the scan is submitted. Click the icon to select one VM type in which the scan is performed and recorded. Select the VM type to play the video or save it to a local hard disk.
The columns displayed are determined by settings defined in System > Job View Settings > URL Detection Columns. For more information, seeJob View Settings .
- Click the View Job Detail icon to view file details. The View Job Detail page will open a new tab. For information on the View Job Detail page, see Appendix B- Job Details page reference.
- Close the tab to exit the View Job Detail page.
To submit a file containing a list of URLs or an individual URL to FortiSandbox:
- Click the Submit URL button from the toolbar. The Submit New URL window opens.
- Enter the following information:
Depth
Enter the Recursive Depth in which URLs are examined. The original URL is considered level
0. A depth of1will open all links on the original URL page and crawl into them. The default value is define in the Scan Policy and Object > Scan Profile page.Timeout
Enter the Timeout Value. The Timeout Value controls how long the device will scan the URL. If the network bandwidth is low, the timeout value should be larger to accommodate higher depth values. The default value is defined in the Scan Policy and Object > Scan Profile page.
Direct URL
To scan only a single URL, check the Direct URL checkbox. Enter the URL in the Enter a URL field.
Select a File
Click the Browse button and locate the plain-text file on your management computer. The maximum number of URLs in this file is determined Maximum URL Value in Scan Policy and Object > Scan Profile > Advanced tab > URL content limit.
Comments
You can choose to enter optional comments for future reference.
Advanced Options
Toggle on to display the Dynamic Scan options. You have the option of following the Scan Profile settings or specifying the VMs.
Dynamic Scan options:
Force to scan Enable this option to view the Allow Interaction settings Allow Interaction Enable this option to interact with the Windows VM. For more information, see To use the Allow Interaction Feature:. Follow VM Association settings in Scan Profile The URL will be sent to its associated VMs for the WEBLink defined in the Scan Profile. Enabled VM means its clone number is larger than 0.
Note: To use WindowsCloud VM, you need to purchase the subscription service. URL will be sent to Fortinet Sandboxing cloud to scan.
Force to scan inside the following VMs A VM type must be selected. The Scan Profile settings will be overridden and the URL will only be scanned in selected VM types. If the VM images are not ready, the VM list will not be displayed. Record a video Select to enable video recording. After the scan is finished, a video icon will show in the second level detail page. Click the icon to trigger a download or play the video. Add to URL Package Select to add the sample to malware package, if the result meets settings in Package Options Submit multiple files
Enable to submit multiple files. The pop-up window will not close after submission.
- Click Submit.
To use the Allow Interaction Feature:
- Go to Scan Job > URL On-Demand and click Submit URL from the toolbar.
- In the Submit New URL window, check the Allow Interaction checkbox.
When selected, only one VM can be specified. - Click Submit.
- Go to the Scan Job > VM Jobs page. The job will be launched when a clone of a selected VM is available.
To interact with the Windows VM:
- Click the Interaction icon to use web based VNC client.
- Click Yes in the Do you want to start the scan? popup, the scan will start and the question becomes Do you want to stop the scan?
Click Yes to stop the scan and VNC session will be closed. Go back to On-Demand page to check the scan result.
|
You have 30 minutes to finish the interaction. After that, the VNC session will be closed automatically. The VNC remains active when you close the browser before the end of the 30 minutes. The VM resources are kept until they are cleaned up. |
|
|
VM Interaction and Scan video recording features are only available to users whose admin profile has Allow On-Demand Scan Interaction enabled. |