Cloud Storage
FortiSandbox can scan files stored on cloud, and currently supports AWS S3, Azure File Share, Azure Blob Storage, Google Cloud Storage and MS One Drive. Go to Security Fabric > Network Share to view and configure cloud storage access information.
Cloud Storage scans can be scheduled or run on-demand, and connectivity to the cloud storage can be tested.
The following options are available:
Create New |
Click to create a new cloud storage connection. |
Edit |
Select an entry from the list and then click Edit in the toolbar to edit the entry selected. |
Delete |
Select an entry from the list and then click Delete in the toolbar to remove the entry selected. |
Scan Now |
Select an entry from the list and then click Scan Now in the toolbar to schedule an immediate scan for the selected entry. |
Scan Details |
Select an entry from the list and then click Scan Details in the toolbar to view the scheduled scan entries. |
Test Connection |
Test the selected entry's connection. The result is displayed in the banner at the bottom right corner. |
The following information is displayed:
Name |
The name of the cloud storage. |
Scan Scheduled |
The scan scheduled status. Scheduled network scans are done in parallel. |
Type |
The mount type. |
Share Path |
The cloud storage access URI. |
Quarantine |
Displays if quarantine is enabled. |
Enabled |
Displays if the cloud storage scan is enabled. If a cloud storage scan is disabled, its scheduled scan will not be executed. |
Status |
Displays the cloud storage connection status. Click Test Connection to show the connection status (AWS S3, Azure Blob Storage, Google Cloud Storage, MS One Drive and SFTP). |
To create a new cloud storage scan:
- Go to Security Fabric > Network Share.
- Click the Create New button from the toolbar.
- Configure the following options:
Enabled
Select to enable network share configuration. If network share is not enabled, its scheduled scan will not run.
Network Share Name
Enter the network share name.
Mount Type
Select the mount type from the dropdown list. Depending on the type selected, you will be asked for different information required to access your cloud storage.
The following options are for cloud storage:
Scan Files Of Specified Pattern
Select to include or exclude files which match a file name pattern.
File Name Pattern
Enter the file name pattern.
Scan Job Priority
When multiple network share scans run at the same time, the higher priority scans will get more scan power compared to those having lower priority. The priority can be set to High, Medium (default), or Low.
Keep A Copy Of Original File On FortiSandbox
Select to keep a copy of the original file on FortiSandbox.
Skip Sandboxing for the same unchanged files
Select to skip Sandboxing scan on existing files (if applicable) and only Sandboxing scan new files. Existing files will only be scanned by Antivirus engine and Community Cloud query. This is to improve scan speed.
Enable Quarantine of Malicious Files
Select to enable quarantine then select the quarantine location from the dropdown list. Files with a Malicious rating will be quarantined in the quarantine location.
Quarantined file is placed inside a folder with the name of the Job ID. Inside the folder each quarantined file is renamed with the corresponding Job ID for that particular file and a meta file with more information.
Enable Quarantine of Suspicious - High Risk Files
Select to enable quarantine of Suspicious High Risk files, then select the quarantine location from the dropdown list. Files with a High Risk rating will be quarantined in the quarantine location.
Quarantined file is placed inside a folder with the name of the Job ID. Inside the folder each quarantined file is renamed with the corresponding Job ID for that particular file and a meta file with more information.
Enable Quarantine of Suspicious - Medium Risk Files
Select to enable quarantine of Suspicious Medium Risk files, then select the quarantine location from the dropdown list. Files with a Medium Risk rating will be quarantined in the quarantine location.
Quarantined file is placed inside a folder with the name of the Job ID. Inside the folder each quarantined file is renamed with the corresponding Job ID for that particular file and a meta file with more information.
Enable Quarantine of Suspicious - Low Risk Files
Select to enable quarantine of Suspicious Low Risk files, then select the quarantine location from the dropdown list. Files with a Low Risk rating will be quarantined in the quarantine location.
Quarantined file is placed inside a folder with the name of the Job ID. Inside the folder each quarantined file is renamed with the corresponding Job ID for that particular file and a meta file with more information.
Enable Quarantine of Other rating files
Select to enable quarantine of Other Rating files, then select the quarantine location from the dropdown list. Files with a Other rating , which means the scan was not completed for some reason, will be quarantined in the quarantine location.
Quarantined file is placed inside a folder with the name of the Job ID. Inside the folder each quarantined file is renamed with the corresponding Job ID for that particular file and a meta file with more information.
Enable moving clean files to a sanitized location
Select to move Clean rating files to another location. By default, a new folder is created for each scheduled scan job in the sanitized location and all clean files are copied under it with the original folder structure. To save storage size, the user can un-check Keep a complete copy of clean files for every scheduled scan, then files of the same path will have only one copy saved in the sanitized location.
Enable Scheduled Scan
Select to enable scheduled scan. Select the schedule type from the dropdown list. Select the minute or hour from the second dropdown list.
Description
Enter an optional description for the network share entry.
When a file is moved, to leave a copy in its original location, go to the Quarantine edit page to enable Leave a File At Source Location and select A Copy of Original File.
- Select OK to save the entry.
To run a network share scan immediately:
- Go to Security Fabric > Network Share.
- Select a share.
- Click the Scan Now button to run the scan immediately.
To test network share connectivity:
- Go to Security Fabric > Network Share.
- Select a share.
- Click Test Connection to test connectivity with the network share.