Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSandbox 5.0.0 Administration Guide
    5.0.0
    5.0.0
    4.4.6
    4.4.5
    4.4.4
    4.4.3
    4.4.2
    4.4.1
    4.4.0
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.0.5
    4.0.4
    4.0.3
    4.0.2
    4.0.1
    4.0.0
    3.2.4
    3.2.3
    3.2.2
    3.2.1
    3.2.0
    3.1.5
    3.1.4
    3.1.3
    3.1.2
    3.1.1
    3.1.0
    3.0.7
    3.0.6

    Malware and URL Package Options

    Malware and URL Package Options

    The malware package options and URL package options allow you to configure how many days worth of data the malware and URL packages save and the malware ratings that are included in the packages.

    In a cluster environment, only the primary node generates malware packages and URL packages.

    You can also select to include files or URLs to packages during an On-Demand scan if their results meet package settings.

    Because of size limitations, the following limits are in effect:

    • Malware packages can have a maximum of 100K entries.
    • URL package can have a maximum of 1000 entries.

    The URL package contains downloaded URLs of detected malware.

    Local Malware Package Options

    Include past __ day(s) of data. (1-365 days)

    Enter the number of days. If the user changes the current days to a longer value, the unit will not go back to include historical data older than current days.

    Include the job data of the following ratings

    Malicious

    Include malware with malicious ratings.

    By default, only data with Malicious or High Risk rating will be included in the Malware Package.

    High Risk

    Include malware with high risk ratings and URLs sent by FortiMail devices of high risk ratings and whose scan depth is 0.

    Medium Risk

    Include malware with medium risk ratings and URLs sent by FortiMail devices of medium risk ratings and whose scan depth is 0.

    Local URL Package Option

    Include past __ day(s) of data. (1-365 days)

    Enter the number of days. If the user changes current days to a longer value, the unit will not go back to include historical data older than current days.

    Include the job data of the following ratings

    Malicious

    Include downloaded URLs of malware with malicious ratings.

    By default, only downloaded URLs of malware with a Malicious or High Risk rating will be included in the URL Package.

    High Risk

    Include downloaded URLs of malware with high risk ratings.

    Medium Risk

    Include downloaded URLs of malware with medium risk ratings.

    Enable STIX IOC

    Enable to generate STIX IOC packages.

    STIX Malware Package Options

    Include past __ day(s) of data. (1-365 days)

    Enter the number of days.

    Include the job data of the following ratings

    Malicious

    Include malware with malicious ratings.

    High Risk

    Include malware with high risk ratings.

    Medium Risk

    Include malware with medium risk ratings.

    Generate STIX file with behavior

    Include behavior information of each malware or suspicious URL.

    Download STIX

    Download most recently generated Malware STIX IOC package.

    STIX URL Package Options

    Include past __ day(s) of data. (1-365 days)

    Enter the number of days.

    Include the job data of the following ratings

    Malicious

    Include malware with malicious ratings.

    High Risk

    Include downloaded URLs of malware with high risk ratings and URLs sent by FortiMail devices of high risk ratings and whose scan depth is 0.

    Medium Risk

    Include downloaded URLs of malware with medium risk ratings and URLs sent by FortiMail devices of medium risk ratings and whose scan depth is 0.

    Download STIX

    Download most recently generated URL STIX IOC package.

    STIX/TAXII Integration

    API Root URL

    Enter the root URL for STIX/TAXII server.

    TAXII Username

    The username to access STIX/TAXII server

    TAXII Password

    The password for the user.

    Collection ID

    The collection setup on STIX/TAXII server.

    Include job data of the following ratings

    Malicious

    Include malware with malicious ratings.

    High Risk

    Include high risk ratings job.

    Medium Risk

    Include medium risk job.
    Note

    Malicious files directly rated by AV are not sent to external threat server since they do not have STIX format.
    Previous
    Next

    Malware and URL Package Options

    Malware and URL Package Options

    The malware package options and URL package options allow you to configure how many days worth of data the malware and URL packages save and the malware ratings that are included in the packages.

    In a cluster environment, only the primary node generates malware packages and URL packages.

    You can also select to include files or URLs to packages during an On-Demand scan if their results meet package settings.

    Because of size limitations, the following limits are in effect:

    • Malware packages can have a maximum of 100K entries.
    • URL package can have a maximum of 1000 entries.

    The URL package contains downloaded URLs of detected malware.

    Local Malware Package Options

    Include past __ day(s) of data. (1-365 days)

    Enter the number of days. If the user changes the current days to a longer value, the unit will not go back to include historical data older than current days.

    Include the job data of the following ratings

    Malicious

    Include malware with malicious ratings.

    By default, only data with Malicious or High Risk rating will be included in the Malware Package.

    High Risk

    Include malware with high risk ratings and URLs sent by FortiMail devices of high risk ratings and whose scan depth is 0.

    Medium Risk

    Include malware with medium risk ratings and URLs sent by FortiMail devices of medium risk ratings and whose scan depth is 0.

    Local URL Package Option

    Include past __ day(s) of data. (1-365 days)

    Enter the number of days. If the user changes current days to a longer value, the unit will not go back to include historical data older than current days.

    Include the job data of the following ratings

    Malicious

    Include downloaded URLs of malware with malicious ratings.

    By default, only downloaded URLs of malware with a Malicious or High Risk rating will be included in the URL Package.

    High Risk

    Include downloaded URLs of malware with high risk ratings.

    Medium Risk

    Include downloaded URLs of malware with medium risk ratings.

    Enable STIX IOC

    Enable to generate STIX IOC packages.

    STIX Malware Package Options

    Include past __ day(s) of data. (1-365 days)

    Enter the number of days.

    Include the job data of the following ratings

    Malicious

    Include malware with malicious ratings.

    High Risk

    Include malware with high risk ratings.

    Medium Risk

    Include malware with medium risk ratings.

    Generate STIX file with behavior

    Include behavior information of each malware or suspicious URL.

    Download STIX

    Download most recently generated Malware STIX IOC package.

    STIX URL Package Options

    Include past __ day(s) of data. (1-365 days)

    Enter the number of days.

    Include the job data of the following ratings

    Malicious

    Include malware with malicious ratings.

    High Risk

    Include downloaded URLs of malware with high risk ratings and URLs sent by FortiMail devices of high risk ratings and whose scan depth is 0.

    Medium Risk

    Include downloaded URLs of malware with medium risk ratings and URLs sent by FortiMail devices of medium risk ratings and whose scan depth is 0.

    Download STIX

    Download most recently generated URL STIX IOC package.

    STIX/TAXII Integration

    API Root URL

    Enter the root URL for STIX/TAXII server.

    TAXII Username

    The username to access STIX/TAXII server

    TAXII Password

    The password for the user.

    Collection ID

    The collection setup on STIX/TAXII server.

    Include job data of the following ratings

    Malicious

    Include malware with malicious ratings.

    High Risk

    Include high risk ratings job.

    Medium Risk

    Include medium risk job.
    Note

    Malicious files directly rated by AV are not sent to external threat server since they do not have STIX format.
    Previous
    Next